Azure Traffic Manager with Cloudflare CDN

1
votes

We have a pretty straight forward requirement in my opinion which is obviously proving to be otherwise:

"Redirect users based on their geo-location to the respective cloud region and use Cloudflare as a CDN for the domain mysubdomain.myparentdomain.com"

Simplifying it further, serve users from US using US cloud region infrastructure and so on. Now, we selected Azure Traffic Manager as it has the capability of resolving the DNS based on Geographical Location.

Let us say that we have two cloud regions as of now:

  • US based region having a DNS name as us.cloudapp.azure.com
  • EU based region having a DNS name as eu.cloudapp.azure.com

As we are supposed to use Cloudflare as CDN, both of these regions are configured in Cloudflare DNS as below:

  • endpoint1.mysubdomain.myparentdomain.com is an alias of us.cloudapp.azure.com (for US service and infrastructure)
  • endpoint2.mysubdomain.myparentdomain.com is an alias of eu.cloudapp.azure.com (for EU service and infrastructure)

Traffic Manager is now configured with two endpoints:

  • endpoint1.mysubdomain.myparentdomain.com for US traffic
  • endpoint2.mysubdomain.myparentdomain.com for EU traffic

In our DNS registrar (outside of Cloudflare), we added a DNS record to resolve our service sa well as below:

  • mysubdomain.myparentdomain.com is an alias of my-tm-profile.trafficmanager.net (actual service pointing to the DNS name of the traffic manager)

**Problem Scenario 1:**

1. User from US enters mysubdomain.myparentdomain.com in the browser
2. Browser resolves to traffic manager record
3. Traffic Manager resolves it to the US endpoint
4. US endpoint is proxied by Cloudflare as can be seen above. It is resolved successfully to a Cloudflare IP address.
5. Request lands in Cloudflare but the host header is still mysubdomain.myparentdomain.com
6. Cloudflare tries to find the mysubdomain.myparentdomain.com in its DNS and does not find anything.
7. Cloudflare raises error that origin DNS is not available.

Problem Scenario 2:

To resolve problem 1, mysubdomain.myparentdomain.com DNS record is created in Cloudflare DNS as per below:

mysubdomain.myparentdomain.com is an alias of my-tm-profile.trafficmanager.net (actual service pointing to the DNS name of the traffic manager)

1. User from US enters mysubdomain.myparentdomain.com in the browser
2. Browser resolves to traffic manager record
3. Traffic Manager resolves it to the US endpoint
4. US endpoint is proxied by Cloudflare as can be seen above. It is resolved successfully to a Cloudflare IP address.
5. Request lands in Cloudflare but the host header is still mysubdomain.myparentdomain.com
6. Cloudflare tries to find the mysubdomain.myparentdomain.com in its DNS and finds it pointing to the traffic manager DNS again.
7. Cloudflare goes into a loop of trying to resolve a service which is again proxied by Cloudflare. As per Cloudflare support discussions, this is not doable.

I am not able to see how can I make this possible. Any advice?

1
azurednscloudflareazure-traffic-manager
You can consider using "Host Header Override" Page Rule, which is Cloudflare Enterprise Plan feature to overwrite host headers to what your servers are expecting.FaizAzhar
Hello FaizAzhar - It seems that page rule is executing later in the life cycle. It gives error first despite the fact that the page rule is added. I checked.Hammad Dar

1 Answers

0
votes

I came here because I had a similar problem with Azure functions. My setup was like this:

  • Cloudflare subdomain.domain.com has cname to traffic manager domain
  • Traffic manager is setup with 2 endpoints
  • Each endpoint (azure function) has subdomain.domain.com setup as a custom domain, so when requests with this domain will come to functions, they will know how to handle requests properly. This is a little different from original question where there are sub domains behind the scenes, but for user that should not matter.

Problem was that once I was hitting subdomain.domain.com, I was getting azure functions 404 page. This hinted at problem that traffic manager was sending traffic to correct host, but host needs a domain name to be passed by traffic manager, so it can handle it properly. I archived that by specifying host header under custom headers in Azure Traffic Manager endpoints configuration in a format host:subdomain.domain.com. I just tried that same change with another project of mine without azure functions and it worked too (previously didn't). Hope that will help someone :)