Azure Function Running in VNet Unable to Connect to Whitelisted Azure Redis Cache
I have an Azure Function that is running in a VNet within a single subnet. I've also set up an Azure Redis Cache that is publicly accessible. Initially, the Azure Function was able to communicate with the Redis Cache without any issues. However, for security purposes, I whitelisted the outbound IPs of the Azure Function in redis cache. Since then, I've been encountering a timeout issue.
Outbound Ip's of Azure function. Function App -> Properties
Subnet information (I don't have any security groups or route tables):
Method: PutKeysAsync error while inserting key: key and value: akhil, Error: The message timed out in the backlog attempting to send because no connection became available (5000ms) - Last Connection Exception: It was not possible to connect to the redis server(s). ConnectTimeout, command=SET, timeout: 5000, inst: 0, qu: 0, qs: 0, aw: False, bw: CheckingForTimeout, rs: NotStarted, ws: Initializing, in: 0, last-in: 0, cur-in: 0, sync-ops: 0, async-ops: 4, serverEndpoint: test-pr-analyzer-redis-cache.redis.cache.windows.net:6380, conn-sec: n/a, aoc: 0, mc: 1/1/0, mgr: 10 of 10 available, clientName: pd1sdwk001NH9(SE.Redis-v2.8.0.27420), IOCP: (Busy=0,Free=1000,Min=1,Max=1000), WORKER: (Busy=2,Free=32765,Min=1,Max=32767), POOL: (Threads=5,QueuedItems=0,CompletedItems=4712,Timers=12), v:
2.8.0.27420 (Please take a look at this article for some common client-side issues that can cause timeouts: https://stackexchange.github.io/StackExchange.Redis/Timeout
Please help me in fixing the issue.
Thanks in advance
Azure Function Running in VNet Unable to Connect to Whitelisted Azure Redis Cache.
Below are the reasons why the Function App may not be accessing the Redis cache.
- If you do not add all Function App outbound IP addresses to the Redis cache firewall, it won't connect.
- If you are using a Consumption plan or a Premium plan, the outbound IP address can change at any time due to autoscaling behaviour. refer the MS Doc for more details
To resolve the issue permanently, ensure you use a virtual network NAT gateway to route traffic from your Function App subnet to the Redis cache. Follow the steps below to establish the connection using the NAT Gateway.
- Create a Vnet and Subnet (In your case, you already created Vnet and Subnets).
- Create a Public IP.
- Create a NAT Gateway with same
VNetandSubnet, and select previously created Public IP at Outbound IP Section.
Once you have created the NAT gateway, the outbound traffic will go through the NAT gateway's IP address. To establish the connection between the Azure Function App and the Redis Cache, ensure that you add the public IP address associated with the NAT gateway in Redis Cache firewall.
NAT Gateway Details
Redis Cache Firewall Settings
After adding the public IP address to the Redis cache Firewall, the Function App is able to communicate with the Redis Cache.
Redis Cache result
Reference: Azure Functions networking options]
Control Azure Functions outbound IP with an Azure virtual network NAT gateway
- After Upgrade Azure Function .Net 8 - How to handle Dependecy Injection from Startup.cs?
- Redirect service (302) in Azure, best possible approach?
- Why the redirect uri has no fragment parameters on the first try?
- Azure function HTTP Request 404 when published to Azure through Docker and Visual Studio
- Running an Azure Function locally results in a worker error
- Azure Function in Consumption Plan Not Triggering (But Works in Premium)
- Spring boot, azure-functions-java-worker and GSON lib compatibility Issue
- Azure Function App - deploy multiple Python functions with different programming models
- Spring Cloud function for Azure is throwing error with Main class is not getting detected with runtime
- Azure Function App using Key Vault with Managed identity not authorised
- TimeTrigger Exception "Could not create BlobContainerClient for ScheduleMonitor."
- Azure Functions unable to start locally: can't find Microsoft.Extensions.Configuration.Abstractions, Version=8.0.0.0
- After importing an Azure Function app into API Management service, how do I view/edit the policy adding the generated host key authorizing calls?
- Azure ShareClient: This request is not authorized to perform this operation
- How to mock DurableTaskClient in unite test and getting error in on ScheduleNewOrchestrationInstanceAsync mocking setup
- Azure Function App Blob trigger using Managed Identity not working
- Azure functions - where to store configuration values
- Azure Function App Listen to Event Hub using Managed Identity
- Azure Functions - using appsettings.json
- Zip deploy of Azure function was a success but Functions in Azure is empty
- Why are logs being duplicated in Azure Functions after migrating to .NET 8 Isolated Worker?
- Uses SQL connection strings from Azure Keyvault in Azure functions
- Azure Functions Core Tools version in VSCode when debugging incorrect and failing (Microsoft.Azure.WebJobs.Script.Grp)
- Returning XML in OkObjectResult in Azure Function
- Azure Functions in a Container: 0 functions found
- .NET 8 ISOLATED Azure Function - Binding attributes not working
- Need guidance on how to create Access Policy for Key Vault in a different group from ARM Template deployment
- Azure Function - Error building configuration in an external startup class
- How to do a durable post call in an ServiceBusTrigger azure function?
- Azure Functions Isolated worker model adding to Azure Storage queue error: System.ObjectDisposedException