Azure App Service VNET integration and network optimization
Question
An Azure support engineer suggested that I put two app services on the same VNET in order to optimize my traffic. I'm new to VNETs so I'm trying to grok how this works. So far I've successfully added both the app services to the same VNET. However, it's unclear to me if it's "working" or not. I've tried reading the docs but they are incredibly dense and difficult for me to see the forest for the trees. So here's where I'm at:
Based on what I've read it seems like if services are in the same VNET the traffic between them will be routed differently. For example, say I have two services: service1.mydomain.com and service2.mydomain.com . Service 1 makes calls to service 2 via the service2.mydomain.com url. Normally, that traffic would go all the way back out to the internet and back in. But it sounds like just by adding them to the same VNET the traffic is somehow routed differently on an optimized and cheaper path. Is that accurate or is there more configuration required? If so, how can I verify that it's working?
Thanks!
2 answers
solution1
0 2021-06-15 13:42:10
Support is correct. Since both these services are on the same VNET, traffic will not flow outside the VNET and will be optimized. This is because the default routes for all VNETs have a route with a next hop of Virtual Network .
Virtual network: Routes traffic between address ranges within the address space of a virtual network. Azure creates a route with an address prefix that corresponds to each address range defined within the address space of a virtual network. If the virtual network address space has multiple address ranges defined, Azure creates an individual route for each address range. Azure automatically routes traffic between subnets using the routes created for each address range. You don't need to define gateways for Azure to route traffic between subnets. Though a virtual network contains subnets, and each subnet has a defined address range, Azure does not create default routes for subnet address ranges, because each subnet address range is within an address range of the address space of a virtual network.
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-udr-overview
solution2
0 2021-06-22 10:38:30
It depends on the App Service Plan you're using for your App Service. If you're using Azure App Services on an App Service Environment, you'll have your own VNet for routing and it should work like that (I'm not too familiar with ASEs) However, if you're using a Premium or lower tier, VNet integration is only useful for outbound calls, meaning that an App Service will be able to access resources on that VNet, but other integrated App Services are not on that VNet, they are just able to access resources on it as well ( https://docs.microsoft.com/en-us/azure/app-service/web-sites-integrate-with-vnet ). If you want the App Services to be accessed through that VNet you'll need to set up Service Endpoints or Private Endpoints. See https://docs.microsoft.com/en-us/azure/app-service/networking-features for more details
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.