0

what's a good native Azure service that I can use for Active/Passive load balancing on VM's with private endpoints? The application on these servers will cause issues if more than one node is active and we'd. The VM are in availability zones with connected via private endpoints only. We need connection to TCP ports so it's not just port 443 access.

Thank you

elasticSol
  • 164
  • 1
  • 18

1 Answers1

0

what's a good native Azure service that I can use for Active/Passive load balancing on VM's with private endpoints?

  1. if you are using Azure Traffic Manager then you need to remember one thing that Health Monitor feature is not available for Azure Traffic manager with private End Points

enter image description here

Understanding Traffic Manager probes

  • Traffic Manager considers an endpoint to be ONLINE only when the probe receives an HTTP 200 response back from the probe path. If you application returns any other HTTP response code you should add that response code to Expected status code ranges of your Traffic Manager profile.
  • A 30x redirect response is treated as failure unless you have specified this as a valid response code in Expected status code ranges of your Traffic Manager profile. Traffic Manager does not probe the redirection target.
  • For HTTPs probes, certificate errors are ignored.
  • The actual content of the probe path doesn't matter, as long as a 200 is returned. Probing a URL to some static content like "/favicon.ico" is a common technique. Dynamic content, like the ASP pages, may not always return 200, even when the application is healthy.
  • A best practice is to set the probe path to something that has enough logic to determine that the site is up or down. In the previous example, by setting the path to "/favicon.ico", you are only testing that w3wp.exe is responding. This probe may not indicate that your web application is healthy. A better option would be to set a path to a something such as "/Probe.aspx" that has logic to determine the health of the site. For example, you could use performance counters to CPU utilization or measure the number of failed requests. Or you could attempt to access database resources or session state to make sure that the web application is working.
  • If all endpoints in a profile are degraded, then Traffic Manager treats all endpoints as healthy and routes traffic to all endpoints. This behavior ensures that problems with the probing mechanism do not result in a complete outage of your service.
  • Else you can even use Azure Front door premium as it supports traffic routing to private link. by which you need to use application gateway/load balancer as backend private IP's and front door as the routing methods.
SaiSakethGuduru
  • 2,218
  • 1
  • 5
  • 15
  • Thanks for the information. We're using VM and not app service, which makes it more challenging. It doesn't seem that either front end nor traffic manager will handle connection to VMs. – elasticSol Jul 12 '22 at 16:17
  • as per this [SO](https://stackoverflow.com/a/42551432) and as per the [Traffic manager Image](https://i.imgur.com/h1WuRbZ.png) I guess traffic manager also works for VM and the other point is with LB private endpoints it's already raised for feature request you can upvote this [feedback section](https://feedback.azure.com/d365community/idea/6639d090-caf3-ec11-a81b-6045bd7ac9f9?q=active+passive), so it's available for future. – SaiSakethGuduru Jul 13 '22 at 02:19