Onboarding : Application Resilience

Key concepts

  • Application Gateway
  • Azure Load balancer
  • Availability Set
    • logical grouping for isolating VM resources from each other (run across multiple physical servers, racks,m storage units, and network switch)
    • For building reliable cloud solutions
  • Availability Zone
    • Groups of datacenters that have independent power, cooling, and networking
    • VMs in availability zone are placed in different physical locations within the same region
    • It doesn’t support all VM sizes
    • It’s available in all regions
A diagram that shows an overview of availability sets in Azure
Availability Set [Source]
A diagram that shows an overview of availability zones in Azure
Availability Zone [Source]
  • Traffic Manager: provides DNS load balancing to your application, so you improve your ability to distribute your application around the world. Use Traffic Manager to improve the performance and availability of your application.

Gateway vs. Traffic Manager: Traffic manager only directs the clients to the ip address of the service that they want to go to and Traffic Manager cannot see the traffic. But Gateway see the traffic.

Load balancing the web service with application gateway

Improve application resilience by distributing load across multiple servers and use path-based routing to direct web traffic.

  • Application gateway works based no Layer 7

Scenario: you work for the motor vehicle department of a governmental organization. The department runs several public web sites that enable drivers to register their vehicles and renew their drivers license online. The vehicle registration web site has been running on a single server and has suffered multiple outages because of server failures.

Load balancing with Azure Load Balancer

  • Azure load balancer for resilient applications against failur and for easily scaling
  • Azure load balancer works in layer 4
  • LB spreads/distributes requests to multiple Vms and services (user get service even when a vm is failed) automatically
  • LB provide high availability
  • LB uses Hash-based distribution algorithm (5-tuple)
  • 5-tuple hash map traffic to available services (Source IP, Source Port, Destination IP, Destination Port, Protocol Type)
  • supports inbound, outbound scenario
  • Low latency, high troughput, scale up to millions of flows for all TCP and UDP applications
  • Isn’t physical instances but only an object for configuring infrastructure
  • For high availability we can use LB with availability set (protect for hardware failure) and availability zones (for datacenter failure)

Scenario: You work for a healthcare organization that’s launching a new portal application in which patients can schedule appointments. The application has a patient portal and web application front end and a business tier database. The database is used by the front end to retrieve and save patient information.
The new portal needs to be available around the clock to handle failures. The portal must adjust to fluctuations in load by adding and removing resources to match the load. The organization needs a solution that distributes work to virtual machines across the system as virtual machines are added. The solution should detect failures and reroute jobs to virtual machines as needed. Improved resiliency and scalability helps ensure that patients can schedule appointments from any location [Source].

Load Balancer SKU
  • Basic Load Balancer
    • Port forwarding
    • Automatic reconfiguration
    • Health Probe
    • Outbound connections through source network address translation (SNAT)
    • Diagnostics through Azure log analytics for public-facing load balancers
    • Can be used only with availability set
  • Standard Load Balancer
    • Supports all the basic LB features
    • Https health probe
    • Availability zone
    • Diagnostics through azure monitor, for multidimentional metrics
    • High availability (HA) ports
    • outbound rules
    • guaranteed SLA (99,99% for two or more vms)
Load Balancer Types

Internal LB

  • distributes load from internal azure resources to other azure resources
  • no traffic from internet is allowed

External/Public LB

  • Distributes client traffic across multiple VMS.
  • Permites traffic from internet (browser, module app, other resources)
  • public LB maps the public IP and port of incoming traffic to the private IP address and port number of vm in back-end pool.
  • Distribute traffic is by applying the load balancing rule
Distribution modes
  • Lb distributes traffic equally among vms
  • distribution modes are for creating different behavior
  • When you create the load balancer endpoint, you must specify the distribution mode in load balancer rule
  • Prerequisites for load balancer rule
    • must have at least one backend
    • must have at least one health probe

Five tuple hash

  • default of LB
  • As the source port is included in hash and it can be changed for each session, the client might be directed to a different vm for each session.

source IP affinity

  • this distribution is known as session affinity / client IP affinity
  • to map traffic to server, 2-tuple hash is used (Source IP, Detination IP) or 3-tuple (Source IP, Detination IP, Protocol)
  • Hash ensure that requests from specific clients are always sent to the same VM.

Scenario: Remote Desktop Gateway is incompatible with 5-tuple hash

Scenario: for uploading media files this distribution must be used because for uploading a file the same TCP session is used to monitor the progress and a separate UDP session uploads the file.

Scenario: Requirement of the presentation tier is to use in-memory sessions to store the logged user’s profile as the user interacts with the portal. In this scenario, the load balancer must provide source IP affinity to maintain a user’s session. The profile is stored only on the virtual machine that the client first connects to because that IP address is directed to the same server.

Enhance service availability and data locality with Traffic Manager

Scenario:  a company that provides a global music streaming web application. You want your customers, wherever they are in the world, to experience near-zero downtime. The application needs to be responsive. You know that poor performance might drive your customers to your competitors. You’d also like to have customized experiences for customers who are in specific regions for user interface, legal, and operational reasons.
Your customers require 24×7 availability of your company’s streaming music application. Cloud services in one region might become unavailable because of technical issues, such as planned maintenance or scheduled security updates. In these scenarios, your company wants to have a failover endpoint so your customers can continue to access its services. 

  • traffic manager is a DNS-based traffic load balancer
  • Traffic Manager distributes traffic to different regions for high availability, resilience, and responsiveness
  • it resolves the DNS name of the service as an IP address (directs to service endpoint ip based on the rules of the traffic routing method)
  • it’s proxy or gateway
  • it doesn’t see the traffic that client sends to server
  • it only gives the client the ip address of where they need to go
  • it’s created only Global.
The location cannot be specified because it’s Global
Traffic Manager Profile’s routing methods
  • each profile has only one routing method
Weighted routing
  • distribute traffic across a set of endpoints, either evently or based on different weights
  • weights between 1 to 1000
  • for each DNS query received, traffic manager randomly chooses an available endpoint
  • probability of choosing an endpoint is based on the weights assigned to endpoints
Performance routing
  • with enspoints in different geographic locations, the best performance endpoint for the user is sent
  • it uses an internet latency table, which is actively track network latencies to the endpoints
Example of a setup where a client connects to Traffic Manager and their traffic is routed based on relative performance of three endpoints.
Geographic routing
  • based on where the DNS query originated, the specific endpoint of the region is sent to the user
  • it’s good for geo-fence content e.g. it’s good for contries with specific terms and conditions for regional compliance
Example of a setup where a client connects to Traffic Manager and their traffic is routed based on the geographic location of four endpoints.
Multivalue routing
  • to obtain multiple healty endpoints in a single DNS query
  • caller can make client-side retries if endpoint is unresponsive
  • it can increase availability of service and reduce latency associated with a new DNS query
Subnet routing
  • maps a set of user ip addresses to specific endpoints e.g. can be used for testing an app before release (internal test), or to block users from specific ISPs.
Priority routing
  • traffic manager profile contains a prioritized list of services
Example of a setup where a client connects to Traffic Manager and their traffic is routed based on the priority given to three endpoints.
Traffic Manager Profile’s endpoints
  • endpoint is the destination location that is returned to the client
  • Types are
    • Azure endpoints: for services hosted in azure
      • Azure App Service
      • public ip resources that are associated with load balancers, or vms
    • External endpoints
      • for ip v4/v6
      • FQDNs
      • services hosted outside azure either on-prem or other cloud
    • Nested endpoints: are used to combine Traffic Manager profiles to create more flexible traffic-routing schemes to support the needs of larger, more complex deployments.
Endpoints Types/Targets
  • Each traffic manager profile can have serveral endpoints with different types

Refer to Github for script files

Source: https://docs.microsoft.com/en-us/learn/modules/distribute-load-with-traffic-manager/


Resources

Published by parisamoosavinezhad

- Software Engineer - Software Architect - Software and database specialist - Cloud solution architect

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: