What is OCI Traffic Management?
- A service to guide traffic to endpoints based on conditions like:
- Endpoint health.
- Geographic origin of DNS request.
- Configure policies to serve intelligent responses to DNS queries.
- Failover based on endpoint health.
- Load balance across resources.
- Steer traffic to physically closest endpoint.
Components of OCI Traffic Management
- Steering Policy: Intelligent rules to control responses to DNS queries.
- Links steering policy to zone.
- Max 1 attachment per DNS record type.
- Attachment overrides DNS records, e.g., if DNS A record points domain to IP 126.96.36.199 & attached steering policy points domain to IP 188.8.131.52, policy wins.
- Contained inside steering policy.
- Filters DNS responses based on properties of DNS request.
- Answer: The DNS response.
- Predefined rule sequence for a policy type & its intended behavior.
- eg FAILOVER template checks FILTER, HEALTH, PRIORITY & LIMIT rules.
- Case (like switch case):
- Optionally included in rules.
- Case = Condition + Action
- Condition behavior:
- Case with no
- Case with
caseConditionmatches when expression evaluates to true.
- Case with no
- Rule behavior:
- Rule with no cases is always evaluated with same config.
- Rule with empty sequence of cases is always ignored.
- Rule with cases behaves according to first matching case in sequence.
Limits of OCI Traffic Management
- 100 policies per tenant.
- 1K attachments per tenant.
Types of Steering Policies in OCI Traffic Management
- Uses Health Checks service to determine endpoint health.
- If primary endpoint is unhealthy, fails over to secondary endpoint.
- Load Balancer:
- Distributes traffic across multiple endpoints.
- Assign weights to endpoints to control distribution.
- Assign equal weights to distribute traffic evenly.
- Unequal Weights = Ratio Load Balancing
- e.g. if endpoint A has weight 1 & endpoint B has weight 2, one-third of incoming traffic is sent to A & two-thirds to B.
- Health checks monitor endpoint health.
- If an endpoint is unhealthy, traffic goes to others.
- Direct traffic based on location of end user.
- You can define geographic regions & endpoint(s) for each region.
- Geographic regions are composed of originating continent, countries & states/provinces (North America).
- ASN: Steer based on Autonomous System Numbers.
- IP Prefix: Steer based on IP prefix of caller.
Traffic Steering Scenarios in OCI Traffic Management
- Failover: Automate failover between primary & secondary servers.
- Cloud Migration: Use weighted load balancing to gradually migrate traffic from data center to OCI.
- Load Balancing for Scale: Distribute traffic across (health checked) server pools.
- Hybrid Environments: Distribute traffic across OCI, data center, other clouds (AWS, Azure, GCP) & public resources on the internet.
- Worldwide Geolocation:
- Divide global users into geographic regions & steer them to specific resources.
- Supports “ring fencing” e.g. keep traffic from China in China & block traffic from outside China into China.
- Canary Testing: Determine internal users using IP prefix & serve them differently than external users.
- Zero-Rating Services: Determine originating enterprise, mobile operator, etc using ASN & serve them according to commercial agreements you may have.