Merge pull request #298432 from v-thepet/redis7

JamesJBarnett · web-flow · commit 317fafd89dc6 · 2025-04-21T20:16:13.000-07:00
Azure for Redis Cache Freshness #7
diff --git a/articles/azure-cache-for-redis/cache-troubleshoot-connectivity.md b/articles/azure-cache-for-redis/cache-troubleshoot-connectivity.md
@@ -1,127 +1,127 @@
 ---
-title: Troubleshoot connectivity in Azure Cache for Redis
+title: Troubleshoot connectivity
 description: Learn how to resolve connectivity problems when creating clients with Azure Cache for Redis.
 
 
 
 ms.topic: conceptual
-ms.date: 12/12/2023
+ms.date: 04/17/2025
 appliesto:
   - ✅ Azure Cache for Redis
 ms.custom: template-concept, ignite-2024
 ---
 
-# Connectivity troubleshooting
+# Troubleshoot Azure Cache for Redis connectivity
 
-In this article, we provide troubleshooting help for connecting your client application to Azure Cache for Redis. Connectivity issues are divided into two types: intermittent connectivity issues and continuous connectivity issues.
+This article explains how to troubleshoot common issues with connecting your client application to Azure Cache for Redis. Connectivity issues might be caused by intermittent conditions, or by incorrect cache configuration. This article is divided into intermittent issues and cache configuration issues.
 
-- [Intermittent connectivity issues](#intermittent-connectivity-issues)
-  - [Server maintenance](#server-maintenance)
-  - [Number of connected clients](#number-of-connected-clients)
-  - [Kubernetes hosted applications](#kubernetes-hosted-applications)
-  - [Linux-based client application](#linux-based-client-application)
-- [Continuous connectivity issues](#continuous-connectivity)
-  - [Test connectivity using _redis-cli_](#test-connectivity-using-redis-cli)
-  - [Test connectivity using PSPING](#test-connectivity-using-psping)
-  - [Virtual network configuration](#virtual-network-configuration)
-  - [Private endpoint configuration](#private-endpoint-configuration)
-  - [Firewall rules](#third-party-firewall-or-external-proxy)
-  - [Public IP address change](#public-ip-address-change)
-- [Geo-replication using VNet injection with Premium caches](#geo-replication-using-vnet-injection-with-premium-caches)
+**Intermittent connectivity issues**
 
-## Intermittent connectivity issues
+- [Kubernetes-hosted applications](#kubernetes-hosted-applications)
+- [Linux-based client application](#linux-based-client-application)
+- [Number of connected clients](#number-of-connected-clients)
+- [Server maintenance](#server-maintenance)
 
-Your client application might have intermittent connectivity issues caused by events such as patching, or spikes in the number of connections.
+**Cache configuration connectivity issues**
 
-### Server maintenance
+- [Firewall rules](#third-party-firewall-or-external-proxy)
+- [Private endpoint configuration](#private-endpoint-configuration)
+- [Public IP address change](#public-ip-address-change)
+- [Virtual network configuration](#virtual-network-configuration)
 
-Sometimes, your cache undergoes a planned or an unplanned server maintenance. Your application can be negatively affected during the maintenance. You can validate by checking the `Errors (Type: Failover)` metric on your portal. To minimize the effects of failovers, see [Connection resilience](cache-best-practices-connection.md#connection-resilience).
+## Test connectivity
 
-### Number of connected clients
+You can test connectivity by using the Redis command line tool _redis-cli_. For more information on Redis CLI, see [Use the Redis command-line tool with Azure Cache for Redis](cache-how-to-redis-cli-tool.md).
+
+If redis-cli is unable to connect, you can test connectivity by using `PSPING` in Azure PowerShell.
 
-Check if the Max aggregate for `Connected Clients` metric is close or higher than the maximum number of allowed connections for a particular cache size. For more information on sizing per client connections, see [Azure Cache for Redis performance](https://azure.microsoft.com/pricing/details/cache/).
+```azurepowershell-interactive
+psping -q <cachename>:<port>
+```
+
+If the number of sent packets is equal to the number of received packets, there's no drop in connectivity.
+
+## Intermittent connectivity issues
+
+Your client application might have intermittent connectivity issues caused by spikes in the number of connections or by events such as patching.
 
 ### Kubernetes hosted applications
 
-- If your client application is hosted on Kubernetes, check that the pod running the client application or the cluster nodes aren't under memory/CPU/Network pressure. A pod running the client application can be affected by other pods running on the same node and throttle Redis connections or IO operations.
-- If you're using _Istio_ or any other service mesh, check that your service mesh proxy reserves port 13000-13019 or 15000-15019. These ports are used by clients to communicate with a clustered Azure Cache for Redis nodes and could cause connectivity issues on those ports.
+If your client application is hosted on Kubernetes, check whether the cluster nodes or the pod running the client application are under memory, CPU, or network pressure. A pod running the client application can be affected by other pods running on the same node and might throttle Redis connections or IO operations.
+
+If you're using _Istio_ or any other service mesh, make sure that your service mesh proxy reserves ports `13000-13019` or `15000-15019`. Clients use these ports to communicate with nodes in a clustered Azure Redis cache, and could cause connectivity issues on those ports.
 
 ### Linux-based client application
 
-Using optimistic TCP settings in Linux might cause client applications to experience connectivity issues. See [Connection stalls lasting for 15 minutes](https://github.com/StackExchange/StackExchange.Redis/issues/1848#issuecomment-913064646).
+Using optimistic TCP settings in Linux might cause connectivity issues for client applications. For more information, see [TCP settings for Linux-hosted client applications](cache-best-practices-connection.md#tcp-settings-for-linux-hosted-client-applications) and [Connection stalls lasting for 15 minutes](https://github.com/StackExchange/StackExchange.Redis/issues/1848#issuecomment-913064646).
 
-## Continuous connectivity
+### Number of connected clients
 
-If your application can't connect to your Azure Cache for Redis, it's possible some configuration on the cache isn't set up correctly. The following sections offer suggestions on how to make sure your cache is configured correctly.
+Check if the **Max** aggregate for the **Connected Clients** metric is close to or higher than the maximum number of allowed connections for your cache size. For more information on sizing per client connections, see [Azure Cache for Redis performance](https://azure.microsoft.com/pricing/details/cache/).
 
-### Test connectivity using _redis-cli_
+### Server maintenance
 
-Test connectivity using _redis-cli_. For more information on CLI, [Use the Redis command-line tool with Azure Cache for Redis](cache-how-to-redis-cli-tool.md).
+Your cache might undergo planned or unplanned server maintenance that negatively affects your application during the maintenance window. You can verify this issue by checking the **Errors (Type: Failover)** metric on your cache in the Azure portal. To minimize the effects of failovers, see [Connection resilience](cache-best-practices-connection.md#connection-resilience).
 
-### Test connectivity using PSPING
+## Connectivity configuration issues
 
-If _redis-cli_ is unable to connect, you can test connectivity using `PSPING` in PowerShell.
+If your application can't connect to your Azure Redis cache at all, some cache configuration might not be set up correctly. The following sections offer suggestions on how to make sure your cache is configured correctly.
 
-```azurepowershell-interactive
-psping -q <cache DNS endpoint>:<Port Number>
-```
-
-You can confirm the number of sent packets is equal to the received packets. Confirming ensures no drop in connectivity.
+### Firewall rules
 
-### Virtual network configuration
+If you have a firewall configured for your Azure Redis cache, ensure that your client IP address is added to the firewall rules. To check the firewall rules, select **Firewall** under **Settings** in the left navigation menu for your cache page.
 
-Steps to check your virtual network configuration:
+#### Third-party firewall or external proxy
 
-1. Check if a virtual network is assigned to your cache from the "**Virtual Network**" section under the **Settings** on the Resource menu of the Azure portal.
-1. Ensure that the client host machine is in the same virtual network as the Azure Cache for Redis.
-1. When the client application is in a different virtual network (VNet) from your Azure Cache for Redis, both VNets must have VNet peering enabled within the same Azure region.
-1. Validate that the [Inbound](cache-how-to-premium-vnet.md#inbound-port-requirements) and [Outbound](cache-how-to-premium-vnet.md#outbound-port-requirements) rules meet the requirement.
-1. For more information, see [Configure a virtual network - Premium-tier Azure Cache for Redis instance](cache-how-to-premium-vnet.md#how-can-i-verify-that-my-cache-is-working-in-a-virtual-network).
+If you use a third-party firewall or proxy in your network, make sure it allows the Azure Cache for Redis endpoint `*.redis.cache.windows.net` and the ports `6379` and `6380`. You might need to allow more ports when you use a clustered cache or geo-replication.
 
 ### Private endpoint configuration
 
-Steps to check your private endpoint configuration:
+In the Azure portal, check your private endpoint configuration by selecting **Private Endpoint** under **Settings** in the left navigation menu for your cache.
 
-1. `Public Network Access` flag is disabled by default on creating a private endpoint. Ensure that you set the `Public Network Access` correctly. When you have your cache in Azure portal, look under **Private Endpoint** in the Resource menu on the left for this setting.
-1. If you're trying to connect to your cache private endpoint from outside your virtual network of your cache, `Public Network Access` needs to be enabled.
-1. If you delete your private endpoint, ensure that the public network access is enabled.
-1. Verify if your private endpoint is configured correctly. For more information, see [Create a private endpoint with a new Azure Cache for Redis instance](cache-private-link.md#create-a-private-endpoint-with-a-new-azure-cache-for-redis-instance).
-1. Verify if your application is connecting to `<cachename>.redis.cache.windows.net` on port 6380. We recommend avoiding the use of `<cachename>.privatelink.redis.cache.windows.net` in the configuration or the connection string.
-1. To verify that the command resolves to the private IP address for the cache, run a command like `nslookup <hostname>` from within the virtual network (VNet) that is linked to the private endpoint.
-  
-### Firewall rules
+- On the **Private Endpoint** page, ensure that **Enable public network access** is set correctly.
 
-If you have a firewall configured for your Azure Cache for Redis, ensure that your client IP address is added to the firewall rules. You can check **Firewall** on the Resource menu under **Settings** on the Azure portal.
+  - Public network access is disabled by default when you create a private endpoint.
+  - To connect to your cache private endpoint from outside your cache virtual network, you must enable public network access.
+  - If you delete your private endpoint, be sure to enable public network access.
 
-#### Third-party firewall or external proxy
+- Select the link under **Private endpoint** and make sure your private endpoint is configured correctly. For more information, see [Create a private endpoint with a new Azure Cache for Redis instance](cache-private-link.md#create-a-private-endpoint-with-a-new-azure-cache-for-redis-instance).
 
-When you use a third-party firewall or proxy in your network, check that the endpoint for Azure Cache for Redis, `*.redis.cache.windows.net`, is allowed along with the ports `6379` and `6380`. You might need to allow more ports when using a clustered cache or geo-replication.
+- Make sure your application connects to `<cachename>.redis.cache.windows.net` on port `6380`. Avoid using `<cachename>.privatelink.redis.cache.windows.net` in the configuration or the connection string.
 
+- To verify that a command resolves to the private IP address for the cache, run a command like `nslookup <hostname>` from within the virtual network linked to the private endpoint.
+  
 ### Public IP address change
 
-If you configure any networking or security resource to use your cache's public IP address, check to see if your cache's public IP address changed. For more information, see [Rely on hostname not public IP address for your cache](cache-best-practices-development.md#rely-on-hostname-not-public-ip-address).
+If you configure any networking or security resource to use your cache's public IP address, check to see whether your cache's public IP address changed. For more information, see [Rely on hostname not public IP address](cache-best-practices-development.md#rely-on-hostname-not-public-ip-address).
+
+### Virtual network configuration
 
-## Geo-replication using VNet injection with Premium caches
+Check your virtual network configuration as follows:
 
-While it's possible to use virtual network (VNet) injection with your Premium caches, we recommend Azure Private Link.
+- Make sure a virtual network is assigned to your cache. In the Azure portal, select **Virtual Network** under **Settings** in the left navigation menu for your cache.
+- Ensure that the client host machine is in the same virtual network as the cache.
+- If the client application is in a different virtual network from the cache, enable peering for both virtual networks within the same Azure region.
+- Verify that the [Inbound](cache-how-to-premium-vnet.md#inbound-port-requirements) and [Outbound](cache-how-to-premium-vnet.md#outbound-port-requirements) rules meet the port requirements.
 
-For more information, see:
+For more information, see [Configure virtual network support for a Premium Azure Cache for Redis instance](cache-how-to-premium-vnet.md).
 
-- [Migrate from VNet injection caches to Private Link caches](cache-vnet-migration.md)
-- [What is Azure Cache for Redis with Azure Private Link?](cache-private-link.md)
+#### Geo-replication using VNet injection with Premium caches
 
-Geo-replication of caches in virtual network (VNet)s is supported with caveats:
+Geo-replication between caches in the same virtual network is supported. Geo-replication between caches in different virtual networks is supported with the following caveats:
 
-- Geo-replication between caches in the same VNet is supported.
-- Geo-replication between caches in different VNets is also supported.
-  - If the VNets are in the same region, you can connect them using [VNet peering](../virtual-network/virtual-network-peering-overview.md) or a [VPN Gateway VNet-to-VNet connection](../vpn-gateway/vpn-gateway-howto-vnet-vnet-resource-manager-portal.md).
-  - If the VNets are in different regions, geo-replication using VNet peering isn't supported. A client VM in VNet 1 (region 1) isn't able to access the cache in VNet 2 (region 2) using its DNS name because of a constraint with Basic internal load balancers. For more information about VNet peering constraints, see [Virtual Network - Peering - Requirements and constraints](../virtual-network/virtual-network-manage-peering.md#requirements-and-constraints). We recommend using a VPN Gateway VNet-to-VNet connection.
+- If the virtual networks are in the same region, you can connect them using [virtual network peering](/azure/virtual-network/virtual-network-peering-overview) or a [VPN Gateway VNet-to-VNet connection](/azure/vpn-gateway/vpn-gateway-howto-vnet-vnet-resource-manager-portal).
 
-To configure your virtual network (VNet) effectively and avoid geo-replication issues, you must configure both the inbound and outbound ports correctly. For more information on avoiding the most common VNet misconfiguration issues, see [Geo-replication peer port requirements](cache-how-to-premium-vnet.md#geo-replication-peer-port-requirements).
+- If the virtual networks are in different regions, geo-replication using virtual network peering isn't supported. A client virtual machine in `VNet 1` (region 1) can't access a cache in `VNet 2` (region 2) by using its name, because of a constraint with Basic internal load balancers. Instead, use a VPN Gateway VNet-to-VNet connection. For more information about virtual network peering constraints, see [Virtual Network peering requirements and constraints](/azure/virtual-network/virtual-network-manage-peering#requirements-and-constraints).
 
-## Related Content
+To configure your virtual network effectively and avoid geo-replication issues, you must configure both the inbound and outbound ports correctly. For more information on avoiding the most common virtual network misconfiguration issues, see [Geo-replication peer port requirements](cache-how-to-premium-vnet.md#geo-replication-peer-port-requirements).
+
+While it's possible to use virtual network injection with Premium caches, it's preferable to use Azure Private Link. For more information, see:
+
+- [Migrate from `VNet` injection caches to Private Link caches](cache-vnet-migration.md)
+- [What is Azure Cache for Redis with Azure Private Link?](cache-private-link.md)
 
-These articles provide more information on connectivity and resilience:
+## Related content
 
 - [Best practices for connection resilience](cache-best-practices-connection.md)
 - [High availability for Azure Cache for Redis](cache-high-availability.md)
