Fixed errors and corrected grammar and style.

Author: v-miegge

articles/app-service/troubleshoot-intermittent-outbound-connection-errors.md

@@ -13,7 +13,7 @@ ms.custom: security-recommendations
 
 # Troubleshooting intermittent outbound connection errors in Azure App Service
 
-This article helps you troubleshoot intermittent connection errors and related performance issues in [Azure App Service](https://docs.microsoft.com/azure/app-service/overview). This topic will provide more information on and troubleshooting methodologies for a frequent cause of this problem - exhaustion of source address network translation (SNAT) ports. If you need more help at any point in this article, you can contact the Azure experts on the [MSDN Azure and the Stack Overflow forums](https://azure.microsoft.com/support/forums/). Alternatively, you can also file an Azure support incident. Go to the [Azure Support site](https://azure.microsoft.com/support/options/) and select **Get Support**.
+This article helps you troubleshoot intermittent connection errors and related performance issues in [Azure App Service](https://docs.microsoft.com/azure/app-service/overview). This topic will provide more information on, and troubleshooting methodologies for, exhaustion of source address network translation (SNAT) ports. If you require more help at any point in this article, contact the Azure experts at the [MSDN Azure and the Stack Overflow forums](https://azure.microsoft.com/support/forums/). Alternatively, file an Azure support incident. Go to the [Azure Support site](https://azure.microsoft.com/support/options/) and select **Get Support**.
 
 ## Symptoms
 
@@ -26,12 +26,12 @@ Applications and Functions hosted on Azure App service may exhibit one or more o
 
 ## Cause
 
-Frequently, one of the major causes of these symptoms is that the application instance is not able to open a new connection to the external endpoint because it has reached one of the following limits:
+A major cause of these symptoms is that the application instance is not able to open a new connection to the external endpoint because it has reached one of the following limits:
 
-* TCP Connections: There is a limit on the number of outbound connections that can be made that is associated with the size of the worker used.
-* SNAT ports: As discussed in [Outbound connections in Azure](https://docs.microsoft.com/azure/load-balancer/load-balancer-outbound-connections), Azure uses source network address translation (SNAT) and a Load Balancer (not exposed to customers)  to communicate with end points outside Azure in the public IP address space. Each instance on Azure App service initially gets a pre-allocated number of **128** SNAT ports. That limit affects opening connections to the same host and port combination. If your app creates connections to a mix of address and port combinations, then you will not use up your SNAT ports. The SNAT ports are used up when you have repeated calls to the same address and port combination. Once a port has been released, the port is available for reuse as needed. The Azure Network load balancer reclaims SNAT port from closed connections only after waiting for 4 minutes.
+* TCP Connections: There is a limit on the number of outbound connections that can be made. This is associated with the size of the worker used.
+* SNAT ports: As discussed in [Outbound connections in Azure](https://docs.microsoft.com/azure/load-balancer/load-balancer-outbound-connections), Azure uses source network address translation (SNAT) and a Load Balancer (not exposed to customers)  to communicate with end points outside Azure in the public IP address space. Each instance on Azure App service is initially given a pre-allocated number of **128** SNAT ports. That limit affects opening connections to the same host and port combination. If your app creates connections to a mix of address and port combinations, you will not use up your SNAT ports. The SNAT ports are used up when you have repeated calls to the same address and port combination. Once a port has been released, the port is available for reuse as needed. The Azure Network load balancer reclaims SNAT port from closed connections only after waiting for 4 minutes.
 
-When applications or functions rapidly open a new connection, they can quickly exhaust their pre-allocated quota of the 128 ports and are then blocked till a new SNAT port becomes available, either through dynamically allocating additional SNAT ports or through re-use of a reclaimed SNAT port. Applications or functions that are blocked on this inability to create new connections will start experiencing one or more of the issues described in the Symptoms section of this article.
+When applications or functions rapidly open a new connection, they can quickly exhaust their pre-allocated quota of the 128 ports. They are then blocked until a new SNAT port becomes available, either through dynamically allocating additional SNAT ports, or through re-use of a reclaimed SNAT port. Applications or functions that are blocked because of this inability to create new connections will begin experiencing one or more of the issues described in the **Symptoms** section of this article.
 
 ## Avoiding the problem
 
@@ -78,7 +78,7 @@ HTTP Connection Pooling
 
 #### PHP
 
-Although PHP does not support connection pooling, you can try using persistent database connections to your backend server.
+Although PHP does not support connection pooling, you can try using persistent database connections to your back-end server.
 
 * MySQL server
 
@@ -113,23 +113,22 @@ For other environments, review provider or driver specific documents for impleme
 
 ### Additional guidance specific to App Service:
 
-* A [load test](https://docs.microsoft.com/azure/devops/test/load-test/app-service-web-app-performance-test) should simulate real world data in a steady feeding speed. Testing apps and functions under real world stress is a great way to identify and resolve SNAT port exhaustion issues ahead of time.
-* Ensure the backend services can return response quickly. For troubleshooting performance issues with Azure SQL database, review [Troubleshoot Azure SQL Database performance issues with Intelligent Insights](https://docs.microsoft.com/azure/sql-database/sql-database-intelligent-insights-troubleshoot-performance#recommended-troubleshooting-flow).
-* Scale out the App Service plan to more instances. For more information on scaling, see [Scale an app in Azure App Service](https://docs.microsoft.com/azure/app-service/manage-scale-up). Each worker instance in an app service plan is allocated some number of SNAT ports. If you spread your usage across more instances, you might be able to get the SNAT port usage per instance below 100 outbound connections per unique remote endpoint, which is a recommended safe limit.
-* Consider moving to [App Service Environment (ASE)](https://docs.microsoft.com/azure/app-service/environment/using-an-ase), where you have a single outbound IP address just for
-yourself and thus limits for connections and SNAT ports are much higher.
+* A [load test](https://docs.microsoft.com/azure/devops/test/load-test/app-service-web-app-performance-test) should simulate real world data in a steady feeding speed. Testing apps and functions under real world stress can identify and resolve SNAT port exhaustion issues ahead of time.
+* Ensure that the back-end services can return responses quickly. For troubleshooting performance issues with Azure SQL database, review [Troubleshoot Azure SQL Database performance issues with Intelligent Insights](https://docs.microsoft.com/azure/sql-database/sql-database-intelligent-insights-troubleshoot-performance#recommended-troubleshooting-flow).
+* Scale out the App Service plan to more instances. For more information on scaling, see [Scale an app in Azure App Service](https://docs.microsoft.com/azure/app-service/manage-scale-up). Each worker instance in an app service plan is allocated a number of SNAT ports. If you spread your usage across more instances, you might get the SNAT port usage per instance below the recommended limit of 100 outbound connections, per unique remote endpoint.
+* Consider moving to [App Service Environment (ASE)](https://docs.microsoft.com/azure/app-service/environment/using-an-ase), where you are alotted a single outbound IP address, and the limits for connections and SNAT ports are much higher.
 
-Avoiding the outbound TCP limits is an easier problem to solve. The limits are set by the size of your worker. You can see the limits here in [Sandbox Cross VM Numerical Limits - TCP Connnections](https://github.com/projectkudu/kudu/wiki/Azure-Web-App-sandbox#cross-vm-numerical-limits)
+Avoiding the outbound TCP limits is easier to solve, as the limits are set by the size of your worker. You can see the limits in [Sandbox Cross VM Numerical Limits - TCP Connnections](https://github.com/projectkudu/kudu/wiki/Azure-Web-App-sandbox#cross-vm-numerical-limits)
 
 |Limit name|Description|Small (A1)|Medium (A2)|Large (A3)|
 |---|---|---|---|---|
 |Connections|Number of connections across entire VM|1920|3968|8064|
 
-To avoid outbound TCP limits, you can either increase the size of your workers or scale out horizontally.
+To avoid outbound TCP limits, you can either increase the size of your workers, or scale out horizontally.
 
 ## Troubleshooting
 
-Knowing the two types of outbound connection limits and what your app does should make it easier to troubleshoot. If you know that your app makes many calls to the same storage account, you might suspect a SNAT limit. If your app creates a great many calls to endpoints all over the internet, you would suspect you are reaching the VM limit.
+Knowing the two types of outbound connection limits, and what your app does, should make it easier to troubleshoot. If you know that your app makes many calls to the same storage account, you might suspect a SNAT limit. If your app creates a great many calls to endpoints all over the internet, you would suspect you are reaching the VM limit.
 
 If you do not know the application behavior well enough to determine cause quickly, there are some tools and techniques available in App Service to help with that.
 
@@ -139,11 +138,10 @@ You can use [App Service Diagnostics](https://docs.microsoft.com/azure/app-servi
 
 1. To access App Service diagnostics, navigate to your App Service web app or App Service Environment in the [Azure portal](https://portal.azure.com/). In the left navigation, select **Diagnose and solve problems**.
 2. Select Availability and Performance Category
-3. Select SNAT Port Exhaustion tile in the list of available tiles under the category.
-practice is to keep it below 128.
-If you do need it, you can still open a support ticket and the support engineer will get the metric from backend for you.
+3. Select SNAT Port Exhaustion tile in the list of available tiles under the category. The practice is to keep it below 128.
+If you do need it, you can still open a support ticket and the support engineer will get the metric from back-end for you.
 
-Note: Since SNAT port usage is not available as a metric, it is not possible to auto-scale based on SNAT port usage, or configure auto scale based on SNAT ports allocation metric.
+Note that since SNAT port usage is not available as a metric, it is not possible to either auto-scale based on SNAT port usage, or to configure auto scale based on SNAT ports allocation metric.
 
 ### TCP Connections and SNAT Ports
 
@@ -166,10 +164,11 @@ In the case of a SNAT port exhaustion issue, where WebJobs are unable to connect
 
 You cannot change any Azure settings to release the used SNAT ports sooner, as all SNAT ports will be released as per the below conditions and the behavior is by design.
 
-* If either server or client sends FINACK, [SNAT port will be released](https://docs.microsoft.com/azure/load-balancer/load-balancer-outbound-connections#tcp-snat-port-release) after 240 seconds.
-* If an RST is seen, SNAT port will be released after 15 seconds.
-* If idle timeout has been reached, port is released.
+* If either server or client sends FINACK, the [SNAT port will be released](https://docs.microsoft.com/azure/load-balancer/load-balancer-outbound-connections#tcp-snat-port-release) after 240 seconds.
+* If an RST is seen, the SNAT port will be released after 15 seconds.
+* If idle timeout has been reached, the port is released.
 
-Additional information:
+## Additional information
+
 * [SNAT with App Service](https://4lowtherabbit.github.io/blogs/2019/10/SNAT/)
 * [Troubleshoot slow app performance issues in Azure App Service](https://docs.microsoft.com/azure/app-service/troubleshoot-performance-degradation)