0

For networking I'm using new Standard SKU (Load balancer, Public IP addresses, etc.). By default everything is disabled for Public IP Address Standard SKU.

I added the following and got TCP outbound connectivity: 1. NSG - enabled all outbound traffic 2. Load balancer rule - rule for Tcp & disabled SNAT 3. Outbound rule - for Tcp

Now when I remote to VMSS VM instance, I can open "google.com". But "ping google.com" keeps timing out.

I wonder what I should configure to enable ping/tracert to work (they are essential for my service offering)?

(First I created VMSS with default Basic Load Balancer - there everything works, including ping).

ZakiMa
  • 5,637
  • 1
  • 24
  • 48
  • How did you do this`First I created VMSS with default Basic Load Balancer - there everything works, including ping`, could you describe it? the default LB with vmss is standard public LB on my side.afaik, Azure LB does not support ICMP, only TCP and UDP. – Nancy Feb 15 '19 at 09:16
  • Used "az vmss create". It creates with Basic LB. Ping works there. – ZakiMa Feb 15 '19 at 09:26
  • I did `az vmss create` with basic LB, but cannot `ping www.google.com` on the windows vmss instance. Could you verify this? – Nancy Feb 15 '19 at 10:28
  • Yes, i can still ping it =) – ZakiMa Feb 15 '19 at 17:53

1 Answers1

2

Turned out this is a limitation of Load Balancer. According to documentation it should apply for both Basic and Standard Load Balancers. For me Basic does allow ICMP traffic and Standard does not.

This article suggests a few workarounds (using psping instead of ping): https://blogs.msdn.microsoft.com/mast/2014/06/22/use-port-pings-instead-of-icmp-to-test-azure-vm-connectivity/

ZakiMa
  • 5,637
  • 1
  • 24
  • 48