Try JFrog
Guides
Contact SupportTry JFrog
  1. Subscription and Usage
  2. MyJFrog for Cloud

DNS Routing in MyJFrog

A routing policy lets you define a single jfrog.io routing URL and to direct traffic over it to topology members based on DNS logic.

📘

Subscription Information

This feature is supported on JFrog Cloud platform, with an Enterprise+ license.

Primary Admins, Admins, and technical users can create and manage the different DNS policies.

⚠️

Warning

This feature does not affect the synchronization between your JPDs. It is upon you to ensure data and all security configurations between JPDs are synced and up-to-date.

Docker subdomains are not supported.

Know Before You Use

  • You may create up to 10 routing policies (with 10 different routing URLs) per subscription.

    You can use a routing URL once per routing policy (Manual Failover or Geolocation).

  • This setup does not synchronize your JPDs. To facilitate seamless failover, both JPDs must be kept synchronized and updated by you. To achieve this, use Federated Repositories and Access Federation to sync Artifactory data. Federated Repositories do not support sync of JFrog Xray data. Refer to Federated Repositories, documentation for limitations and deployment guidelines,

  • You must setup all security configurations, georestrictions, allowlist, and private endpoints for each JPD.

  • This solution is implemented using the AWS Route 53 service, which serves DNS requests for all supported cloud providers.

📘

Private Connections and Failover Policy:

You must manually switch private endpoints to the secondary region during a failover event. If different providers are used, private endpoints will not work during a failover.

Manual Failover Routing Policy

Use when you want to configure active-passive failover between two JPDs in different regions.

Geolocation Routing Policy

Use when you want to route traffic based on the location of your users (the location that DNS queries originate from). You may define 2-10 JPDs, in different regions, under one routing URL.

  • We recommend that you set up instances such as edges or JPDs in “read only” mode to ensure synchronization is consistent.
  • In active/active setups, some discrepancy between JPDs may occur due to federation lag.
  • Geolocation maps IP addresses to locations In the event of requests from unidentifiable locations the response will return an unresolved response.

Set Up a Custom Domain Name

To use a custom domain name to point to your routing URL:

  • Set up a custom domain name.
  • Set up a policy with a routing URL.
  • Under your domain, in the DNS records, point your domain to the routing URL instead of the specific JPDs as specified in the last step of the custom domain name set up

Manual Failover Setup and Monitoring

When two JPDs are configured in an Active-Passive Failover configuration, a load balancer is used to monitor traffic and switch manually from the primary JPD to the secondary JPD in the event the primary JPD is not available. The routing URL defines the URL of the load balancer.

This is a manual failover between two JFrog Cloud instances (primary and secondary) in two different regions, under one routing URL.

  • In the event of the primary JPD being down for over 10 minutes, a notification will be sent, via email, to the user and traffic can be routed manually, via MyJFrog UI, from the primary to secondary JPD.
  • It is possible to failover to the secondary JPD for testing purposes, via the MyJFrog UI, even when the primary JPD is healthy. In this case all traffic will be switched and routed to the secondary JPD.

Both platform and edges are supported. Deployment identity under a single routing URL must be identical (edge to edge and platform to platform).

For edge set ups, syncing only occurs from main instance to the edge through distribution, and not edge to main instance.

Guidelines and Known Limitations of Manual Failover

Be aware of the following limitations of manual failover.

  • This setup does not synchronize your JPDs. To facilitate seamless failover, both JPDs must be kept synchronized and updated by you. To achieve this, use Federated Repositories and Access Federation to sync Artifactory data. Federated Repositories do not support sync of JFrog Xray data. Refer to Federated Repositories, documentation for limitations and deployment guidelines,
  • You must setup all security configurations, georestrictions, allowlist, and private endpoints for each JPD.
  • Prior to performing a manual failover, all validations regarding state of synchronization and set up must be done by the user.
  • Automatic failover, same region failover, self-hosted JPDs, and Docker subdomains are not supported.
  • This is not a DR or Active-Active load balancing solution.
📘

Private Connections and Failover Policy:

You must manually switch private endpoints to the secondary region during a failover event. If different providers are used, private endpoints will not work during a failover.

Create a New Manual Failover Policy

  1. In MyJFrog, go to Settings | DNS routing |Manual Failover, and accept the terms and conditions.

  2. Enter a routing URL, which is the URL of the load balancer.

  3. Set up your topology.

    • Select a primary JPD.

      This JPD will be the active JPD. By default, all traffic under the routing URL will be routed to this JPD. The primary JPD is monitored and in the event of it being down for more than 10 minutes an email will be sent out.

    • Select a secondary JPD.

      This JPD will be passive.

  4. Click Save to create the manual failover policy.

    The new policy is added in the processing status till the DNS is added and successfully configured. This might take a few minutes.

Monitor an Existing Manual Failover Policy

Once a new policy is added you can see in the table view the routing status changing from Processing to OK, which means the defined routing URL is set and routing traffic to the defined active JPD.

The JPD status provides real time status checking the readiness of Artifactory.

Although the UI shows the real time status, the monitoring over the JPD sends an email notification after 10 minutes of the primary JPD being down or after 10 minutes of it being up again.

In the event of the primary JPD being down the JPD status will change to Failed and the routing status will change to error.

The secondary JPD, being up and ready will be in the passive status - and the Switch button is available to click and approve the rerouting of the traffic to the secondary JPD.

In the event that traffic is routed to the primary JPD and the secondary JPD fails for some reason, the routing status will remain OK as traffic is routed to the primary JPD and served. The Secondary JPD status will be Failed and the Switch button will be disabled.

Actions on a Manual Failover Policy

You can take the following actions on a manual failover policy.

Manual Switch

You may decide to switch your routing to your secondary JPD for testing purposes, when both JPDs are up or in the event of your primary JPD being down.

In both cases you need to verify that all configurations and data is synced to meet your expectations prior to performing the switch. This is especially important when switching back, after an event, from the secondary to the primary.

  1. In MyJFrog, go to Settings | DNS routing |Manual Failover.

  2. A pop-up specifies the change you are about to perform. Select the checkbox to acknowledge the routing change.

  3. Once the switch is performed you will see the secondary JPD status change to “active” and the routing status change to “OK”. In the event of the primary JPD being down you will not be able to switch back till the primary JPD is up again. If a client is using a VPC caching may prevent the DNS from refreshing.

❗️

Important

When you switch for testing reasons it is recommended to keep the test enabled only as long as is necessary to verify the results. Once testing is done you must manually switch back again.

Edit Manual Failover Policy

You may edit your Primary and Secondary JPDs but not the routing URL.

In the event you wish to change the routing URL you may create another Failover policy with a new routing URL over the same two JPDs.

  1. In MyJFrog, go to Settings | DNS routing |Manual Failover.
  2. Hover over the three-dots menu and select Edit.
  3. Update the topology.
  4. Click Save.
Deactivate Manual Failover Policy

You can deactivate a manual failover policy so that it is paused. You can reactivate the policy again at any time.

  1. In MyJFrog, go to Settings | DNS routing |Manual Failover.

  2. Hover over the three-dots menu and select Deactivate.

  3. Click Confirm.

The following image shows deactivated policy.

Reactivate Manual Failover Policy

You can reactivate a paused manual failover policy.

  1. In MyJFrog, go to Settings | DNS routing |Manual Failover.
  2. Hover over the three-dots menu and select Reactivate.
  3. Click Confirm.
Delete Manual Failover Policy

You can delete a manual failover policy. Once you delete, the policy is removed from your subscription.

  1. In MyJFrog, go to Settings | DNS routing |Manual Failover.

  2. Hover over the three-dots menu and select Delete.

  3. Click Confirm.

Geolocation Setup and Monitoring

Geolocation routing lets you choose the resources that serve your traffic based on the geographic location of your users, meaning the location from which the DNS queries originate.

You can predefine your traffic load across endpoints in a predictable, easy-to-manage way, so that each user location is consistently routed to the same endpoint. You can specify geographic locations by continent, by country, or by state in the United States.

You may define between 2-10 JPDs, in different regions.

Guidelines and Known Limitations of Geolocation

Be aware of the following limitations of geolocation.

  • This setup does not synchronize your JPDs. To facilitate seamless failover, both JPDs must be kept synchronized and updated by you. To achieve this, use Federated Repositories and Access Federation to sync Artifactory data. Federated Repositories do not support sync of JFrog Xray data. Refer to Federated Repositories, documentation for limitations and deployment guidelines,

    In active/active setups, some discrepancy between JPDs may occur due to federation lag. Therefore, we recommend that you use this for “read only” or on edge instances only.

  • Edge: For edge setups, syncing only occurs from the main instance to the edge, and not from edge to the main instance. For more information, see JFrog Distribution.

  • You may not define overlapping geographic locations. Geolocation maps IP addresses to locations. In the event of requests from unidentifiable locations the response will return an unresolved response.

    For a list of countries on each continent, refer here.

    In the event that a location has been blocked via geolocation restrictions it will also be blocked in the selection list.

  • Private Endpoint: You can use a geolocation routing policy for records in private hosted zones. Select the continent, country, or sub-division closest to the region of your resource.

Create a New Geolocation Policy

  1. In MyJFrog, go to Settings | DNS routing | Geolocation.

    Read and accept the prerequisite and guidelines.

  2. Enter a routing URL, which is the URL of the load balancer.

  3. Define source regions for multiple JPDs.

📘

Note

You can define a minimum of two and maximum of 10 JPDs in different regions.

You may define multiple source regions for a JPD. Each source region is unique for a JPD. There can not be multiple JPDs that have the same or overlapping source regions.

For example, if source region USA is defined to JPD A, you cannot define Virginia to JPD B as it is overlapping. But, you can define three states in USA to three different JPDs as long as you do not define USA as a source to any instance under the policy.

  1. Click Save to save the policy.

Monitor an Existing Geolocation Policy

The status is reflected in the table view in the portal. Once a new policy is added you can see in the table view the routing status changing from Processing to OK, which means the defined routing URL is set and routing traffic based on the defined source regions to each active JPD.

In the event of one of the JPDs being down, traffic routed from the defined source regions will be unresolved and so the routing status will change to ERROR although the other JPDs under the policy might be fine and traffic will continue to be routed to them.

Actions on a Geolocation Policy

You can take the following actions on a geolocation policy.

Edit Geolocation Policy

You can edit your source regions and the defined JPDs but not the routing URL.

In the event you wish to change the routing URL you may create another geolocation policy with a new routing URL over the same JPDs.

  1. In MyJFrog, go to Settings | DNS routing |Geolocation.
  2. Hover over the three-dots menu and select Edit.
  3. Update the topology.
  4. Click Save.
Deactivate Geolocation Policy

You can deactivate a geolocation policy so that it is paused. You can reactivate the policy again at any time.

  1. In MyJFrog, go to Settings | DNS routing |Geolocation.
  2. Hover over the three-dots menu and select Deactivate.
Reactivate Geolocation Policy

  1. In MyJFrog, go to Settings | DNS routing |Geolocation.

  2. Hover over the three-dots menu and select Reactivate.

  3. Click Confirm.

Delete Geolocation Policy

You can delete a geolocation policy. Once you delete, the policy is removed from your subscription.

  1. In MyJFrog, go to Settings | DNS routing |Geolocation.

  2. Hover over the three-dots menu and select Delete.

  3. Click Confirm.

Updated 4 months ago