User use Azure virtual machine access to other resources, do stress/load testing (very high concurrency), may appear the following situation:
Early test Client VM delay it is normal; Test late Client VM occasionally delay exploding/connection fails, the late high latency appear (30 seconds, for example) the more;
problem analysis
The fundamental reasons of this phenomenon is likely to be SNAT (Source NAT) quantity is too high,
what is a SNAT?
For ASM virtual machine, for reasons of can expand sex, cloud services in each virtual machine is hidden in the cloud services for public VIP, each have their own DIP,
For ARM virtual machine, the default will allocate a public oriented VIP and a DIP, geared to the needs of internal users can customize Settings, not to ARM the virtual machine to distribute public IP,
When the deployment of specific public IP virtual machine access to public resources, the outbound flow through NAT layer (change the DIP and port virtual machine for public oriented VIP and corresponding port, so that the traffic is routed, virtual machine DIP alone won't be able to in the public route),
The process namely SNAT: change source information (source IP address and source port),
SNAT advice?
For each virtual machine for the sake of the overall performance, Azure pre-allocated 160 source port, the virtual machine access to public resources, Azure for the distribution of the session that 160 ports are available, and if there are 160 requests are running at the same time, the request shall Azure distribution since 161 and the new port can be used,
When a user of very high concurrency, Azure allocation of new port speed may not be enough to guarantee every request can timely access to distribution of Azure SNAT port, has not been assigned to the request of the port outbound connection attempt failed/delay may appear high,
solution
The resource manager mode
For ARM deployed virtual machine, can for the NIC NIC configuration public IP through a Portal or create public IP PowerShell, specific operation steps can refer to website: create public IP addresses,
In the Portal within the virtual machine on the corresponding network interface ", click on IP configuration, configure corresponding public IP address,
Classic mode
General solution to this is for the high load of the machine configuration unique public IP - instance level public IP (ILPIP),
For ASM deployed virtual machine, will create the public IP configured for virtual machine ILPIP:
ILPIP (Instance Level Public IP) for the user to the virtual machine provides a unique Public IP, so the user can use this IP direct access to the virtual machine, the outbound flow also need not be SNAT,
Details refer to website: instance level public IP (classic) overview,
Specific configuration method is as follows, specific parameters, please change according to actual condition,
How to retrieve the virtual machine ILPIP information:
ILPIP information to view the virtual machine, run the following PowerShell command, and then observe PublicIPAddress and PublicIPName value:
Get - AzureVM -name FTPInstance - ServiceName FTPService
The expected output:
DeploymentName: FTPService
Name: FTPInstance
Label:
VM: Microsoft.WindowsAzure.Com mands ServiceManagement. Model. PersistentVM
InstanceStatus: ReadyRole
IpAddress: 100.74.118.91
InstanceStateDetails:
PowerState: Started
InstanceErrorCode:
InstanceFaultDomain: 0
InstanceName: FTPInstance
InstanceUpgradeDomain: 0
InstanceSize: Small
The HostName: FTPInstance
AvailabilitySetName:
DNSName: http://ftpservice888.chinacloudapp.cn/
Status: ReadyRole
GuestAgentStatus: Microsoft.WindowsAzure.Com mands ServiceManagement. Model. GuestAgentStatus
Pute ResourceExtensionStatusList: {Microsoft.Com. BGInfo}
PublicIPAddress: 104.43.142.188
PublicIPName: ftpip
NetworkInterfaces: {}
ServiceName: FTPService
OperationDescription: Get - AzureVM
OperationId: 568 d88d2be7c98f4bbb875e4d823718e
OperationStatus: OK
How to an existing virtual machine configuration ILPIP
Run the following PowerShell command (only supports the use of PowerShell configuration ILPIP), the following example for FTPInstance has been built on this virtual machine, a ftpip2 ILPIP:
Get AzureVM - ServiceName FTPService -name FTPInstance | Set - AzurePublicIP - PublicIPName ftpip2 | Update - AzureVM
Configuration ILPIP will restart the virtual machine?
Users may worry about whether this action can lead to restart the virtual machine, business interruption, etc.,
Configuration ILPIP does not lead to restart the virtual machine, after the success of the configuration Cloud Service IP and ILPIP can be used to connect a virtual machine,
Whether it can be reserved/ILPIP set to static?
ILPIP is set to static, suggestion if necessary to deploy the ARM of the virtual machine, and set up the Public IP of the virtual machine (VIP) is a Reserved IP,
Statistics of the existing ILPIP
ILPIP separately measured, the specific price can be reference: IP address details price,
Each subscription can be allocated a maximum of 5 ILPIP Address, however, see the subscription under have been used for many ILPIP only through query every virtual machine to see if a PublicIP Address items, process is time-consuming,
Specific queries PowerShell command is as follows:
$=Get - AzureVM vm - Name - ServiceName XXX XXX
Where $vm. PublicIPAddress ILPIP namely, to facilitate query with a subscription, all the ILPIP, we provide automation in making access to subscribe under all ILPIP script for users to use, after downloading can be run in PowerShell,
More detailed information, you can click here to view,