![]() ![]() VM with instance-level public IP and a standard public load balancerĪny outbound configuration from a load-balancing rule or outbound rules is superseded by NAT gateway. NAT and VM with an instance-level public IP and a standard public load balancerįigure: Virtual Network NAT and VM with an instance-level public IP and a standard public load balancer Direction NAT and VM with a standard public load balancerįigure: NAT gateway and VM with a standard public load balancer DirectionĪny outbound configuration from a load-balancing rule or outbound rules is superseded by NAT gateway. NAT and VM with an instance-level public IPįigure: NAT gateway and VM with an instance level public IP Direction Outbound traffic traverses the NAT gateway. Inbound traffic traverses the load balancer or public IP. The following examples demonstrate co-existence of a load balancer or instance-level public IPs with a NAT gateway. Inbound traffic through a load balancer or instance-level public IPs is translated separately from outbound traffic through NAT gateway. NAT gateway can coexist in the same virtual network as a load balancer and instance-level public IPs to provide outbound and inbound connectivity seamlessly. NAT gateway, load balancer and instance-level public IPs are flow direction aware. Coexistence of outbound and inbound connectivity There's no down time on outbound connectivity after adding NAT gateway to a subnet with existing outbound configurations. ![]() ![]() All new outbound initiated and return traffic starts using NAT gateway. In the presence of other outbound configurations within a virtual network, such as Load balancer or instance-level public IPs (IL PIPs), NAT gateway takes precedence for outbound connectivity. NAT gateway becomes the default route to the internet after association to a subnet. No additional routing configurations are required to start connecting outbound with NAT gateway. Outbound connectivity takes place right away upon deployment of a NAT gateway with a subnet and at least one public IP address. NAT gateway is recommended for all production workloads where you need to connect to a public endpoint over the internet. See a list of available Azure services that are supported by Private Link. Private Link uses the private IP addresses of your virtual machines or other compute resources from your Azure network to directly connect privately and securely to Azure PaaS services over the Azure backbone. Private Link should be used when possible to connect to Azure PaaS services in order to free up SNAT port inventory. When you bypass the internet to connect to other Azure PaaS services, you free up SNAT ports and reduce the risk of SNAT port exhaustion. Connect to Azure services with Private LinkĬonnecting from your Azure virtual network to Azure PaaS services can be done directly over the Azure backbone and bypass the internet. Review this section to familiarize yourself with considerations for designing virtual networks with NAT gateway.
0 Comments
Leave a Reply. |