Traffic Management helps you guide traffic to endpoints based on various conditions, including endpoint health and the geographic origins of DNS requests.
Use Traffic Management steering policies to serve intelligent responses to DNS queries, meaning different answers (endpoints) might be served for the query depending on the logic defined in the policy.
Traffic Management Components
The following list describes the components used to build a traffic management steering policy.
- STEERING POLICIES
- A framework to define the traffic management behavior for zones. Steering policies contain rules that help to intelligently serve DNS answers.
- Allows you to link a steering policy to zones. An attachment of a steering policy to a zone occludes all records at its domain that are of a covered record type, constructing DNS responses from its steering policy rather than from those domain's records. A domain can have at most one attachment covering any particular record type.
- The guidelines steering policies use to filter answers based on the properties of a DNS request, such as the requests geolocation or the health of endpoints.
- Answers contain the DNS record data and metadata to be processed in a steering policy.
Ways to Access Traffic Management
You can access Oracle Cloud Infrastructure (OCI) by using the Console (a browser-based interface), REST API, or OCI CLI. Instructions for using the Console, API, and CLI are included in topics throughout this documentation. For a list of available SDKs, see Software Development Kits and Command Line Interface.
To access the Console, you must use a supported browser. To go to the Console sign-in page, open the navigation menu at the top of this page and click Infrastructure Console. You are prompted to enter your cloud tenant, your user name, and your password.
Authentication and Authorization
Each service in Oracle Cloud Infrastructure integrates with IAM for authentication and authorization, for all interfaces (the Console, SDK or CLI, and REST API).
An administrator in your organization needs to set up groups , compartments , and policies that control which users can access which services, which resources, and the type of access. For example, the policies control who can create new users, create and manage the cloud network, launch instances, create buckets, download objects, and so on. For more information, see Getting Started with Policies. For specific details about writing policies for each of the different services, see Policy Reference.
If you’re a regular user (not an administrator) who needs to use the Oracle Cloud Infrastructure resources that your company owns, contact your administrator to set up a user ID for you. The administrator can confirm which compartment or compartments you should be using.
Traffic Management Capabilities and Limits
Oracle Cloud Infrastructure Traffic Management is limited to 100 policies and 1,000 attachments per tenant. See Service Limits for a list of applicable limits and instructions for requesting a limit increase.
Required IAM Service Policy
To use Oracle Cloud Infrastructure, you must be granted security access in a policy by an administrator. This access is required whether you're using the Console or the REST API with an SDK, CLI, or other tool. If you get a message that you don’t have permission or are unauthorized, verify with your administrator what type of access you have and which compartment to work in.
Managing Traffic Management steering policies
Traffic Management steering policies can account for health of answers to provide failover capabilities, provide the ability to load balance traffic across many resources, and account for the location where the query originated to provide a flexible and powerful mechanism to efficiently steer DNS traffic.
- Failover policies let you prioritize the order in which you want answers served in a policy (for example, Primary and Secondary). Oracle Cloud Infrastructure Health Checks monitors and on-demand probes are leveraged to evaluate the health of answers in the policy. If the primary answer is unhealthy, DNS traffic is automatically steered to the secondary answer.
- LOAD BALANCER
- Load balancer policies distribute traffic across many endpoints. Endpoints can be assigned equal weights to distribute traffic evenly across the endpoints or custom weights can be assigned for ratio load balancing. Oracle Cloud Infrastructure Health Checks monitors and on-demand probes are leveraged to evaluate the health of the endpoint. If an endpoint is unhealthy, DNS traffic is automatically distributed to the other endpoints.
- GEOLOCATION STEERING
- Geolocation steering policies distribute DNS traffic to different endpoints based on the location of the end user. Customers can define geographic regions composed of originating continent, countries or states/provinces (North America) and define a separate endpoint or set of endpoints for each region.
- ASN STEERING
- ASN steering policies enable you to steer DNS traffic based on Autonomous System Numbers (ASN). DNS queries originating from a specific ASN or set of ASNs can be steered to a specified endpoint.
- IP PREFIX STEERING
- IP Prefix steering policies enable customers to steer DNS traffic based on the IP Prefix of the originating query.
Typical Traffic Steering Scenarios
This section describes several typical scenarios for using Traffic Management steering policies.
You can leverage Traffic Management steering policies to provide automated failover between primary and secondary servers.
Weighted load balancing supports controlled migration from a data center to Oracle Cloud Infrastructure servers. You can steer a small amount of traffic (1%) to new resources in the cloud to verify everything is working as expected. You can then increase the ratios until you're comfortable with fully migrating all DNS traffic to the cloud.
Load Balancing Across Many Servers for Scale
You can configure load balancing pools of many servers. Traffic Management steering policies can automatically distribute DNS traffic across the set of servers. You can also use Health Checks to evaluate server traffic. If a server is unhealthy, traffic is automatically redirected to healthy servers.
Because Traffic Management is an agnostic service, you can use it steer traffic to both OCI resources and any publicly exposed (internet resolvable) resources, including other cloud providers and enterprise data centers.
Worldwide Geolocation Treatment
You can divide global users into geographically defined regions (for example, state/province level in NA, country level for rest of world) and steer customers to specified resources based on their location. This helps to ensure global, high performing internet resolution, and supports functions such as ring fencing. For example, keeping traffic from China in China and block traffic outside of China into China.
Leveraging IP Prefix steering, you can configure policies to serve different responses for your internal users versus external users.
ASN steering conditional steering based on the originating enterprise, mobile operator or other communications provider in support of various commercial agreements that might be in place. Preferred ASNs can be directed to free resources, while all other traffic can be directed to paid resources.
Traffic Management Tasks
Steering Policy Tasks
- Creating a Load Balancer Policy
- Creating a Failover Policy
- Creating a Geolocation Steering Policy
- Creating an ASN Steering Policy
- Creating an IP Prefix Steering Policy
- Listing Steering Policies
- Viewing a Steering Policy's Details
- Editing a Steering Policy
- Moving a Steering Policy Between Compartments
- Deleting a Steering Policy