Merge pull request #311764 from halkazwini/afd-uni

AFD Unitcast

Author: v-regandowner

articles/frontdoor/front-door-faq.yml

@@ -6,7 +6,7 @@ metadata:
   ms.author: halkazwini
   ms.service: azure-frontdoor
   ms.topic: faq
-  ms.date: 11/05/2025
+  ms.date: 02/24/2026
 title: Azure Front Door frequently asked questions (FAQ) 
 summary : |
   This article provides answers to the most frequently asked questions about Azure Front Door features and functionality. If you don't see the answer to your question, you can contact us through the following channels (in escalating order):
@@ -148,9 +148,9 @@ sections:
           No. For security, Azure Front Door supports only managed identity-based authentication when accessing certificates in Key Vault. For more information, see [Use managed identities in Azure Front Door](managed-identity.md).
 
       - question: |
-          Does Azure Front Door support managed identity with Azure Event Hub?
+          Does Azure Front Door support managed identity with Azure Event Hubs?
         answer: |
-          No. Azure Front Door doesn't currently support managed identity integration with Azure Event Hub.
+          No. Azure Front Door doesn't currently support managed identity integration with Azure Event Hubs.
 
       - question: |
           Does Azure Front Door support custom error pages?
@@ -195,13 +195,13 @@ sections:
   - name: Front Door IP addresses and service tags
     questions:
       - question: |
-          Does the anycast IP of my Front Door remain the same throughout its lifetime?
+          What name resolution and routing method does Azure Front Door use?
         answer:  |
-          The IP address of your Front Door's frontend anycast is fixed and might not change as long as you use the Front Door. However, the fixed IP address of your Front Door's frontend anycast isn't a guarantee. Avoid relying on the IP directly. To stay informed and take appropriate action during any changes to IP addresses, develop automation to regularly fetch the latest IP addresses using [the Service Tag Discovery API or JSON file](../virtual-network/service-tags-overview.md#service-tags-on-premises).
+          Azure Front Door is in the process of switching from Anycast to unicast routing for name resolution and routing the requests to the optimal [PoP](/azure/frontdoor/edge-locations-by-region) location. This switch will happen through March - April 2026. Once the switch is complete, Unicast will replace Anycast for the entire Front Door infrastructure.
       - question: |
-          Does Azure Front Door offer static or dedicated IPs?
+          How does Azure Front Door use unicast routing?
         answer:  |
-          Azure Front Door is a dynamic service that routes traffic to the best available backend. It doesn't offer static or dedicated frontend anycast IPs at this time.
+          A name resolution request for an origin behind Azure Front Door lands on Front Door's Traffic Manager endpoint. Front Door's Traffic Manager profiles consume numerous health and availability signals from the [PoPs](/azure/frontdoor/edge-locations-by-region) worldwide. Based on these signals, the unicast IP address of the optimal Front Door PoP is returned. The request is then made directly to the IP address returned, which follows the Front Door [routing architecture](/azure/frontdoor/front-door-routing-architecture?pivots=front-door-standard-premium) to return the response back to the user or application.
       - question: |
           What are the network service tags that Front Door supports?
         answer:  |

articles/frontdoor/front-door-routing-architecture.md

@@ -6,39 +6,43 @@ author: halkazwini
 ms.author: halkazwini
 ms.service: azure-frontdoor
 ms.topic: concept-article
-ms.date: 09/25/2025
+ms.date: 02/24/2026
 zone_pivot_groups: front-door-tiers
 ---
 
 # Routing architecture overview
 
 Azure Front Door traffic routing takes place over multiple stages. First, traffic is routed from the client to the Front Door. Then, Front Door uses your configuration to determine the origin to send the traffic to. The Front Door web application firewall, routing rules, rules engine, and caching configuration can all affect the routing process.
 
-The following diagram illustrates the routing architecture:
-
 ::: zone pivot="front-door-standard-premium"
 
-![Diagram that shows the Front Door routing architecture, including each step and decision point.](media/front-door-routing-architecture/routing-process-standard-premium.png)
+The following diagram illustrates the routing architecture:
+
+:::image type="content" source="media/front-door-routing-architecture/routing-process-standard-premium.png" alt-text="Diagram that shows the Front Door routing architecture, including each step and decision point." lightbox="media/front-door-routing-architecture/routing-process-standard-premium.png":::
 
 ::: zone-end
 
 ::: zone pivot="front-door-classic"
 
 [!INCLUDE [Azure Front Door (classic) retirement notice](../../includes/front-door-classic-retirement.md)]
 
-![Diagram that shows the Front Door routing architecture, including each step and decision point.](media/front-door-routing-architecture/routing-process-classic.png)
+The following diagram illustrates the routing architecture:
+
+:::image type="content" source="media/front-door-routing-architecture/routing-process-classic.png" alt-text="Diagram that shows the Front Door routing architecture, including each step and decision point." lightbox="media/front-door-routing-architecture/routing-process-classic.png":::
 
 ::: zone-end
 
 The following sections describe these steps in detail.
 
-## Select and connect to the Front Door edge location
+::: zone pivot="front-door-standard-premium"
 
-The user or client application initiates a connection to the Front Door. The connection terminates at an edge location closest to the end user. Front Door's edge location processes the request.
+## Name resolution by Azure Front Door's Traffic Manager profile returns PoP unicast IP
 
-For more information about how requests are made to Front Door, see [Front Door traffic acceleration](front-door-traffic-acceleration.md).
+The user or client application initiates a connection to the origin behind Azure Front Door. The domain name resolves to the Front Door's Azure Traffic Manager endpoint. The Traffic Manager consumes health and availability signals from all the Front Door PoPs across the world. It determines the optimal PoP to serve the request and returns the unicast IP of that PoP.
 
-::: zone pivot="front-door-standard-premium"
+## Connect to Azure Front Door PoP Unicast IP
+
+Client makes a direct connection to the returned IP address of the Front Door PoP location.
 
 ## Match request to a Front Door profile
 
@@ -48,6 +52,12 @@ When Front Door receives an HTTP request, it uses the request's `Host` header to
 
 ::: zone pivot="front-door-classic"
 
+## Select and connect to the Front Door edge location
+
+The user or client application initiates a connection to the Front Door. The connection terminates at an edge location closest to the end user. Front Door's edge location processes the request.
+
+For more information about how requests are made to Front Door, see [Front Door traffic acceleration](front-door-traffic-acceleration.md).
+
 ## Match request to a front door
 
 When Front Door receives an HTTP request, it uses the request's `Host` header to match the request to the correct customer's Front Door instance. If the request is using a [custom domain name](front-door-custom-domain.md), the domain name must be registered with Front Door to enable requests to get matched to your Front door.

articles/frontdoor/front-door-traffic-acceleration.md

@@ -6,7 +6,7 @@ author: johndowns
 ms.author: jodowns
 ms.service: azure-frontdoor
 ms.topic: concept-article
-ms.date: 08/31/2023
+ms.date: 02/24/2026
 zone_pivot_groups: front-door-tiers
 ---
 
@@ -24,8 +24,6 @@ Front Door optimizes the traffic path from the end user to the origin server. Th
 
 Front Door optimizes the traffic path from the end user to the backend server. This article describes how traffic is routed from the user to Front Door and from Front Door to the backend.
 
-::: zone-end
-
 ## Select the Front Door edge location for the request (Anycast)
 
 Globally, [Front Door has over 150 edge locations](edge-locations-by-region.md), or points of presence (PoPs), located in many countries/regions. Every Front Door PoP can serve traffic for any request.
@@ -38,34 +36,51 @@ The outer ring is the preferred target for all traffic, and the inner ring is de
 
 Front Door's architecture ensures that requests from your end users always reach the closest Front Door edge locations. If the preferred Front Door edge location is unhealthy, all traffic automatically moves to the next closest edge location.
 
+::: zone-end
+
+::: zone pivot="front-door-standard-premium"
+
+## Select the Front Door edge location for the request (Unicast)
+
+Azure Front Door has edge locations or points of presence (PoPs) worldwide. Every Front Door PoP can serve traffic for any request.
+Traffic routed to the Azure Front Door edge locations uses Unicast for both DNS (Domain Name System) and HTTP (Hypertext Transfer Protocol) traffic. Unicast routing in combination with Azure Front Door's Traffic Manager based load management architecture, allows the request to reach the optimal PoP location directly using the unicast IP. This architecture offers better round-trip times for end users by maximizing the benefits of Split TCP.
+
+Front Door organizes its edge locations into primary and fallback rings. The outer ring has edge locations that are closer to users, offering lower latencies. The inner ring has edge locations that can handle the failover for the outer ring edge location in case any issues happen.
+The outer ring is the preferred target for all traffic, and the inner ring is designed to handle traffic overflow from the outer ring. Each frontend host or domain served by Front Door gets assigned primary and fallback VIPs (Virtual Internet Protocol addresses), which gets announced by edge locations in both the inner and outer ring.
+Front Door's architecture ensures that requests from your end users always reach the optimal Front Door edge locations. If the preferred Front Door edge location is unhealthy, all traffic automatically moves to the next optimal edge location.
+
 ## Connect to the Front Door edge location (Split TCP)
 
 [Split TCP](https://en.wikipedia.org/wiki/Performance-enhancing_proxy) is a technique to reduce latencies and TCP problems by breaking a connection that would incur a high round-trip time into smaller pieces.
 
-::: zone pivot="front-door-standard-premium"
-
 Split TCP enables the client's TCP connection to terminate inside a Front Door edge location close to the user. A separate TCP connection is established to the origin, and this separate connection might have a large round-trip time (RTT).
 
 The following diagram illustrates how three users, in different geographical locations, connect to a Front Door edge location close to their location. Front Door then maintains the longer-lived connection to the origin in Europe:
 
-![Diagram illustrating how Front Door uses a short TCP connection to the closest Front Door edge location to the user, and a longer TCP connection to the origin.](media/front-door-traffic-acceleration/split-tcp-standard-premium.png)
+:::image type="content" source="media/front-door-traffic-acceleration/split-tcp-standard-premium.png" alt-text="Diagram illustrating how Front Door uses a short TCP connection to the closest Front Door edge location to the user, and a longer TCP connection to the origin.":::
 
 Establishing a TCP connection requires 3-5 roundtrips from the client to the server. Front Door's architecture improves the performance of establishing the connection. The "short connection" between the end user and the Front Door edge location means the connection gets established over 3-5 short roundtrips instead of 3-5 long round trips, which results in saving latency. The "long connection" between the Front Door edge location and the origin can be pre-established and then reused across other end users requests save connectivity time. The effect of Split TCP is multiplied when establishing a SSL/TLS (Transport Layer Security) connection, because there are more round trips to secure a connection.
 
 ::: zone-end
 
 ::: zone pivot="front-door-classic"
 
+## Connect to the Front Door edge location (Split TCP)
+
+[Split TCP](https://en.wikipedia.org/wiki/Performance-enhancing_proxy) is a technique to reduce latencies and TCP problems by breaking a connection that would incur a high round-trip time into smaller pieces.
+
 Split TCP enables the client's TCP connection to terminate inside a Front Door edge location close to the user. A separate TCP connection is established to the backend, and this separate connection might have a large round-trip time (RTT).
 
 The following diagram illustrates how three users, in different geographical locations, connect to a Front Door edge location close to their location. Front Door then maintains the longer-lived connection to the backend in Europe:
 
-![Diagram illustrating how Front Door uses a short TCP connection to the closest Front Door edge location to the user, and a longer TCP connection to the backend.](media/front-door-traffic-acceleration/split-tcp-classic.png)
+:::image type="content" source="media/front-door-traffic-acceleration/split-tcp-standard-premium.png" alt-text="Diagram illustrating how Front Door uses a short TCP connection to the closest Front Door edge location to the user, and a longer TCP connection to the origin.":::
 
 Establishing a TCP connection requires 3-5 roundtrips from the client to the server. Front Door's architecture improves the performance of establishing the connection. The "short connection" between the end user and the Front Door edge location means the connection gets established over 3-5 short roundtrips instead of 3-5 long round trips, which results in saving latency. The "long connection" between the Front Door edge location and the backend can be pre-established and then reused across other end users requests save connectivity time. The effect of Split TCP is multiplied when establishing a SSL/TLS (Transport Layer Security) connection, because there are more round trips to secure a connection.
 
 ::: zone-end
 
-## Next steps
+## Next step
+
+> [!div class="nextstepaction"]
+> [Front Door routing architecture](front-door-routing-architecture.md)
 
-- Learn about the [Front Door routing architecture](front-door-routing-architecture.md).