Der Azure Networking Experts,
Our WebApps are frequently running out of outbound TCP connections. Most of the outbound connections are actually Azure-internal connections (SQL, BlobStore, Backend Services). But we don't have Virtual Network and Private Endpoints in place yet.
Could Virtual Network and Private Endpoints help solve our issue? I'd expect that by using internal IP addresses, there's no SNAT IP matching required at all?
I'm unfortunately no expert in networking, but I'm looking at this issue from WebApp-Developer perspective.. (the recommendations for how to save connections, like keepalive etc. are just not enough to fix the issue).. Any advice appreciated, however, we definietly prefer to use managed Azure services like auto-scalable WebApp farms.
SNAT is used when you route outbound traffic through a public load balancer. App service plans are provisioned with public IP addresses and would not need SNAT out of the box. App service plans support vNet integration and can accesses other resources on their private IP addresses if the vnet peering is correctly configured.
Q: Could Virtual Network and Private Endpoints help solve our issue?
A: Yes, it would be a matter of configuring the vnet integration on the App Service plans and configuring private end points on the other azure resources. One might also look to utilize the public IPs of the services rather than putting things behind a load balancer.
Q: I'd expect that by using internal IP addresses, there's no SNAT IP matching required at all?
A: Yes, you should not need any SNAT IP matching.