Azure SNAT Port Exhaustion

SNAT port exhaustion can be something hard to visualize in Azure portal, first we need to have a standard loadbalancer, the basic one doesn’t have this feature, for who have the basic loadbalncer it’s necessary to call to Microsoft Support and check your number of snat used, which is really sad.

Something important to keep in mind is, SNAT ports are preallocated per IP configuration and there is some values by default, you can check it the table below:

Once you identify that you need to increase you snat port number, you have two options:

Add more IP to loadbalancer, for example, if you have one loadbalancer with only one public IP with maximun 50 vms or vmss instances behind it, 1024 snat ports are available to use, when you add one more IP this number will be double 2048. The idea here is just take advantage from one more IP and not really use it, you can of course, but you gonna have more connections as well, then add only one new IP can be not enough.
Use Outbound Rules, rather than add more IP’s to loadbalancer create a Outbound pool is also an option, but in that case there is at least few seconds of outage, because you need to disable the implicit outbound rules and then create a outbound pool, between this processes the loadbalancer will not have outbound connection at all.

To mitigate the outage period you can do the fallowing procedure.

Open the Azure portal and go to your loadbalancer and then “Load balancing rules”

Select your rule and disable the “Create implicit outbound rules” option.

As soon you disable the option run the command below to create the outbound pool.

az network lb outbound-rule create --resource-group Test-Adding-Rule-to-SLB --lb-name SLB1 --name outboundrule1 --frontend-ip-configs LoadBalancerFrontEnd --protocol All --idle-timeout 15 --outbound-ports 64000 --address-pool bp

In that way your outage should be really low. If you are a really command line fan, you can also disable step one via command line

az network lb rule update --resource-group yourRGname --lb-name yourLBname --name rulename --disable-outbound-snat true

Should be even faster ????.

You can also check these links below to understand a bit more about SNAT, loadbalancer.

https://docs.microsoft.com/en-us/azure/load-balancer/troubleshoot-outbound-connection#snatexhaust

https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-outbound-connections#snat

https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-multivip-overview

Five Great DevOps Job Opportunities September 16, 2024

A weekly summary of DevOps job opportunities, including a Cloud Services Engineer role at Intel and an engineer role at Parsons Corp.

Cribl Extends Reach of Platform for Routing DevOps Telemetry Data September 13, 2024

Cribl this week added support for multiple additional platforms to its cloud service for collecting and routing telemetry data collected from multiple DevOps tools and platforms.

Aembit Raises $25 Million in Series A Funding for Non-Human Identity and Access Management September 12, 2024

Silver Spring, United States, 12th September 2024, CyberNewsWire

Survey Sees AI and Automation Accelerating Pace of Software Development September 12, 2024

A survey of 555 software executives published this week finds that 75% have seen up to a 50% reduction in development time by implementing various artificial intelligence (AI) and automation technologies.

Criminal IP Teams Up with IPLocation.io to Deliver Unmatched IP Solutions to Global Audiences September 12, 2024

Torrance, United States / California, 12th September 2024, CyberNewsWire

Cloud Cost Optimization: Accounting Principles Meet Engineering Efficiency September 11, 2024

Several techniques blend accounting principles with engineering practices to make cloud cost optimization practical and effective.

Navigating Agile Waters: Why Integrating Copilot Demands Methodological Adjustments September 11, 2024

Changes to agile methodology are inevitable because GenAI and Agile are providing real competitive advantages.

Related Post