You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/load-balancer/load-balancer-outbound-rules-overview.md
+5-5Lines changed: 5 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -64,9 +64,9 @@ API version "2018-07-01" permits an outbound rule definition structured as follo
64
64
65
65
While an outbound rule can be used with just a single public IP address, outbound rules ease the configuration burden for scaling outbound NAT. You can use multiple IP addresses to plan for large-scale scenarios and you can use outbound rules to mitigate [SNAT exhaustion](load-balancer-outbound-connections.md#snatexhaust) prone patterns.
66
66
67
-
Each additional IP address provided by a frontend provides 51,200 ephemeral ports for Load Balancer to use as SNAT ports. While load balancing or inbound NAT rules have a single frontend, the outbound rule expands the frontend notion and allows multiple frontends per rule. With multiple frontends per rule, the quantity of available SNAT ports is multiplied with each public IP address, and large scenarios can be supported.
67
+
Each additional IP address provided by a frontend provides 64,000 ephemeral ports for Load Balancer to use as SNAT ports. While load balancing or inbound NAT rules have a single frontend, the outbound rule expands the frontend notion and allows multiple frontends per rule. With multiple frontends per rule, the quantity of available SNAT ports is multiplied with each public IP address, and large scenarios can be supported.
68
68
69
-
Additionally, you can use a [public IP prefix](https://aka.ms/lbpublicipprefix) directly with an outbound rule. Using public IP prefix provides for easier scaling and simplified white-listing of flows originating from your Azure deployment. You can configure a frontend IP configuration within the Load Balancer resource to reference a public IP address prefix directly. This allows Load Balancer exclusive control over the public IP prefix and the outbound rule will automatically use all public IP addresses contained within the public IP prefix for outbound connections. Each of the IP addresses within the range of the public IP prefix provide 51,200 ephemeral ports per IP address for Load Balancer to use as SNAT ports.
69
+
Additionally, you can use a [public IP prefix](https://aka.ms/lbpublicipprefix) directly with an outbound rule. Using public IP prefix provides for easier scaling and simplified white-listing of flows originating from your Azure deployment. You can configure a frontend IP configuration within the Load Balancer resource to reference a public IP address prefix directly. This allows Load Balancer exclusive control over the public IP prefix and the outbound rule will automatically use all public IP addresses contained within the public IP prefix for outbound connections. Each of the IP addresses within the range of the public IP prefix provide 64,000 ephemeral ports per IP address for Load Balancer to use as SNAT ports.
70
70
71
71
You cannot have individual public IP address resources created from the public IP prefix when using this option as the outbound rule must have complete control of the public IP prefix. If you need more fine grained control, you can create individual public IP address resource from the public IP prefix and assign multiple public IP addresses individually to the frontend of an outbound rule.
72
72
@@ -79,7 +79,7 @@ Use the following parameter to allocate 10,000 SNAT ports per VM (NIC IP configu
79
79
80
80
"allocatedOutboundPorts": 10000
81
81
82
-
Each public IP address from all frontends of an outbound rule contributes up to 51,200 ephemeral ports for use as SNAT ports. Load Balancer allocates SNAT ports in multiples of 8. If you provide a value not divisible by 8, the configuration operation is rejected. If you attempt to allocate more SNAT ports than are available based on the number of public IP addresses, the configuration operation is rejected. For example, if you allocate 10,000 ports per VM and 7 VMs in a backend pool would share a single public IP address, the configuration is rejected (7 x 10,000 SNAT ports > 51,200 SNAT ports). You can add more public IP addresses to the frontend of the outbound rule to enable the scenario.
82
+
Each public IP address from all frontends of an outbound rule contributes up to 64,000 ephemeral ports for use as SNAT ports. Load Balancer allocates SNAT ports in multiples of 8. If you provide a value not divisible by 8, the configuration operation is rejected. If you attempt to allocate more SNAT ports than are available based on the number of public IP addresses, the configuration operation is rejected. For example, if you allocate 10,000 ports per VM and 7 VMs in a backend pool would share a single public IP address, the configuration is rejected (7 x 10,000 SNAT ports > 64,000 SNAT ports). You can add more public IP addresses to the frontend of the outbound rule to enable the scenario.
83
83
84
84
You can revert back to [automatic SNAT port allocation based on backend pool size](load-balancer-outbound-connections.md#preallocatedports) by specifying 0 for number of ports.
85
85
@@ -157,7 +157,7 @@ If you do not wish for the load balancing rule to be used for outbound, you need
157
157
158
158
You can use outbound rules to tune the [automatic SNAT port allocation based on backend pool size](load-balancer-outbound-connections.md#preallocatedports).
159
159
160
-
For example, if you have two virtual machines sharing a single public IP address for outbound NAT, you may wish to increase the number of SNAT ports allocated from the default 1024 ports if you are experiencing SNAT exhaustion. Each public IP address can contribute up to 51,200 ephemeral ports. If you configure an outbound rule with a single public IP address frontend, you can distribute a total of 51,200 SNAT ports to VMs in the backend pool. For two VMs, a maximum of 25,600 SNAT ports can be allocated with an outbound rule (2x 25,600 = 51,200).
160
+
For example, if you have two virtual machines sharing a single public IP address for outbound NAT, you may wish to increase the number of SNAT ports allocated from the default 1024 ports if you are experiencing SNAT exhaustion. Each public IP address can contribute up to 64,000 ephemeral ports. If you configure an outbound rule with a single public IP address frontend, you can distribute a total of 64,000 SNAT ports to VMs in the backend pool. For two VMs, a maximum of 32,000 SNAT ports can be allocated with an outbound rule (2x 32,000 = 64,000).
161
161
162
162
Review [outbound connections](load-balancer-outbound-connections.md) and the details on how [SNAT](load-balancer-outbound-connections.md#snat) ports are allocated and used.
163
163
@@ -199,7 +199,7 @@ When using an internal Standard Load Balancer, outbound NAT is not available unt
199
199
200
200
## Limitations
201
201
202
-
- The maximum number of usable ephemeral ports per frontend IP address is 51,200.
202
+
- The maximum number of usable ephemeral ports per frontend IP address is 64,000.
203
203
- The range of the configurable outbound idle timeout is 4 to 120 minutes (240 to 7200 seconds).
204
204
- Load Balancer does not support ICMP for outbound NAT.
205
205
- Portal cannot be used to configure or view outbound rules. Use templates, REST API, Az CLI 2.0, or PowerShell instead.
0 commit comments