1

I have the following situation:

ASE subnet:
192.168.0.0/24

AKS subnet:
192.168.1.0/24

Both subnets are placed inside virtual network 192.168.0.0/8.

I'm using external ASE, and wanted to route traffic between subnets somehow. In my case:

Function app uses internal service which is placed inside AKS, and need to provide internal access from ASE subnet to this services somehow. I tried to add routing table, but not sure how to properly configure it.

DariyN
  • 466
  • 1
  • 6
  • 23

1 Answers1

2

From Microsoft documentation:

Azure routes traffic between all subnets within a virtual network, by default. You can create your own routes to override Azure's default routing.

https://learn.microsoft.com/en-us/azure/virtual-network/tutorial-create-route-table-portal

App Service Environment (ASE), by its nature, is private. Your applications all end up with "app.asename.appserviceenvironment.net".

Apps running on AKS can call any apps on the ASE using the following name: appname.asename.appserviceenvironment.net (assuming they all have the permissions, which is a question by itself).

LMG
  • 1,330
  • 11
  • 21
  • thank you for the explanation. Okay, but how I can connect from ASE to AKS subnet? It seems without special routes it is not possible to do properly. – DariyN Feb 19 '20 at 05:30
  • What’s do you mean by “connect”? Your should be able to reach an app or api from one to the other and vice versa. One thing you could try is to deploy an app on the ASE, go to advanced tools and launch a curl to one of your app/api on aks just to confirm that network wise it is ok. – LMG Feb 19 '20 at 12:03
  • I meant that by default, ASE has one route 0.0.0.0/0 to Internet, and when I'm trying to access AKS internal load balancer which is placed in another subnet, I'm getting TIMEOUT issue, that I cannot reach this address. – DariyN Feb 20 '20 at 06:51
  • How do you try to access AKS internal load balancer? What I would do is to connect to kudu/powershell and do a curl of another app in AKS, using its ip address (just to make sure name resolution is not the issue). – LMG Feb 20 '20 at 14:56
  • I'd tried to access services using tcpping/curl, but with no luck, by unknown reason I cannot reach internal load balancer with address 192.168.1.36 from Web App in ASE environment. – DariyN Feb 21 '20 at 08:32