You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/load-balancer/load-balancer-outbound-connections.md
+11-9Lines changed: 11 additions & 9 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -11,7 +11,7 @@ ms.date: 03/01/2022
11
11
ms.author: allensu
12
12
---
13
13
14
-
# Using Source Network Address Translation (SNAT) for outbound connections
14
+
# Use Source Network Address Translation (SNAT) for outbound connections
15
15
16
16
Certain scenarios require virtual machines or compute instances to have outbound connectivity to the internet. The frontend IPs of a public load balancer can be used to provide outbound connectivity to the internet for backend instances. This configuration uses **source network address translation (SNAT)** to translate virtual machine's private IP into the load balancer's public IP address. SNAT maps the IP address of the backend to the public IP address of your load balancer. SNAT prevents outside sources from having a direct address to the backend instances.
17
17
@@ -21,12 +21,14 @@ The following methods are used to enable outbound connectivity in Azure:
21
21
22
22
| # | Method | Type of port allocation | Production-grade? | Rating |
## <aname="outboundrules"></a>1. Using the frontend IP address of a load balancer for outbound via outbound rules
29
+
:::image type="content" source="./media/load-balancer-outbound-connections/outbound-options.png" alt-text="Diagram of Azure outbound options.":::
30
+
31
+
## <aname="outboundrules"></a>1. Use the frontend IP address of a load balancer for outbound via outbound rules
30
32
31
33
:::image type="content" source="./media/load-balancer-outbound-connections/public-load-balancer-outbound.png" alt-text="Diagram public load balancer with outbound rules.":::
32
34
@@ -52,7 +54,7 @@ If you have Virtual Machine Scale Sets in the backend, it's recommended to alloc
52
54
53
55
For more information about outbound rules, see [Outbound rules](outbound-rules.md).
54
56
55
-
## 2. Associating a NAT gateway to the subnet
57
+
## 2. Associate a NAT gateway to the subnet
56
58
57
59
:::image type="content" source="./media/load-balancer-outbound-connections/nat-gateway.png" alt-text="Diagram of a NAT gateway and public load balancer.":::
58
60
@@ -62,7 +64,7 @@ Using a NAT gateway is the best method for outbound connectivity. A NAT gateway
62
64
63
65
For more information about Azure Virtual Network NAT, see [What is Azure Virtual Network NAT](../virtual-network/nat-gateway/nat-overview.md).
64
66
65
-
## 3. Assigning a public IP to the virtual machine
67
+
## 3. Assign a public IP to the virtual machine
66
68
67
69
:::image type="content" source="./media/load-balancer-outbound-connections/instance-level-public-ip.png" alt-text="Diagram of virtual machines with instance level public IP addresses.":::
68
70
@@ -120,7 +122,7 @@ The following <a name="snatporttable"></a>table shows the SNAT port preallocatio
120
122
| 401-800 | 64 |
121
123
| 801-1,000 | 32 |
122
124
123
-
## Exhausting ports
125
+
## Port exhaustion
124
126
125
127
Every connection to the same destination IP and destination port will use a SNAT port. This connection maintains a distinct **traffic flow** from the backend instance or **client** to a **server**. This process gives the server a distinct port on which to address traffic. Without this process, the client machine is unaware of which flow a packet is part of.
0 commit comments