Azure Networking (FrontDoor)
Azure Frontdoor is designed to implement scalable and secure entry points for the fast delivery of global applications.
Azure FrontDoor is a family of technologies in-housing Delivery tools, monitoring tools, Connection tools, and Protection tools.
Connect
- VPC
- Virtual WAN
- Express Route
- VPN
- DNS
Protect
- DDos Protection
- Firewall
- Network Security Groups
- Web Application Firewall (WAF)
- Virtual Network Endpoints
Delivery
- CDN
- FrontDoor
- Traffic Manager
- Application Gateway
- Load Balancer
Monitor
- Network Watcher
- Express Route Monitor
- Azure Monitor
- Virtual Network
Azure Delivery Section
Here we are looking at the Azure Delivery section which helps us to get things delivered to the Customer level (app level).
CDN: CDN as in Content Delivery Network is used for the fast delivery of content.
Traffic Manager: Global DNS Load Balancer
Application Gateway: Application layer (layer 7) load balancer and also acts as a firewall.
Azure Load Balancer: Layer 4 (Transport layer) load balancer which helps in traffic distribution.
Traffic Management in Azure for HTTP and Non-HTTP can be done with Regional Point of Presence and Global Point of Presence.
HTTP traffic: Protocol that servers and delivers web content.
Non-HTTP traffic: Protocol that server EMAIL, DNS, File Exchange (FTP), and so on.
Traffic Kind
Global Point of Presence
Regional Point of Presence
HTTP(s) Traffic
Azure Front Door
Azure Application Gateway
Non HTTP(s) Traffic
Azure Traffic Manager
Azure Load Balancer
Front Door Setup
Step 1: To get started with Front Door, let’s create two virtual Machines in different regions under the same Resource Group. For the demo, I’m choosing the following configurations for VPS.
Region: UK-South, US-West
OS: Ubuntu
RAM/CPU: 1, 1 (Standard B1_s)
Allowed Inbound ports: HTTP, HTTPS, SSH
Disk Size: Default (30G)
User-Data:
#!/bin/bash
apt update -y
apt install -y nginx
systemctl start nginx
systemctl enable nginx
chkconfig nginx on
echo “<h1>I Says Hello From {RegionName}” > /var/www/html/index.html
Fig: VM 1 (UK-South)
Fig: Networking
Fig: Nginx Status inside VM
Figure: VM Host 1
Figure: VM 2 (US-West)
Figure: VM Host 2
Fig: Overall VPS Services
Step 2: Now, we want to take both of these VPS that are in UK-West and UK-South and make them run as a single global application, for this scope we will be using the front door.
Step 3: On the Resource Group, search for FrontDoor. First, we see here is to configure a Resource group, for us, this is already created and the location is pre-set to the East US region.
Step 3: Next we are asked to configure, the frontend, backend pools, and routing rules.
3.1. Frontend/Domains: Click on Add (+) icon on the top of the Frontend/Domain card. Here, we are turning on the Session affinity. This will create an initial connection and all the subsequent traffic will go back to the same backend. Next, hit ‘Add’ and continue.
3.2. Backend Pool: On the Backend pool, create Add (+) icon and enter the name for the hostname.
Next, we need to add the Backend Host Name, and click on “Add Backend.”
On the next screen, we are given options to choose the Backend Host type, here we are choosing the Public IP address because we already have applications running attached with Public IP addresses named- VM1 and VM2.
Choose VM-1 from the Backend hostname and leave the other default, click ‘Add’ and continue with the next Public IP attachment.
Next on the Backend pool, we are asked to configure Heath Probes, this will make sure the Backend of our application is healthy and running. For now, we are leaving this as default to (/) which indicates, that anything on our domain without any routing should give us a Healthy signal to our backend application.
Also, on the Protocol, we are choosing HTTP instead of HTTPS, cause we don’t have the certificate ready. On the probe method, we are using HEAD which is a bit simpler to GET as we don’t need to pass the body.
On the Load Balancer, 4 health check as default is fine for now.
Finally, click on “Add” and our Backend pool card is complete.
3.3 Routing Rules: On the routing rules card, click on Add (+) icon to create one.
Here, provide a routing rule name and select HTTP only. Our web applications are running in HTTP thus this is the accepted protocol for now.
Next, we have Frontend/Domains to configure, we can choose frontend domains, we are attaching the frontend app we created earlier in the 3.1 section.
On the Patterns to Match, we have a default rule set to root (/*) thus all of our traffic will be through this rule.
On the routing rules, we have routing details to set up. Here we have two options, we can either forward traffic to a certain backend pool or redirect to any available type (301, 302, 307, 308). Here we want our traffic to our backend application thus, choosing the one we created earlier to HTTP only. We could as well enable caching to our application, for now, Disabled is fine. Click on “Add” and continue to the next step.
Once the Routing rules configuration is completed, we now have this portion completed.
Step 4: Next, add tags to the Front Door configuration.
Step 5: Review the details and click on “Create.” During creation, we could as well download the template to reuse it again to configure a similar setup next time.
Once the process is completed, we could see the following in our Resource group. On the Location column, you could see UK South, US West and Global. The Global location is from our recent Back door configuration.
Step 6: Click on the Front Door service, you might get overwhelmed with the tools and integration that come with the Frontdoor, this has everything we need for monitoring, alerts, diagnostics, logs, designer, cache purge, firewall, and so on.
Result
The whole scope of the lab is content delivery, on my current location ‘Nepal,’ when I open the Front Door and provide a hostname, I’m redirected to the UK-South region cause the UK is nearer to Nepal (7k KM) approx than the US (12k KM) approx.
We can as well test this with VPN, I’ve set opera with VPN to America’s location, and I’m now routed to US West 3 region.
