Azure Global Load Balancing Comparison
Global load-balancing services distribute traffic across applications and endpoints hosted across different regions/geographies. These services route end-user traffic to the available backend based on configurable routing rules. They also feature endpoint monitoring in order to improve high availability and reliability of backend services. Azure offers two global load-balancing services: Azure Traffic Manager and Azure Front Door.
Traffic Manager is a DNS-based traffic load balancer that distributes traffic to services across global Azure regions. Being a DNS-based load-balancing service, it load balances only at the domain level. As such, it supports any communication protocol and has no performance impact.
Front Door is global load balancing service specifically designed for web applications. Therefore, it works at Layer 7 and offers many capabilities useful for web-based application (e.g SSL offloading, path-based routing, fast fail-over, caching, WAF, etc.)
I thought it would be useful to compile a list of features offered by the two services so that they can be easily and quickly compared and contrasted. Azure documentation offers a very practical decision tree that’s great for determining the right load-balancing solution for various scenarios. I hope the table below is helpful!
|Feature||Traffic Manager||Front Door|
|Protocol||Protocol Agnostic (DNS based)||HTTP(S)|
|Protocol Support: HTTP/2||✔️||✔️|
|Protocol Suppport: IPv6||✔️||✔️|
||Any public IP or a publicly resolvable DNS hostname|
|Backend must be public||✔️||✔️|
|HTTP Property Routing||❌||✔️|
|Traffic View Dashboard||✔️6||❌|
|No Performance Impact||✔️7||❌|
- Azure Endpoints (PaaS Cloud Services, Storage, Web Apps)
- Public IP Address Resources (e.g. VM’s with public IPs or Azure Load Balancer)
- External Backends (Public IPv4/IPv6 addresses, FQDNs)
Traffic Manager fail over limited by DNS caching/TTL ↩︎
Traffic Manager supports Custom Domain via CNAME or Alias Records. ↩︎
Traffic Manager doesn’t support TLS Termination, so re-encryption isn’t necessary. ↩︎
Front Door connections to the backend happen over public IP, so it is recommended that Front Door is configured to use HTTPS as the forwarding protocol. ↩︎
Traffic Manager Traffic View provides a dashboard of user base regions and their traffic patterns. ↩︎
Traffic Manager works at the DNS level. Client connections are direct to service endpoints, and so there is no performance impact incurred when using Traffic Manager. ↩︎