0

We are deploying kind of micros services developed in .Net core and will be deployed in Azure WebApp

There will be numerous communications between these WebApps.

Now as WebApp is internet facing, all calls between them will go through internet which will have impact on performance.

Apart from ASE (App Service Enviornment), is there any way we can achieve this?

Manish Joisar
  • 1,256
  • 3
  • 23
  • 47
  • 1
    if you're deploying microservices, maybe AKS would be a better fit and you could better control over the comunication between them. – Thiago Custodio Feb 12 '20 at 14:42

2 Answers2

2

Yes you can do that with Access Restriction:

az webapp config access-restriction add --resource-group ResourceGroup --name AppName \
   --rule-name 'IP example rule' --action Allow --ip-address 122.133.144.0/24 --priority 100

https://learn.microsoft.com/en-us/azure/app-service/app-service-ip-restrictions#adding-and-editing-access-restriction-rules-in-the-portal

ps. AKS would probably be a better option for microservices ;)

4c74356b41
  • 69,186
  • 6
  • 100
  • 141
  • Thanks for your reply. Access restriction is about whether webapp can access another webapp or not, How can one webapp can make private call to another within same subscription ? – Manish Joisar Feb 14 '20 at 12:23
  • 1
    just only allow external ip addresses of the other webapp, that would be it – 4c74356b41 Feb 14 '20 at 12:37
  • So you mean to say that if i allow external IP address of other webapp then it will start communicating privately instead of communication over internet ? – Manish Joisar Feb 16 '20 at 15:02
  • 1
    no, what I mean is that nothing else will be able to talk to it, they aren't using internet, anything inside azure will talk through the backbone only – 4c74356b41 Feb 16 '20 at 17:59
  • This approach is more of an IP white-listing. Isn't there any way that to turn all communication via VNET only which essentially brings a private communication? Please correct me if I am wrong. – hiFI Nov 24 '20 at 06:04
0

There are two ways to have communication over private IP between two web app.

  1. Configure regional VNET integration on either or both web app.

  2. Think of having Azure Application gateway before web app one and configure access restriction to allow access to only application gateway subnet. https://learn.microsoft.com/en-us/azure/app-service/app-service-ip-restrictions#set-a-service-endpoint-based-rule

Some other use cases

  1. Use Service fabric if you don't want to expose web application to internet.
  2. You can also think of putting both application as backend to API management. https://learn.microsoft.com/en-us/azure/api-management/api-management-using-with-internal-vnet?tabs=stv2#routing whenever you have application gateway enabled that time app gateway act as interceptor and forwards the traffic hence both of your web app can communicate over a private IP.
Dharman
  • 30,962
  • 25
  • 85
  • 135
Rohit Tatiya
  • 361
  • 2
  • 7