9

Typically, access to Azure workers is done via endpoints that are defined in the service definition. These endpoints, which must be TCP or HTTP(S), are passed through a load balancer and then connected to the actual IP/port of the Azure machines.

My application would benefit dramatically from the use of UDP, as I'm connecting from cellular devices where bytes are counted for billing and the overhead of SYN/ACK/FIN dwarfs the 8 byte packets I'm sending. I've even considered putting my data directly into ICMP message headers. However, none of this is supported by the load balancer.

I know that you can enable ping on Azure virtual machines and then ping them -- http://weblogs.thinktecture.com/cweyer/2010/12/enabling-ping-aka-icmp-on-windows-azure-roles.html.

Is there anything preventing me from using a TCP-based service (exposed through the load balancer) that would simply hand out an IP address and port of an Azure VM address, and then have the application communicate directly to that worker? (I'll have to handle load balancing myself.) If the worker gets shut down or moved, my application will be smart enough to reconnect to the TCP endpoint and ask for a new place to send data.

Does this concept work, or is there something in place to prevent this sort of direct access?

David Pfeffer
  • 38,869
  • 30
  • 127
  • 202

2 Answers2

3

You'd have to run your own router which exposes an input (external) endpoint and then routes to an internal endpoint of your service, either on the same role or a different one (this is actually how Remote Desktop works). You can't directly connect to a specific instance by choice.

There's a 2-part blog series by Benjamin Guinebertière that describes IIS Application Request Routing to provide sticky sessions (part 1, part 2). This might be a good starting point.

Ryan Dunn also talked about http session routing on the Cloud Cover Show, along with a follow-up blog post.

I realize these two examples aren't exactly what you're doing, as they're routing http, but they share a similar premise.

Community
  • 1
  • 1
David Makogon
  • 69,407
  • 21
  • 141
  • 189
  • Does the role not have an externally accessible IP address? – David Pfeffer Apr 18 '11 at 14:50
  • IOW, can I somehow open a UDP port and then connect to it even if the load balancer doesn't support UDP? (Albeit in an nonload-balanced fashion.) – David Pfeffer Apr 18 '11 at 14:51
  • 1
    UDP is not supported without using Windows Azure Connect. So you have only a few choices to get to a specific instance reliably: 1.) write a socket forwarder (see my blog example), 2.) use ARR - good choice for HTTP, or 3.) Use Windows Azure Connect. Only the last example will support UDP however. If UDP is your only goal here, that is your only choice today. – dunnry Apr 18 '11 at 22:04
  • What prevents me from accessing a role instance directly? – David Pfeffer Apr 19 '11 at 14:57
  • The Windows Azure load balancer won't let you direct-connect to a specific instance. All of your role instances are on an isolated VLAN. The only way to direct-connect is with the abovementioned methods. Note: The VLAN rules apply to Azure deployments too: You can't direct connect from a role instance in Deployment A to a role instance in Deployment B. – David Makogon Apr 19 '11 at 17:09
  • What about establishing my own (non-Windows Azure Connect) VPN connection, perhaps with a startup task to rasdial a connection? Any limitation there? – David Pfeffer Apr 19 '11 at 21:48
1

There's a thing called InstanceInputEndpoint which you can use for defining ports on the public IP which will be directed to a local port on a particular VM instance. So you will have a particular port+IP combination which can directly access a particular VM.

  <InstanceInputEndpoint name="HttpInstanceEndpoint" protocol="tcp" localPort="80">
    <AllocatePublicPortFrom>
      <FixedPortRange max="8089" min="8081" />
    </AllocatePublicPortFrom>
  </InstanceInputEndpoint>

More info: http://msdn.microsoft.com/en-us/library/windowsazure/gg557552.aspx

Tim Lovell-Smith
  • 15,310
  • 14
  • 76
  • 93