Skip to content

Commit 7953e50

Browse files
ShannonLeavittShannonLeavitt
authored
Merge pull request #115166 from anavinahar/patch-244
Update load-balancer-outbound-connections.md
2 parents dfb9f93 + 45095fa commit 7953e50

File tree

1 file changed

+4
-0
lines changed

1 file changed

+4
-0
lines changed

articles/load-balancer/load-balancer-outbound-connections.md

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -253,6 +253,10 @@ When you apply an NSG to a load-balanced VM, pay attention to the [service tags]
253253

254254
If an NSG blocks health probe requests from the AZURE_LOADBALANCER default tag, your VM health probe fails and the VM is marked down. Load Balancer stops sending new flows to that VM.
255255

256+
## Connections to Azure Storage in the same region
257+
258+
Having outbound connectivity via the scenarios above is not necessary to connect to Storage in the same region as the VM. If you do not want this, use network security groups (NSGs) as explained above. For connectivity to Storage in other regions, outbound connectivity is required. Please note that when connecting to Storage from a VM in the same region, the source IP address in the Storage diagnostic logs will be an internal provider address, and not the public IP address of your VM. If you wish to restrict access to your Storage account to VMs in one or more Virtual Network subnets in the same region, use [Virtual Network service endpoints](../virtual-network/virtual-network-service-endpoints-overview.md) and not your public IP address when configuring your storage account firewall. Once service endpoints are configured, you will see your Virtual Network private IP address in your Storage diagnostic logs and not the internal provider address.
259+
256260
## Limitations
257261
- Web Worker Roles without a VNet and other Microsoft platform services can be accessible when only an internal Standard Load Balancer is used due to a side effect from how pre-VNet services and other platform services function. Do not rely on this side effect as the respective service itself or the underlying platform may change without notice. You must always assume you need to create outbound connectivity explicitly if desired when using an internal Standard Load Balancer only. The [default SNAT](#defaultsnat) scenario 3 described in this article is not available.
258262

0 commit comments

Comments
 (0)