How to setup Azure Traffic Manager to talk to Service Fabric Cluster

Question

I currently have the following setup for a Service Fabric Cluster that I am running. This is simplified for the sake of understanding:

What I am currently trying to do is set up an Azure Traffic Manager where the HTTPS requests will go through, and based on this persons geographic location, I will redirect them to the correspondent service fabric cluster. I currently have 3 SFC running in 3 different regions, so I am looking to leverage the traffic manager to redirect API calls to the correct IP address.

However, I am having trouble setting this up as I am running into client side errors as well as SSL/404 errors whenever I try to make an API request to the traffic manager dns.

Before, a simple get request would go like this:

https://myapp.eastus.cloudapp.azure.net/api/get/{parameters}

This call would either give a 200 success code, or a 401/403 unauthorized error code. This is based on if the caller has access to the correct certificate and is using its n the request.

What I want to do now is:

https://myapp.trafficmanager.net/api/get/{parameters}

and I want the same course of action to take place. However, I am unable to replicate that in my traffic manager.

What can I do in this situation? Is traffic manager feasible in this scenario?

Answer 1

What can I do in this situation? Is traffic manager feasible in this scenario?

As, you are trying to route your API’s HTTP request authenticated via SSL certificate to the respective person’s SFC deployed in different regions.

Yes, Traffic manager might be one service, You can leverage. But I’d prefer using Traffic manager in combination with Azure API management service or Application gateway to route to a particular HTTP request in the specific SFC’s in different regions.

I have deployed 2 SFC’s in different region:-

1) Application gateway + Traffic manager :-

Consider your SFC with https://myapp.eastus.cloudapp.azure.net/api/get/{parameters} as VM’s with different API’s like /images , /default etc. In regards to the below image.

Image reference:- azure-docs/traffic-manager-load-balancing-azure.md at main · MicrosoftDocs/azure-docs · GitHub

I’ll first add both the SFC’s IP or FQDN as a back end pools in the application gateway and assign path based routing to connect to the API’s.

I created 2 SFC’s 1 in South India Region and another one in Central India Region and assigned both the SFC’s IP or FQDN in the back end targets like below :-

SFC 1:-
IP and DNS of SFC1

Application Gateway :-

SFC2 :-
IP and DNS of SFC2 :-

Application Gateway :-

Add the routing rule for your HTTP Get and other API’s for application gateway to connect to your SFC like below:-

Listener on which the App gateway listens to :-
You need to configure default listener for one SFC to application gateway to listen to, this is just a setting, After assigning path based route to different paths of your API - /get, /list etc. the gateway will route traffic to the specified route.

Create different path based rules for both the targets :- SFC 1 and SFC 2 :-

You can also use Redirect URl to direct your traffic to SFCs

After these paths are added to both the SFC,

You can try using the Public IP of Application gateway as a Traffic
manager endpoint. This will change your route DNS to
tps://myapp.trafficmanager.net/api/get/{parameters}

So, the traffic manager DNS will reference the IP of the Application gateway and your API’s and you can be redirected to different API’s
Eg. If you browse :-ipofgateway>/get it will be routed to myapp.trafficmanager.net/get**

2) API Management Service:-

Image reference :-Integrate API Management with Service Fabric in Azure - Azure Service Fabric | Microsoft Learn

You can deploy your API management service in the same V-net as your SFC and try to route the HTTP request to the following SFC deployed in different regions.

Create API Management Service and add an Inbound Policy to connect your API’s from API management to your Service fabric backend

 
 {
 "inbound_policy":{
 
 "defaultValue": "<policies>\r\n <inbound>\r\n <base />\r\n <set-backend-service backend-id=\"servicefabric\" sf-service-instance-name=\"fabric:/ApiApplication/WebApiService\" sf-resolve-condition=\"@(context.LastError?.Reason == \"BackendConnectionFailure\")\" />\r\n </inbound>\r\n <backend>\r\n <base />\r\n </backend>\r\n <outbound>\r\n <base />\r\n </outbound>\r\n <on-error>\r\n <base />\r\n </on-error>\r\n</policies>",
 
 "type": "string"
 
 },

you can connect your client API’s to APIM service and then use above policy to route your traffic to Service fabric via APIM.

You can refer the ARM template from this github repo for more information :-
https://github.com/microsoft/service-fabric-scripts-and-templates/blob/master/templates/service-integration/apim.json

You can also utilize APIM Inbound policies to route traffic to back end service in specific regions: Refer below :-

APIM service :-

You can also create a custom routing in APIM with Traffic manager.
Your API> APIM > Traffic manager > SFC

Note If your API’s are not running on SFC’s but on another instances, You can connect your API’s via inbound policies to APIM and then use traffic manager to route the traffic to different regions.

Refer below:-

Create APIM policies to connect to your /get, /list, etc… API’s in SFC
Create your Traffic manager
Configure APIM regional endpoints connected to your API’s with the Traffic manager
Configure APIM Regional status endpoints in Traffic manager
Specify a route in the traffic manager to send traffic of API’s to different region endpoints of SFC.

Reference :-
Deploy Azure API Management instance to multiple Azure regions - Azure API Management | Microsoft Learn