🔒 Guided

Pre-launch preview. Authorised access only.

Incorrect code

Guided by A Guide to Cloud
Explore AB-900 AI-901
Guided AZ-700 Domain 3
Domain 3 — Module 2 of 5 40%
15 of 26 overall

AZ-700 Study Guide

Domain 1: Core Networking Infrastructure

  • Virtual Networks: Your Cloud Foundation Free
  • IP Addressing: Public, Private & Prefixes Free
  • Name Resolution: Azure DNS Free
  • Routing: UDRs, Route Server & NAT Gateway Free
  • VNet Peering and Connectivity
  • Network Monitoring and Diagnostics
  • DDoS Protection and Security Posture

Domain 2: Connectivity Services

  • Site-to-Site VPN: Connecting On-Premises
  • Point-to-Site VPN: Remote Access
  • ExpressRoute Fundamentals
  • ExpressRoute: Advanced Features
  • Azure Virtual WAN
  • Choosing Your Hybrid Connection

Domain 3: Application Delivery Services

  • Azure Load Balancer: Layer 4
  • Traffic Manager: DNS-Based Routing
  • Application Gateway: Layer 7
  • Azure Front Door: Global Delivery
  • Choosing the Right Load Balancer

Domain 4: Private Access to Azure Services

  • Private Link and Private Endpoints
  • Private Endpoint DNS
  • Service Endpoints: When and How

Domain 5: Network Security Services

  • NSGs and Application Security Groups
  • Flow Logs, IP Flow Verify & Network Manager Security
  • Azure Firewall: SKUs and Deployment
  • Azure Firewall Manager and Policies
  • Web Application Firewall (WAF)

AZ-700 Study Guide

Domain 1: Core Networking Infrastructure

  • Virtual Networks: Your Cloud Foundation Free
  • IP Addressing: Public, Private & Prefixes Free
  • Name Resolution: Azure DNS Free
  • Routing: UDRs, Route Server & NAT Gateway Free
  • VNet Peering and Connectivity
  • Network Monitoring and Diagnostics
  • DDoS Protection and Security Posture

Domain 2: Connectivity Services

  • Site-to-Site VPN: Connecting On-Premises
  • Point-to-Site VPN: Remote Access
  • ExpressRoute Fundamentals
  • ExpressRoute: Advanced Features
  • Azure Virtual WAN
  • Choosing Your Hybrid Connection

Domain 3: Application Delivery Services

  • Azure Load Balancer: Layer 4
  • Traffic Manager: DNS-Based Routing
  • Application Gateway: Layer 7
  • Azure Front Door: Global Delivery
  • Choosing the Right Load Balancer

Domain 4: Private Access to Azure Services

  • Private Link and Private Endpoints
  • Private Endpoint DNS
  • Service Endpoints: When and How

Domain 5: Network Security Services

  • NSGs and Application Security Groups
  • Flow Logs, IP Flow Verify & Network Manager Security
  • Azure Firewall: SKUs and Deployment
  • Azure Firewall Manager and Policies
  • Web Application Firewall (WAF)
Domain 3: Application Delivery Services Premium ⏱ ~12 min read

Traffic Manager: DNS-Based Routing

Master Azure Traffic Manager's six routing methods, endpoint types, nested profiles, and health monitoring for DNS-based global traffic distribution.

Traffic Manager: DNS-Based Routing

Traffic Manager works at the DNS layer. When a client queries a Traffic Manager FQDN, it returns the IP of the best endpoint based on the routing method. Traffic Manager doesn’t proxy traffic — it redirects at the DNS level.

🎬 Video coming soon

Traffic Manager Routing Methods

Traffic Manager Routing Methods

~12:00
☕ Simple explanation

Traffic Manager is a smart DNS directory — when a user types your website address, DNS asks Traffic Manager which server to send them to. Traffic Manager answers based on your rules (closest, least busy, specific region). The user connects directly to that server — Traffic Manager doesn’t touch the actual traffic.

Azure Traffic Manager is a DNS-based global traffic routing service. It returns the IP/CNAME of the selected endpoint based on routing method. It does NOT proxy traffic. Key characteristics: global scope, DNS-based (no data-plane processing), health monitoring, and protocol-agnostic.

The Six Routing Methods

MethodHow It WorksBest For
PriorityRoutes to the highest-priority (lowest number) healthy endpoint. Failover to next if primary is down.Active-passive DR. Primary in one region, backup in another.
WeightedDistributes traffic based on weights (1-1000). Weight 300 gets 3x more traffic than weight 100.Gradual migration, canary deployments, capacity-based distribution.
PerformanceReturns the endpoint with lowest latency from the client’s DNS resolver location.Multi-region apps where users should reach the closest region.
GeographicRoutes based on the geographic origin of the DNS query. Users in a region always go to the assigned endpoint.Data sovereignty, regional content, compliance requirements.
MultivalueReturns multiple healthy endpoint IPs in a single DNS response. Client chooses.Simple redundancy — client-side failover. Only works with external endpoints with IPs.
SubnetMaps specific client IP ranges to specific endpoints.Testing, VIP routing, per-customer endpoints.
Traffic Manager Routing Methods Comparison
MethodHow It WorksBest For
PriorityRoutes to the highest-priority healthy endpoint; fails over to nextActive-passive disaster recovery
WeightedDistributes by weight (1-1000); weight 300 gets 3x traffic vs weight 100Canary deployments, gradual migration
PerformanceReturns endpoint with lowest latency from client DNS resolverMulti-region apps needing closest region
GeographicRoutes based on geographic origin of the DNS queryData sovereignty and compliance requirements
MultivalueReturns multiple healthy IPs in one DNS response; client picksSimple client-side redundancy (external endpoints only)
SubnetMaps specific client IP ranges to specific endpointsPer-customer routing, VIP access, testing

Character Scenarios

☁️ Elena — Performance routing: Skyline Logistics’ customer portal is deployed in Australia East and West Europe. Traffic Manager with Performance routing sends Australian customers to the AU East endpoint and European customers to West Europe — lowest latency for each.

🏪 Sam — Priority routing: Harbour Retail has a primary web app in Australia East and a standby in Southeast Asia. Priority routing sends all traffic to AU East (priority 1). If it fails health checks, traffic automatically shifts to Southeast Asia (priority 2).

Endpoint Types

Endpoint TypeWhat It Points ToExample
Azure endpointAzure resources (App Service, Public IP, Cloud Service)Sam’s web app in AU East
External endpointNon-Azure resources (IP address or FQDN)Partner’s API at api.partner.com
Nested endpointAnother Traffic Manager profileElena’s geographic parent with performance children
ℹ️ Nested Profiles — Combining Routing Methods

Nested profiles let you combine routing methods. A common pattern:

Parent profile: Geographic routing

  • Europe → Child profile (Performance routing between West Europe and North Europe)
  • Asia-Pacific → Child profile (Performance routing between AU East and Southeast Asia)
  • Americas → Child profile (Performance routing between East US and West US)

This ensures:

  1. Users are routed to the correct geographic region (compliance/sovereignty)
  2. Within that region, they reach the lowest-latency endpoint (performance)

Configuration:

  • Create child profiles with Performance routing and their regional endpoints
  • Create parent profile with Geographic routing
  • Add child profiles as “Nested” endpoints in the parent
  • Set minimum child endpoints for the nested endpoint to be considered healthy

Health Monitoring

Traffic Manager continuously probes endpoints to determine health:

SettingDescriptionDefault
ProtocolHTTP, HTTPS, or TCPHTTP
PortPort to probe80
PathURL path for HTTP/HTTPS probes/
Probing intervalHow often to check30 seconds (10 seconds for fast interval)
Tolerated failuresFailures before marking unhealthy3
Probe timeoutTime to wait for response10 seconds (5 seconds for fast interval)

Expected probe response: HTTP 200 OK. Any other response (or timeout) counts as a failure.

Fast interval probing: Reduces detection time from ~90 seconds (3 failures at 30s) to ~15 seconds (3 failures at 5s). Costs more but provides faster failover.

Custom health checks: For HTTPS probes, Traffic Manager validates the certificate chain. For HTTP probes, the response body can be checked with an expected status code range.

Key Takeaways

  • Traffic Manager is DNS-based — it returns IPs, doesn’t proxy traffic
  • Six routing methods cover DR (Priority), migration (Weighted), performance, geo, multivalue, and subnet
  • Nested profiles combine routing methods for complex scenarios
  • Health monitoring checks every 30 seconds by default; fast interval does 10 seconds
  • DNS TTL affects failover time — lower TTL means faster client updates

Test Your Knowledge

Question

How does Traffic Manager route traffic?

Click or press Enter to reveal answer

Answer

At the DNS level. When a client queries the Traffic Manager FQDN, it returns the IP of the best endpoint based on the routing method. Traffic Manager never proxies or inspects the actual data traffic.

Click to flip back
Question

What's the difference between Performance and Geographic routing?

Click or press Enter to reveal answer

Answer

Performance: routes to the endpoint with lowest latency from the client. Geographic: routes based on the client's geographic location to a fixed endpoint. Performance optimises speed; Geographic enforces compliance/sovereignty.

Click to flip back
Question

What is a nested Traffic Manager profile?

Click or press Enter to reveal answer

Answer

A child Traffic Manager profile used as an endpoint in a parent profile. Allows combining routing methods — e.g., Geographic parent routing to Performance children for latency optimisation within each region.

Click to flip back
Knowledge Check

Elena needs users in Europe to always reach European endpoints (data sovereignty), but within Europe, traffic should go to the fastest endpoint. Which routing pattern achieves this?
Knowledge Check

Sam's Traffic Manager health probe checks every 30 seconds with 3 tolerated failures. How long before a failed endpoint is marked unhealthy?

Next up: Application Gateway: Layer 7 — HTTP-aware load balancing with URL routing, TLS termination, and web application features.

← Previous

Azure Load Balancer: Layer 4

Next →

Application Gateway: Layer 7

Guided

I learn, I simplify, I share.

A Guide to Cloud YouTube Feedback

© 2026 Sutheesh. All rights reserved.

Guided is an independent study resource and is not affiliated with, endorsed by, or officially connected to Microsoft. Microsoft, Azure, and related trademarks are property of Microsoft Corporation. Always verify information against Microsoft Learn.