Azure-docs: Need clarification on how to configure an internal multi-region API Management?

Created on 17 Sep 2019 · 7Comments · Source: MicrosoftDocs/azure-docs

This page describes how to configure a multi-region API Management, however, it does not cover the scenario when API Management is deployed inside a VNET in _internal_ mode.

In this type of setup, it's common to have Azure App Gateway front facing API Management. So the questions are:

How is Azure App Gateway meant to resolve to a load-balanced API Management, if APIM is internal, thus the managed Traffic Manager cannot reach APIM?
How are internal consumers (within the VNET) meant to resolve a load-balanced API Management when the APIs are not public to the internet?

Round Robin at DNS level would not be ideal as it wouldn't cover cases when an instance is down (https://docs.microsoft.com/en-us/windows-server/networking/dns/deploy/app-lb).

Please include in the documentation what's the recommended setup.

Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

ID: d7b2624c-40ea-c23c-3af5-79953d4cb549
Version Independent ID: 0bf60c10-7ae4-476a-6cbd-4a189a97000f
Content: Deploy Azure API Management services to multiple Azure regions
Content Source: articles/api-management/api-management-howto-deploy-multi-region.md
Service: api-management
GitHub Login: @mikebudzynski
Microsoft Alias: apimpm

Pri2 api-managemensvc assigned-to-author doc-enhancement triaged

Source

pacodelacruz

👍3

Most helpful comment

API Management in internal VNET doesn't have the built-in traffic manager in multi-region configuration and you need to use your own traffic management solutions. The built-in traffic manager is provided with API Management in external VNET as well as outside VNET.

This should be a note section on the docs page.

andremarques023 on 23 Sep 2019

👍9

All 7 comments

@pacodelacruz Thank you for your feedback! We will review and provide an update as appropriate.

@mikebudzynski any thoughts here?

KetanChawda-MSFT on 17 Sep 2019

👍1

@mikebudzynski can you please share your thoughts here.

KetanChawda-MSFT on 19 Sep 2019

API Management in internal VNET doesn't have the built-in traffic manager in multi-region configuration and you need to use your own traffic management solutions. The built-in traffic manager is provided with API Management in external VNET as well as outside VNET.

mikebudzynski on 21 Sep 2019

👍1

API Management in internal VNET doesn't have the built-in traffic manager in multi-region configuration and you need to use your own traffic management solutions. The built-in traffic manager is provided with API Management in external VNET as well as outside VNET.

This should be a note section on the docs page.

andremarques023 on 23 Sep 2019

👍9

This should be a note section on the docs page.

It will be. We'll use this Issue to track progress.

mikebudzynski on 23 Sep 2019

👍2

This page describes how to configure a multi-region API Management, however, it does not cover the scenario when API Management is deployed inside a VNET in _internal_ mode.

+1.. I am testing this..
The docs indicate that Traffic Manager is an optional feature to route traffic.
What is NOT clear is if in an APIM with PVT VNET setup; without Traffic manager, will the @(context.Deployment.Region) config setting still work?

Another thing the doc doesn't clearly mention is the below:

<set-backend-service base-url="http://contoso-us.com/" />

Is the base url the url of Backend service? It seems it is the base url of the APIM service itself. If yes, it would save a lot of frustration if the docs update it to:

<choose>
            <when condition="@("West US".Equals(context.Deployment.Region, StringComparison.OrdinalIgnoreCase))">
                <set-backend-service base-url="http://apim.contoso-us.com/" />
            </when>
            <when condition="@("East Asia".Equals(context.Deployment.Region, StringComparison.OrdinalIgnoreCase))">
                <set-backend-service base-url="http://apim.contoso-asia.com/" />
            </when>
            <otherwise>
                <set-backend-service base-url="http://apim.contoso-other.com/" />
            </otherwise>

asubmani on 29 Jan 2020

This is not clear at all for Internally configured APIM. If there is an internal APIM there is no load balancing of any kind unless explicitly configured by the customer? That should be called out. In addition, the steps to accomplish this:

App gateway forwards traffic to Traffic manager instance which watches two or more instances of APIM to determine which one is healthy to route traffic toward. Also if using this option, how would the APIs be kept in sync between APIM instances... checking both and updating both seems unweildy.