Direct traffic to specific endpoints based on user subnet using Traffic Manager
This article describes how to configure the subnet traffic-routing method. The Subnet traffic-routing method allows you to map a set of IP address ranges to specific endpoints and when a request is received by Traffic Manager, it inspects the source IP of the request and returns the endpoint associated with it.
In the scenario discussed in this article, using subnet routing, depending on the IP address of the user's query, traffic is either routed to an internal website or a production website.
If you don't have an Azure subscription, create a trial subscription before you begin.
Prerequisites
In order to see the Traffic Manager in action, this tutorial requires that you deploy the following:
- two basic websites running in different Azure regions - China East (serves as internal website) and China North (serves as production website).
- two test VMs for testing the Traffic Manager - one VM in China East and the second VM in China North.
The test VMs are used to illustrate how Traffic Manager routes user traffic to the internal website or the production website based on subnet from where the user query originates.
Sign in to Azure
Sign in to the Azure portal.
Create websites
In this section, you create two website instances that provide the two service endpoints for the Traffic Manager profile in two Azure regions. Creating the two websites includes the following steps:
- Create two VMs for running a basic website - one in China East, and the other in China North.
- Install IIS server on each VM and update the default website page that describes the VM name that a user is connected to when visiting the website.
Create VMs for running websites
In this section, you create two VMs myIISVMChinaEast and myIISVMChinaNorth in the China East and China North Azure regions.
On the upper, left corner of the Azure portal, select Create a resource > Virtual Machines > Windows Server 2016 Datacenter.
Enter, or select, the following information for Basics, accept the defaults for the remaining settings, and then select Create:
Setting Value Name myIISVMChinaEast User name Enter a user name of your choosing. Password Enter a password of your choosing. The password must be at least 12 characters long and meet the defined complexity requirements. Resource group Select New and then type myResourceGroupTM1. Location Select China East. Select a VM size under Choose a size.
Select the following values for Settings, then select OK:
Setting Value Virtual network Select Virtual network, in Create virtual network, for Name, enter myVNet1, for subnet, enter mySubnet. Network Security Group Select Basic, and in Select public inbound ports drop-down, select HTTP and RDP Boot diagnostics Select Disabled. Under Create in the Summary, select Create to start the VM deployment.
Complete steps 1-6 again, with the following changes:
Setting Value Resource group Select New, and then type myResourceGroupTM2 Location China North VM Name myIISVMChinaNorth Virtual network Select Virtual network, in Create virtual network, for Name, enter myVNet2, for subnet, enter mySubnet. The VMs take a few minutes to create. Do not continue with the remaining steps until both VMs are created.
Install IIS and customize the default web page
In this section, you install the IIS server on the two VMs - myIISVMChinaEast & myIISVMChinaNorth, and then update the default website page. The customized website page shows the name of the VM that you are connecting to when you visit the website from a web browser.
- Select All resources in the left-hand menu, and then from the resources list click myIISVMChinaEast that is located in the myResourceGroupTM1 resource group.
- On the Overview page, click Connect, and then in Connect to virtual machine, select Download RDP file.
- Open the downloaded rdp file. If prompted, select Connect. Enter the user name and password you specified when creating the VM. You may need to select More choices, then Use a different account, to specify the credentials you entered when you created the VM.
- Select OK.
- You may receive a certificate warning during the sign-in process. If you receive the warning, select Yes or Continue, to proceed with the connection.
- On the server desktop, navigate to Windows Administrative Tools>Server Manager.
- Launch Windows PowerShell on myIISVMChinaEast and using the following commands to install IIS server and update the default htm file.
# Install IIS Install-WindowsFeature -name Web-Server -IncludeManagementTools # Remove default htm file remove-item C:\inetpub\wwwroot\iisstart.htm #Add custom htm file Add-Content -Path "C:\inetpub\wwwroot\iisstart.htm" -Value $("Hello World from my test website server - " + $env:computername) - Close the RDP connection with myIISVMChinaEast.
- Repeat steps 1-6 with by creating an RDP connection with the VM myIISVMChinaNorth within the myResourceGroupTM2 resource group to install IIS and customize its default web page.
- Launch Windows PowerShell on myIISVMChinaNorth and using the following commands to install IIS server and update the default htm file.
# Install IIS Install-WindowsFeature -name Web-Server -IncludeManagementTools # Remove default htm file remove-item C:\inetpub\wwwroot\iisstart.htm #Add custom htm file Add-Content -Path "C:\inetpub\wwwroot\iisstart.htm" -Value $("Hello World from my production website server - " + $env:computername)
Configure DNS names for the VMs running IIS
Traffic Manager routes user traffic based on DNS name of the service endpoints. In this section, you configure the DNS names for the IIS servers - myIISVMChinaEast and myIISVMChinaNorth.
- Click All resources in the left-hand menu, and then from the resources list, select myIISVMChinaEast that is located in the myResourceGroupTM1 resource group.
- On the Overview page, under DNS name, select Configure.
- On the Configuration page, under DNS name label, add a unique name, and then select Save.
- Repeat steps 1-3, for the VM named myIISVMChinaNorth that is located in the myResourceGroupTM1 resource group.
Create test VMs
In this section, you create a VM (myVMChinaEast and myVMChinaNorth) in each Azure region (China East and China North. You will use these VMs to test how Traffic Manager routes traffic to the nearest IIS server when you browse to the website.
On the upper, left corner of the Azure portal, select Create a resource > Virtual Machines > Windows Server 2016 Datacenter.
Enter, or select, the following information for Basics, accept the defaults for the remaining settings, and then select Create:
Setting Value Name myVMChinaEast User name Enter a user name of your choosing. Password Enter a password of your choosing. The password must be at least 12 characters long and meet the defined complexity requirements. Resource group Select Existing and then select myResourceGroupTM1. Select a VM size under Choose a size.
Select the following values for Settings, then select OK:
Setting Value Virtual network Select Virtual network, in Create virtual network, for Name, enter myVNet3, for subnet, enter mySubnet3. Network Security Group Select Basic, and in Select public inbound ports drop-down, select HTTP and RDP Boot diagnostics Select Disabled. Under Create in the Summary, select Create to start the VM deployment.
Complete steps 1-5 again, with the following changes:
Setting Value VM Name myVMChinaNorth Resource group Select Existing, and then type myResourceGroupTM2 Virtual network Select Virtual network, in Create virtual network, for Name, enter myVNet4, for subnet, enter mySubnet4. The VMs take a few minutes to create. Do not continue with the remaining steps until both VMs are created.
Create a Traffic Manager profile
Create a Traffic Manager profile that allows you to return specific endpoints based on the source IP of the request.
On the top left-hand side of the screen, select Create a resource > Networking > See All > Traffic Manager profile > Create.
In the Create Traffic Manager profile, enter or select, the following information, accept the defaults for the remaining settings, and then select Create:
Setting Value Name This name needs to be unique within the trafficmanager.cnzone and results in the DNS name,trafficmanager.cnthat is used to access your Traffic Manager profile.Routing method Select the Subnet routing method. Subscription Select your subscription. Resource group Select Existing and enter myResourceGroupTM1. 
Add Traffic Manager endpoints
Add the two VMs running the IIS servers - myIISVMChinaEast & myIISVMChinaNorth to route user traffic based on the subnet of the user's query.
In the portal's search bar, search for the Traffic Manager profile name that you created in the preceding section and select the profile in the results that the displayed.
In Traffic Manager profile, in the Settings section, click Endpoints, and then click Add.
Enter, or select, the following information, accept the defaults for the remaining settings, and then select OK:
Setting Value Type Azure endpoint Name myTestWebSiteEndpoint Target resource type Public IP Address Target resource Choose a Public IP address to show the listing of resources with Public IP addresses under the same subscription. In Resource, select the public IP address named myIISVMChinaEast-ip. This is the public IP address of the IIS server VM in China East. Subnet routing settings Add the IP address of the recursive DNS resolver used by myVMChinaEast test VM. Any user query originating from this VM will be directed to the myTestWebSiteEndpoint. Repeat steps 2 and 3 to add another endpoint named myProductionEndpoint for the public IP address myIISVMChinaNorth-ip that is associated with the IIS server VM named myIISVMChinaNorth. For Subnet routing settings, add the IP address of the recursive DNS resolver used by test VM - myVMChinaNorth. Any user query from this test VM via its DNS resolver will be routed to the endpoint - myProductionWebsiteEndpoint.
When the addition of both endpoints is complete, they are displayed in Traffic Manager profile along with their monitoring status as Online.
Test Traffic Manager profile
In this section, you test how the Traffic Manager routes user traffic from a given subnet to a specific endpoint. To view the Traffic Manager in action, complete the following steps:
Determine the DNS name of your Traffic Manager profile.
View Traffic Manager in action as follows:
From the test VM (myVMChinaEast) that is located in the China East region, in a web browser, browse to the DNS name of your Traffic Manager profile.
From the test VM (myVMChinaNorth) that is located in the China North region, in a web browser, browse to the DNS name of your Traffic Manager profile.
Determine DNS name of Traffic Manager profile
In this tutorial, for simplicity, you use the DNS name of the Traffic Manager profile to visit the websites.
You can determine the DNS name of the Traffic Manager profile as follows:
In the portal's search bar, search for the Traffic Manager profile name that you created in the preceding section. In the results that are displayed, click the traffic manager profile.
Click Overview.
The Traffic Manager profile displays the DNS name of your newly created Traffic Manager profile. In production deployments, you configure a vanity domain name to point to the Traffic Manager domain name, using a DNS CNAME record.
View Traffic Manager in action
In this section, you can see the Traffic Manager is action.
Select All resources in the left-hand menu, and then from the resources list click myVMChinaEast that is located in the myResourceGroupTM1 resource group.
On the Overview page, click Connect, and then in Connect to virtual machine, select Download RDP file.
Open the downloaded rdp file. If prompted, select Connect. Enter the user name and password you specified when creating the VM. You may need to select More choices, then Use a different account, to specify the credentials you entered when you created the VM.
Select OK.
You may receive a certificate warning during the sign-in process. If you receive the warning, select Yes or Continue, to proceed with the connection.
In a web browser on the VM myVMChinaEast, type the DNS name of your Traffic Manager profile to view your website. Since the VM myVMChinaEast IP address is associated with the endpoint myIISVMChinaEast, the web browser launches the Test website server - myIISVMChinaEast.
Next, connect to the VM myVMChinaNorth located in China North using steps 1-5 and browse to the Traffic Manager profile domain name from this VM. Since the VM myVMChinaNorth IP address is associated with the endpoint myIISVMChinaNorth, the web browser launches the Test website server - myIISVMChinaNorth.
Delete the Traffic Manager profile
When no longer needed, delete the resource groups (ResourceGroupTM1 and ResourceGroupTM2). To do so, select the resource group (ResourceGroupTM1 or ResourceGroupTM2), and then select Delete.
Next steps
- Learn about weighted traffic routing method.
- Learn about priority routing method.
- Learn about geographic routing method.