How can I detect SNAT port exhaustion on Azure using Datadog metrics?

Question

Here's a list of DataDog metrics of Azure Load Balancer that are available to use. It seems like

azure.network_loadbalancers.allocated_snat_ports (count) - Total number of SNAT ports allocated within time period,
azure.network_loadbalancers.snat_connection_count (count) - Total number of new SNAT connections created within time period,
azure.network_loadbalancers.used_snat_ports (count) - Total number of SNAT ports used within time period

are the most releveant.

When SNAT port resources are exhausted, outbound flows fail. You could observe failing outbound connections or are advised by support that you're exhausting SNAT ports.

Simply seeing failed connections does not confirm SNAT exhaustion. Seeing the failed connections was a clue we were having an issue but there is no way to confirm SNAT exhaustion w/o a ticket to Microsoft it turns out.

score 0 · Answer 1 · answered Feb 24 '21 at 19:03

0

There is a preview feature that allows you to graph your SNAT port usage and allocation, see:

https://learn.microsoft.com/en-us/azure/load-balancer/load-balancer-standard-diagnostics#how-do-i-check-my-snat-port-usage-and-allocation

answered Feb 24 '21 at 19:03

Shiraz Bhaiji

64,065
34
143
252

That's great, but I'd like to set up an alert system using Datadog. – Ivan Petrov Feb 24 '21 at 20:33

How can I detect SNAT port exhaustion on Azure using Datadog metrics?

1 Answers1