Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 2 years ago.
Improve this question
I am working on an architecture on azure where I need to create 3 private subnets where I have a bunch of vms with private address only and no public address but I want them to contact outside for updates and all but none in outside world can contact them (normal private subnet thing). In aws it is really easy as we just have to define a nat gateway and place it in public subnet also there are bunch of information on internet on how to do it but almost nothing for Azure. May be there is no concept or terminology like different subnets on Azure.
How I am planning to do it on Azure
Make a nat gateway and attach
to all private subnets.
Define a NSG where I will only define
outbound traffic to 0.0.0.0/0 and no inbound from it.
Default routes
Is this the right way to do it? any suggestions?
I believe you can attach a NAT Gateway to the Vnet and the outbound network flow will automatically default to the NAT gateway without requiring any other changes.
From one of the Azure NAT Gateway pages:
NAT gateways are defined with a property on a subnet within a virtual network. Flows created by virtual machines on subnet subnetname of virtual network vnetname will use the NAT gateway. All outbound connectivity will use the IP addresses associated with natgatewayname as the source IP address.
So, if the documentation is accurate, you should only have to create the NAT Gateway, associate it to the subnet(s) and the outbound flows will automatically use the NAT Gateway for outbound.
Related
Closed. This question is not about programming or software development. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 5 months ago.
Improve this question
I am trying to setup a private AKS cluster which I want to manage from a user laptop using kubectl. I have tried to create a simple setup with one vNET, Azure VPN gateway with OpenVPN configuration, where the VPN Gateway is attached to one subnet of the vNET and AKS is configured via Azure CNI to live in another subnet of the same vNET. I have expected that this is all I would need to get manage the cluster as long as I am connected to the VPN (I understood that all subnets on a vNET are routed by default). But when I try to use kubectl I get Unable to connect to the server: dial tcp: lookup : no such host My network knowledge does not go too deep unfortunately, but should this just work? I mean it all lives within the same vNET. Thank you.
My setup is very similar and I ran into the same situation. This was a DNS issue for me.
If you have a private DNS zone with your private AKS cluster (should be in the resource group which was created for the AKS private cluster), go find the DNS record and IP address for the API server. Put that IP address into your hosts file (/etc/hosts if on linux or WSL) with the fully qualified domain name, then try your kubectl commands again.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 9 months ago.
Improve this question
I am using Azure App Service with P1V3 App Services Plan so that I can make use of Private Endpoint and vNET integration. vNET integration is configured on a subnet with NAT Gateway attached.
When my application calls outbound, my goal is to control the outbound IP and my expectation is, it should show the NAT ip as outbound ip. But, it does not! Here is my sample code-
App (.Net Core 3.1) is deployed in app service and I see IPV6 as outbound ip? Any idea why I am not seeing IPV4 (NAT ip)? You can see the result by accessing this url- https://whois.aspnet4you.com/api/values/getclientipv2
This is the network configuration at the moment-
Subnet looks like-
Outgoing ip showing here-
I want to give credit to Sakaldeep Yadav for his blog post- https://www.linkedin.com/pulse/integrate-azure-web-app-nat-gateway-vnet-get-static-outbound-yadav/
Here is what I did to solve the issue-
Add vNET Integration to app service as you do normally.
Removed all the services from Endpoint Service section at the Subnet. This was the culprit! If you add services to endpoint service specially Microsoft.Web, traffic is routed through Azure backbone and as RithwikBojja-MT explained you get to see ipv6 as outbound address.
This is how your subnet should look like- you don't manually add subnet delegation, it is added when you add the subnet to app service vNet integration. Now I can see NAT ip as outbound ip. Try it- https://whois.aspnet4you.com/api/values/getclientipv2
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 2 years ago.
Improve this question
I have Ubuntu running on a Microsoft Azure's virtual machine. I have a docker container running on it, and it has a web server attached to it. (Running on 172.17.0.1:80)
Now I'm trying to make it accessible publicly, using the Azure's public IP
In the Networking settings, I have tried to create an inbound port rule
But it's not working...
I've tried tracert to see where my ping goes when I try to connect to the IP, with no result.
I've done basic port routing in the past, but I can't figure out why this one is not working...
I just want to type 13.94.212.10 on my personal connection, and access the website.
Thank you in advance
If you want to access the application on your Azure VM publicly with its public Ip address.
You could whitelist you client public IP in the NSG rule like, add the client public IP in the Source IP addresses.
Please note that
If you specify an address for an Azure resource, specify the private
IP address assigned to the resource. Network security groups are
processed after Azure translates a public IP address to a private IP
address for inbound traffic, and before Azure translates a private IP
address to a public IP address for outbound traffic.
Read https://learn.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview#security-rules
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 4 years ago.
Improve this question
Whenever I create a new amazon EC2 instance(linux or windows), in addition to public IP there is also private IP assigned to it.
We use public IP to access resources on that instance. Resources like tomcat etc...
What is the exact purpose of private IP provided for that instance?
The primary reason to use primary IP of a EC2 instance is to route the traffic internally within your subnet or VPC. If you have two instances instA and instB in the same VPC:
If you use the private IP to communicate, traffic will stay within the VPC, it will not be routed out, the routing table will route it internally
If you use the public IP to communicate, traffic will go out to internet (through NAT or internet gateway) and come back to your VPC. This unnecessary roundtrip can be avoided if you use the private IP
Since private IP is internal, it is more secure since there is no chance for third party to inspect/inject the traffic
No data transfer charge if the traffic stays internal to VPC (and same availability zone). But if data flows out of VPC, you need to pay for data xfer charge
Unless you expect your instance to accept traffic from outside, you should not launch your instances in public subnet or assign public IPs to it
Every Amazon EC2 instance has a Private IP address that belongs to the VPC and Subnet in which it was launched.
Instances can optionally also receive a Public IP address so that it is reachable from outside the VPC. This IP address might change if the instance stops and starts. Alternatively, you can use an Elastic IP Address that remains static.
If your instances within the same VPC are communicating with each other, they should always use the Private IP address. This is faster, cheaper and more secure.
Only use a Public IP address when communicating with the instance from outside the VPC.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 5 years ago.
Improve this question
Here is what I am trying to achieve:
I created two Linux VMs in same virtual network (same subnet)
These two VMs don't any public IP address. For security, I don't want to have any public IP associated with them.
However, I need ssh into those VMs. Since, they just have private IP and not public IP addresses, I am setting up a load balancer with public IP.
Now I am using inbound NAT rules to redirect SSH traffic to those VMs.
When I add first NAT rules, it gives me a choice to choose VM to where I want to redirect the traffic to. So all is good so far.
However, when I try to add one more NAT rule, portal UI doesn't provide me any option to choose other VM. It adds the rule against the same VM.
Is there anything am I missing? Is it supposed to work differently? I also tried add multiple virtual machines to backend pool. That also doesn't let me add more than one VM.
Should I put two VMs in VM Scaleset or Availability set?
In Azure, we can use Load balancer with a single standalone VM, also we can use Load Balancer with multiple VMs in an availability set.
If you want to use Load Balancer NAT to multiple VMs, we should re-create VMs in same availability set.
In Azure Resource Module, we can delete VMs and keep the VHD, then use PowerShell to create VMs in the same availability set. (Re-create)