Network Design

The Traffic Manager is a proxy with advanced traffic management capabilities. This means that the Traffic Manager is normally placed between two networks, relaying requests from a public network to a private network. Each Traffic Manager must be able to contact machines on both the traffic and back-end networks.

For example, the back-end pools may be on an RFC1597 private network, with IP addresses in any of these groups:

10.0.0.0/8

172.16.0.0/12

192.168.0.0/16

These networks are not routable on the Internet. They offer both convenience in terms of allocating internal network space, and security, since a correctly configured external router will not accept packets for these networks.

It is therefore most secure for the Traffic Managers to have traffic IP addresses (traffic IP groups) that are connected to the Internet, and for all back-end pools to use RFC1597 network addresses on a separate physical network (or correctly configured VLAN). This then prevents back-end servers from being reached directly from the Internet, and allows the Traffic Manager to manage all inbound connections securely and efficiently.

Furthermore, you can choose to use a separate RFC1597 private network for internal management traffic, including access to the Traffic Manager Admin UI. For more details, see Dedicated Management Network.