Azure Traffic Manager subnet routing not working.

Akash Acharya 0

I am currently setting up an Azure Traffic Manager to DNS load balance between two endpoints using subnet routing. I have configured the Traffic Manager with two endpoints and specified the CIDR range containing my public IP address for one of the endpoint’s subnet configurations.

Issue: Despite this setup, my DNS lookup does not resolve to the intended target. I suspect that the DNS resolver’s IP might be the one which is detected and it resolves to fallback endpoint. I have also attempted using **`dig

Deepanshu katara 13,920 Reputation points MVP

2024-10-18T14:04:39.5+00:00
Hello Akash , Welcome to MS Q&A

To resolve DNS lookup issues in Azure Traffic Manager when using subnet routing, you can follow these steps:

Verify Traffic Manager Configuration: Ensure that your Traffic Manager profile is correctly configured to route traffic based on user subnet. This involves mapping the appropriate IP address ranges to specific endpoints.

Flush DNS Cache: If you have made changes to your Traffic Manager settings, flush your DNS client cache to ensure that you are not receiving stale DNS records. In Windows, you can do this using the command ipconfig /flushdns.

Check for TTL Issues: Be aware of the DNS Time-to-Live (TTL) settings for your Traffic Manager profile. After making changes, you may need to wait for the TTL to expire before seeing the effects.

By following these steps, you should be able to troubleshoot and resolve DNS lookup issues related to Azure Traffic Manager with subnet routing.

References:

Direct traffic to specific endpoints based on user subnet using Traffic Manager

Verify Traffic Manager settings

Please check above docs

Kindly let us know if any further questuions

Thanks
Deepanshu
Akash Acharya 0 Reputation points

2024-10-18T14:18:57.43+00:00
Following are the step I performed,

Verified all the configuration on the azure traffic manager is correct.

We have ttl of 60 seconds.

On my cli following cmd.

ipconfing /flushdns dig <domain> +subnet=<cidr_of_client_public_ip> +edns=0 +ednsneg

4.Ip address we received was public Ip of fallback endpoint.

It does not seem to resolve the issue.
Akash Acharya 0 Reputation points

2024-10-18T14:33:21.64+00:00
Thank you for prompt reply,
Here are the step-by-step instructions steps executed. (followed above steps)

Verified endpoints (both with subnet routing + fallback) are enabled. All configuration domain -> az tm domain, az tm is enabled

TTL is set to 60 seconds waited for that time.

Flush DNS Entries from local cache

ipconfig /flushdns

Dig query with edns enabled with subnet information passed along.

dig <domain> +subnet=<subnet-cidr> +edns=0 +ednsneg

Received fallback endpoint Ip not the subnet routed one.

Please guide me , if something i am missing.
ChaitanyaNaykodi-MSFT 27,041 Reputation points Microsoft Employee

2024-10-18T14:43:41.7466667+00:00

@Akash Acharya

Thank you for reaching out.

Based on your statement above

I have configured the Traffic Manager with two endpoints and specified the CIDR range containing my public IP address for one of the endpoint’s subnet configurations.

The subnet routing setting should contain the IP address of the recursive DNS resolver used by the source not the source address space.

As documented in the tutorial here.

Can you please confirm if you have configured the correct IP address?

Thank you!

Chaitanya
Akash Acharya 0 Reputation points

2024-10-18T15:07:06.0266667+00:00

Thank you for the screen shot, I double check, following is the screen shot, Ip are correctly configured.

Still not working, Does it matter if routing preference of public ip is Internet vs MS?
ChaitanyaNaykodi-MSFT 27,041 Reputation points Microsoft Employee

2024-10-19T02:28:12.45+00:00

@Akash Acharya

Thank you for getting back.

Does it matter if routing preference of public ip is Internet vs MS?

I do not think this option will affect the communication here.

The IP address listed here should be the Recursive DNS resolver IPs

As documented here.

End-user devices typically use a DNS resolver to do the DNS lookup on their behalf. The outgoing IP of such resolvers is what Traffic Manager sees as the source IP. In addition, Subnet routing method also looks to see if there's EDNS0 Extended Client Subnet (ECS) information that was passed with the request. If ECS information is present, that is the address used to determine the routing. In the absence of ECS information, the source IP of the query is used for routing purposes.

Meanwhile, Can you please refer to my private message here?

Thank you!

1 answer

VIVEK DWIVEDI 105 Reputation points Microsoft Employee

2025-01-30T02:49:59.1033333+00:00
Hello @Akash Acharya ,

I hope you are doing great!

To make it short, what you are suspecting is right. In case of subnet routing, Traffic manager mostly checks the recursive DNS resolver IP and not the end user IP unless it passed on the EDNS.

You can also check if a client is ECS-supported by running either of the following DNS queries.

nslookup -q=txt o-o.myaddr.l.google.com

Below indicates that the LDNS IP is 20.48.x.x, and the ECS-supported IP is 60.77.x.x. Traffic Manager would use the ECS-supported IP for routing.

Server: dns.google Address: 8.8.8.8 Non-authoritative answer: o-o.myaddr.l.google.com text = "20.48.x.x" o-o.myaddr.l.google.com text = "edns0-client-subnet 60.77.x.x/24"

The same can also be checked by using dig:

dig +short TXT o-o.myaddr.l.google.com

Please let me know if this helps by accepting the answer.
Please sign in to rate this answer.
VIVEK DWIVEDI 105 Reputation points Microsoft Employee

2025-02-05T12:51:35.28+00:00

Hello @Akash Acharya ,

I hope you are doing great!

I would like to know if the above answer has helped you in understanding how the subnet-based routing works and what is happening in your case. Please let me know if you have queries or if this helps, please accept the answer so that it would help others in this community.

Thank you.
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.

Share via

Azure Traffic Manager subnet routing not working.

1 answer

Your answer