If you have an internal Azure Load Balancer, Azure allows you to make outbound connections by allocating SNAT connections (source network address translation). The number of connections you can make depends on the number of VMs you have backing your load balancer. Each VM receives a preallocated number of SNAT connections. Because of this, it is important to make sure your load balancer is not running out of SNAT connections.
Effects
Outbound connections from your application will fail
Fixes
Blue Matador watches the SnatConnectionCount metric to detect when your Load Balancer fails to allocate a SNAT connection, which is a clear indication that you’ve exhausted the resource. When this happens, you can take the following actions:
- Check to see if outbound requests are failing and causing enough retries to exhaust your connection limit
- Modify your application to use a connection pool for outbound connections
- Assign public IPs to the VMs in your load balancer, making it so they no longer use SNAT connections for outbound requests
Adding more VMs to your backend pool can potentially raise the number of SNAT connections, as long as you stay within your tier in the table published by Azure. However, because moving to a higher tier lowers the number of connections per VM, you can actually lower the total number of SNAT connections you are allowed, making the problem worse. Make sure to always consult this table before adding VMs to your load balancer.
|
Pool size
(VM instances)
|
Preallocated SNAT
ports per VM
|
|
1-50
|
1,024
|
|
51-100
|
512
|
|
101-200
|
256
|
|
201-400
|
128
|
|
401-800
|
64
|
|
801-1,000
|
32
|
