Azure Cloud Services (classic) Definition NetworkTrafficRules Schema
Important
Cloud Services (classic) is now deprecated for all customers as of September 1st, 2024. Any existing running deployments will be stopped and shut down by Microsoft and the data will be permanantly lost starting October 2024. New deployments should use the new Azure Resource Manager based deployment model Azure Cloud Services (extended support).
The NetworkTrafficRules node is an optional element in the service definition file that specifies how roles communicate with each other. It limits which roles can access the internal endpoints of the specific role. The NetworkTrafficRules isn't a standalone element; it's combined with two or more roles in a service definition file.
The default extension for the service definition file is .csdef.
Note
The NetworkTrafficRules node is only available using the Azure SDK version 1.3 or higher.
Basic service definition schema for the network traffic rules
The basic format of a service definition file containing network traffic definitions is as follows.
<ServiceDefinition …>
<NetworkTrafficRules>
<OnlyAllowTrafficTo>
<Destinations>
<RoleEndpoint endpointName="<name-of-the-endpoint>" roleName="<name-of-the-role-containing-the-endpoint>"/>
</Destinations>
<AllowAllTraffic/>
<WhenSource matches="[AnyRule]">
<FromRole roleName="<name-of-the-role-to-allow-traffic-from>"/>
</WhenSource>
</OnlyAllowTrafficTo>
</NetworkTrafficRules>
</ServiceDefinition>
Schema Elements
The NetworkTrafficRules node of the service definition file includes these elements, described in detail in subsequent sections in this article:
AllowAllTraffic Element
NetworkTrafficRules Element
The NetworkTrafficRules element specifies which roles can communicate with which endpoint on another role. A service can contain one NetworkTrafficRules definition.
OnlyAllowTrafficTo Element
The OnlyAllowTrafficTo element describes a collection of destination endpoints and the roles that can communicate with them. You can specify multiple OnlyAllowTrafficTo nodes.
Destinations Element
The Destinations element describes a collection of RoleEndpoints that can be communicated with.
RoleEndpoint Element
The RoleEndpoint element describes an endpoint on a role to allow communications with. You can specify multiple RoleEndpoint elements if there are more than one endpoint on the role.
| Attribute | Type | Description |
|---|---|---|
endpointName |
string |
Required. The name of the endpoint to allow traffic to. |
roleName |
string |
Required. The name of the web role to allow communication to. |
AllowAllTraffic Element
The AllowAllTraffic element is a rule that allows all roles to communicate with the endpoints defined in the Destinations node.
WhenSource Element
The WhenSource element describes a collection of roles that can communicate with the endpoints defined in the Destinations node.
| Attribute | Type | Description |
|---|---|---|
matches |
string |
Required. Specifies the rule to apply when allowing communications. The only valid value is currently AnyRule. |
FromRole Element
The FromRole element specifies the roles that can communicate with the endpoints defined in the Destinations node. You can specify multiple FromRole elements if there are more than one role that can communicate with the endpoints.
| Attribute | Type | Description |
|---|---|---|
roleName |
string |
Required. The name for role from which to allow communication. |