Some customer asked me about the following query around their creating system.
"We are creating some system and using paired regions to secure redundancy of it. Each database instance (primary and replicated) is located on paired regions and these instances belong to a fail over group. When we tested database failover, applications in their environment could not access primary database instance. We don't think network is reachable since global peering is configured between virtual networks in each region. What is the root cause of this issue? How can we fix this issue?"
As backgrounds are not clear to me, I asked the customer to share details about their system and the facing issue with me.
The following diagram reflects their comments and our hearing results.
If you are familiar with Azure, you can detect the root cause of this issue easily. This is due to service endpoint limitation. For Azure SQL, a service endpoint applies only to Azure service traffic within a virtual network's region.
In the following case, applications in Region-A can access database instance in Region-A.
However, In the following case, applications in Region-A cannot access database instance in Region-B even if global peering is configured.
There are several solutions for this case, but I provided the following options.
If cross region connection is still fine, they can fix this issue by using private link instead of service endpoint.
Azure Private Link for Azure SQL Database and Azure Synapse Analytics
https://docs.microsoft.com/azure/azure-sql/database/private-endpoint-overview
When using private link, the diagram looks like this.
It is also fine to create private links for databases in both regions.
When using private link, the following limitations should be considered.
In some cases, private link does not meet requirements. In this case, we should configure Traffic Manger to match between the region where Traffic Manager routes incoming traffic and database primary region. The diagram looks like this.
To achieve this, the following configuration is required.
Priority traffic-routing method
https://docs.microsoft.com/azure/traffic-manager/traffic-manager-routing-methods#priority-traffic-ro...
Configure endpoint monitoring
This concept has some limitations listed below.
Configure endpoint monitoring
https://docs.microsoft.com/azure/traffic-manager/traffic-manager-monitoring#configure-endpoint-monit...
In this case, I suggested both ways and asked this customer to make their decision. And last but not least, In this case, Traffic manager is used, but the concept of this solution is applicable in case of Azure Front Door.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.