0

We have three App Services in Azure (API1, API2, API3). API2 is getting data from CosmosDB. API3 is getting data from other CosmosDB. Main API1 calls API2 to get some data. Then using this data calls API3. We have poor performance of API1 and we are trying to figure out why. We noticed that there are too many connections in metrics. Also we have issue with SNAT ports.

We tried to setup these APIs to the same VNet but it doesn't help and we are not sure how to set up it correctly.

Do you have any idea what we should setup?

UPDATE:

Seems like VNet helped us with SNAT ports issue but performance of API was still very poor.

What really helped us was change from Windows to Linux. When all APIs runs on the Linux servers we don't see any connections anymore.

caroo
  • 1
  • 1
  • so youre using ASE ???? – Thomas Sep 18 '20 at 12:05
  • 1
    you are facing SNAT Port exhaustion, you can move your app which is facing this issue into another app service plan or log a support ticket from the top-right from help icon and ask them increase the limit for you. – Hassan Raza Sep 19 '20 at 08:27
  • 1
    I am not using ASE, I tried to setup VNet with 3 subnets and add this VNet to each App Service. But I don't know how to call service to use ip from VNet instead of external one (even I don't know if it is possible to setup). – caroo Sep 19 '20 at 13:07

1 Answers1

0

Not sure what's specific configurations about three APIs on your side. If you want to use IP from Vnet instead of an external one, you can use a separate environment ASE.

Alternatively, you can use a private link to the app service. By using Private Endpoint, you can connect privately to your web app. Read Connect privately to a web app by using Azure Private Endpoint (Preview).

Today, you can secure this connection using VNet service endpoints which keep the traffic within the Microsoft backbone network and allow the PaaS resource to be locked down to just your VNet. However, the PaaS endpoint is still served over a public IP address and therefore not reachable from on-premises through Azure ExpressRoute private peering or VPN gateway. With today’s announcement of Azure Private Link, you can simply create a private endpoint in your VNet and map it to your PaaS resource (Your Azure Storage account blob or SQL Database server). These resources are then accessible over a private IP address in your VNet, enabling connectivity from on-premises through Azure ExpressRoute private peering and/or VPN gateway and keep the network configuration simple by not opening it up to public IP addresses.

For more information, you could read here.

Nancy
  • 26,865
  • 3
  • 18
  • 34