Docs
    placeholder_200x200

    If you have an internal Azure Load Balancer, Azure allows you to make outbound connections by allocating SNAT connections (source network address translation). The number of connections you can make depends on the number of VMs you have backing your load balancer. Each VM receives a preallocated number of SNAT connections. Because of this, it is important to make sure your load balancer is not running out of SNAT connections.

     

    Effects


    Outbound connections from your application will fail

     

    Fixes


    Blue Matador watches the SnatConnectionCount metric to detect when your Load Balancer fails to allocate a SNAT connection, which is a clear indication that you’ve exhausted the resource. When this happens, you can take the following actions:

    • Check to see if outbound requests are failing and causing enough retries to exhaust your connection limit
    • Modify your application to use a connection pool for outbound connections
    • Assign public IPs to the VMs in your load balancer, making it so they no longer use SNAT connections for outbound requests

    Adding more VMs to your backend pool can potentially raise the number of SNAT connections, as long as you stay within your tier in the table published by Azure. However, because moving to a higher tier lowers the number of connections per VM, you can actually lower the total number of SNAT connections you are allowed, making the problem worse. Make sure to always consult this table before adding VMs to your load balancer.

    Pool size
    (VM instances)

    Preallocated SNAT
    ports per VM

    1-50

    1,024

    51-100

    512

    101-200

    256

    201-400

    128

    401-800

    64

    801-1,000

    32

     

     

    Resources