0

I created two virtual machines in Azure. One of them is in Australia South and the other is in Central India. I ran client program in one machine and server program in other machine. There are not able to connect to each other. After a little google search, I created Network Security Group in both VMs and added the following inbound and outbound rule.

Source - Any

Destination - Any

Service - Custom (Any/32000-32200)

Action - Allow

I am connecting to ports in between 32000-32200 in my program, but still the machines are not connecting to each other. I am using Ubuntu Server 16.04 and classic deployment model. I kindly request you to help me out.. I am attaching screenshots of my network security group and output of netstat command.

Network Security Group

netstat

satya
  • 125
  • 5
  • I think you could try to create VPN connection between two Azure instances to get the things done. – katyn12 Apr 28 '17 at 15:03
  • I tried to create a virtual network (present in the Networking section). But it is creating a virtual network at particular location. My VMs are distributed across various locations. How can I connect them using a virtual network? – satya Apr 28 '17 at 16:11

3 Answers3

1

How do you want to connect between them? Because your machines are in different regions then they are in different virtual networks, so there is no direct connectivity between them out of the box. You can set this up one of two ways:

  1. If your application is designed to communicate between client and server over the internet then all you need to do is setup your server with a public IP and then open up the required ports in the Network Security Group and your machines firewall. All communication will be over the public internet so you may want to use SSL etc.

  2. If you want the communication to be over the private network then you'll need to join them up with a VNet to VNet VPN. Because your Vnets are in different regions you can't use VNet peering. Once you setup the VPN you will be able to communicate over the private IPs of the machines. You will still need fm open ports in the NSG and firewall. See this article for how to create the VPN.

Sam Cogan
  • 38,736
  • 6
  • 78
  • 114
  • I am using public IP address of client and server in my program. May I know if this is what you meant by designing to communicate over the internet? Do I need to do anything more in the program to communicate over the internet? I mentioned the NSG entries in my question. Do I need to change any entry in that? – satya Apr 29 '17 at 11:41
  • What I meant by "designed to communicate over the internet" is whether your server application is secure enough to be directly exposed to the internet and your transmission protocol secure. If that is the case then you need to setup your sever with a public IP and make sure you open the required ports in the NSG and server firewall. – Sam Cogan Apr 29 '17 at 11:47
0

Two Vnets in different regions's communication is just like on-premise to Azure. As Sam said, there is no directly connectivity between the two VNet. According to your description, you use Public IP for VM's communication. I suggest you could check as the following ways:

1.Please use you could connect port 32000-32200 from one Azure VM to another VM, you could use telnet to test.

2.Check the result netstat -ant|grep 32000(Linux), please ensure your port is listening on tcp and 0.0.0.0.

3.Open ports on Azure NSG, according to your said, you have added it. Please pay attention to Azure NSG could be associated to VM's NIC or Vnet's subnet.

4.Check your VMs's firewall. If your VM's are Windows OS, you need open ports on Windows Firewall(Inbound rules).

Update:

For a classic VM, you should open ports on Endpoint, more information please refer to this link.

Shui shengbao
  • 3,583
  • 1
  • 11
  • 20
  • Thank you very much for the answer. I am able to ssh from one VM to another VM, but I couldn't telnet from one VM to another VM on port 32000-32200. While running my program, I checked the output of netstat -ant command. The server is showing the status of tcp port 32000 as LISTEN. The client is showing the corresponding status as SYN_SENT. So, I assume the server is listening, but they couldn't establish connection due to some reason. – satya May 01 '17 at 15:41
  • I am able to run the client server program successfully when the two VMs are in same VNet, but I specifically require my client and server to be in two different locations for my experiment. – satya May 01 '17 at 15:48
  • @satya According to your description, it seems NSG blocks your port. For your app, you only open ports 32000-32200? Do you open the ports on server? I suggest you could open all ports on Azure NSG and test again. If possible, could you show me the result of `netstat -ant|grep 32000`. – Shui shengbao May 02 '17 at 01:06
  • I modified my NSG to open all ports. I attached the screenshots of my NSG and netstat command. Although I have mentioned only one server and one client in my question, I actually have 5 nodes at different locations, all connecting to each other. So, please interpret the output of netstat command accordingly. – satya May 02 '17 at 05:12
  • @satya Your ports is not open on Internet. What is your OS type? Do you open port on VM firewall? – Shui shengbao May 02 '17 at 05:17
  • @satya I test in my lab `telnet 52.187.209.92 32001`. I could not access it. Now, you open ports on Azure NSG, I guess maybe VM firewall blocks you. – Shui shengbao May 02 '17 at 05:22
  • I am using Ubuntu Server 16.04 OS on my VM. I thought NSG is the VM firewall. Are they different? May I know how to open ports on VM firewall? – satya May 02 '17 at 05:37
  • Let us [continue this discussion in chat](http://chat.stackexchange.com/rooms/58033/discussion-between-walter-msft-and-satya). – Shui shengbao May 02 '17 at 05:38
  • They are different. – Shui shengbao May 02 '17 at 05:39
  • `sudo ufw status` what is the result? – Shui shengbao May 02 '17 at 05:40
0

Check your application port connection first. If you can't do telnet, then open the port in the firewall on Linux. After that, you can check your application configuration, check whether you are using the right up address and port.

billcyz
  • 1,720
  • 3
  • 13
  • 16