Azure Load Balancer Resource Limits Hit, Ports Exhausted

azure-networking
5,933

find any guidance in the Microsoft docs regarding any resource limits the load balancers might have.

In Azure, the load balancer configuration supports full cone NAT for UDP. Full cone NAT is a type of NAT where the port allows inbound connections from any external host (in response to an outbound request).

For each new outbound connection that a virtual machine initiates, an outbound port is also allocated by the load balancer. The external host sees traffic with a virtual IP (VIP)-allocated port. For scenarios that require a large number of outbound connections, it is recommended to use instance-level public IP addresses so that the VMs have a dedicated outbound IP address for SNAT. This reduces the risk of port exhaustion.

The maximum number of ports that can be used by the VIP or an instance-level public IP (PIP) is 64,000. This is a TCP standard limitation.

More information about Load balancer Source NAT, please refer to the link.

Share:
5,933

Related videos on Youtube

designarti
Author by

designarti

Father & husband, software developer, DIY tinkerer, woodworker, occasional musician, continuous learner, free thinker and a despiser of yard work.

Updated on September 18, 2022

Comments

  • designarti
    designarti almost 2 years

    Found several hundred events in Azure Diagnostics from the past week of the following type:

    Category: LoadBalancerAlertEvent
    OperationName: LoadBalancerAlertEvent
    eventName_s: Resource Limits Hit
    eventDescription_s: Ports exhausted
    ResourceProvider: MICROSOFT.NETWORK
    ResourceType: LOADBALANCERS

    I can't find any guidance in the Microsoft docs regarding any resource limits the load balancers might have. We're not operating a huge site by any stretch, so I'm surprised to find I'm hitting limits of any kind.

    This is for a simple layer-4 Azure Load Balancer with 3 backend virtual machines, a public-facing frontend IP pool with 3 rules. 2 health probes.

  • designarti
    designarti over 7 years
    I think this is it! Our VMs were configured without a public IP address. I just checked our Azure SQL sys.dm_exec_connections and it appears every connection to SQL is going back through the load balancer as well. The web servers also do make outbound calls to the Internet. I'm adding dynamic public IP addresses to all VMs now.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Azure Virtual Machine has no public IP yet can access the internet
Connect to Azure VM on 8080 port
Logs from a site to site connection in Azure
How to assign public IP to VM in VM-scaleset in Azure
Azure VM can't access internet
How to give an Azure SQL DB instance a private IP?
Rate Limit using Azure Application Gateway
Unblocking port 25 limitations in Azure
How do I connect to an Azure SQL Server via an Azure VPN Gateway?
Use Azure Active Directory as RADIUS server for VPN gateway?