azureazure-web-app-servicenat

Does the internal load balancer on the App Service still perform the SNAT when it is configured with the NAT gateway?


I'm investigating Socket exceptions thrown in the .NET web app hosted in the Premium Azure Web App (P1V2). Outbound traffic is configured to go through VNET and NAT Gateway (single public IP).

My research leads me to SNAP exhaustion root cause, described in this article https://4lowtherabbit.github.io/blogs/2019/10/SNAT/

According to that article, outgoing App Service traffic goes through the internal load balancer, which providers SNAT.

Question: Does the internal load balancer on the App Service still perform the SNAT when it is configured with the NAT gateway?

I understand that this might be an advanced question, requiring internal knowledge of the App Service architecture. I'm trying to confirm or rule out the possibility of port exhaustion on the internal load balancer with the NAT gateway enabled.

Thank you

enter image description here


Solution

  • If you've configured App Service to route outbound traffic through a VNET and configured a NAT Gateway, the outbound traffic from your app should use the NAT Gateway, which would handle the SNAT. This should bypass the App Service's internal load balancer's SNAT pool and the associated SNAT port limits.