Azure Function vnet integrated calls APIM vnet Internal mode

Question

Azure Function vnet integrated calls APIM vnet Internal mode

Lopez Alonso, Luis 186

Hi,

I've configured an APIM in internal VNET mode. I want to call from Azure Function vnet integrated (same vnet as APIM) to APIM.

I've followed instructions on Deploying Azure API Management in an Internal mode (inside VNet) so DNS Private Zones are configured, linked to the VNET and tested from onprem to azure (postman calls to APIM works fine).

My function is pretty easy, an HTTPS call to APIM, works fine on local, but after pushing my function to Azure and test it from Code+Test error 400:"Name or service not known" is happening.

Please, could you help me to understand what I am missing?

Thanks in advance for your support!

Luis

MikeUrnun 9,777 Reputation points Moderator

2023-01-20T20:53:39.59+00:00

Hello @Lopez Alonso, Luis - I'm looking into this issue. At the surface, it seems to be similar to the following thread where the request made by the "Code+Test" feature not being able to access VNET: Azure Function Test/Run returns 'You must have direct network access in order to run your function'
Santhi Swaroop Naik Bukke 595 Reputation points

2023-01-20T21:01:12.8133333+00:00
The error message "Name or service not known" typically indicates that the hostname you are trying to connect to cannot be resolved by the DNS server.

Here are a few possible causes for this issue when making an HTTPS call to an APIM instance from an Azure Function:

The Azure Function is not in the same virtual network as the APIM instance: Make sure that the Azure Function and APIM instances are in the same VNET and subnet.

The service endpoint for the Microsoft.ApiManagement service is not configured: Make sure that the Azure Function has been granted access to the APIM subnet by creating a service endpoint for the Microsoft.ApiManagement service.

The Azure Function's IP address is not in the list of allowed IP addresses in the APIM configuration: Make sure that the Azure Function has been granted access to the APIM instance by adding its IP address to the list of allowed IP addresses in the APIM configuration.

The Azure Function is not using the internal URL of the APIM: Make sure that the Azure Function is calling the internal URL of the APIM, which can be found under the "Networking" tab of the APIM instance in the Azure Portal.

The private endpoint for the APIM instance is not created: Make sure that you have created a private endpoint for the APIM instance in the same VNet and subnet of the Azure Function.

The DNS server of the VNET is not configured to resolve the APIM's hostname: Make sure that the DNS server of the VNET is configured to resolve the hostname of the APIM instance.

You can check the Azure function's application logs for more information about the error. Also, you can try to use the FQDN of the APIM instance instead of the hostname to see if it resolves the issue.

Accepted answer

0 additional answers

Your answer

MikeUrnun 9,777 Reputation points Moderator

2023-01-20T20:53:39.59+00:00

Hello @Lopez Alonso, Luis - I'm looking into this issue. At the surface, it seems to be similar to the following thread where the request made by the "Code+Test" feature not being able to access VNET: Azure Function Test/Run returns 'You must have direct network access in order to run your function'
Santhi Swaroop Naik Bukke 595 Reputation points

2023-01-20T21:01:12.8133333+00:00

The error message "Name or service not known" typically indicates that the hostname you are trying to connect to cannot be resolved by the DNS server.

Here are a few possible causes for this issue when making an HTTPS call to an APIM instance from an Azure Function:

The Azure Function is not in the same virtual network as the APIM instance: Make sure that the Azure Function and APIM instances are in the same VNET and subnet.

The service endpoint for the Microsoft.ApiManagement service is not configured: Make sure that the Azure Function has been granted access to the APIM subnet by creating a service endpoint for the Microsoft.ApiManagement service.

The Azure Function's IP address is not in the list of allowed IP addresses in the APIM configuration: Make sure that the Azure Function has been granted access to the APIM instance by adding its IP address to the list of allowed IP addresses in the APIM configuration.

The Azure Function is not using the internal URL of the APIM: Make sure that the Azure Function is calling the internal URL of the APIM, which can be found under the "Networking" tab of the APIM instance in the Azure Portal.

The private endpoint for the APIM instance is not created: Make sure that you have created a private endpoint for the APIM instance in the same VNet and subnet of the Azure Function.

The DNS server of the VNET is not configured to resolve the APIM's hostname: Make sure that the DNS server of the VNET is configured to resolve the hostname of the APIM instance.

You can check the Azure function's application logs for more information about the error. Also, you can try to use the FQDN of the APIM instance instead of the hostname to see if it resolves the issue.

Answer 1

The error message "Name or service not known" typically indicates that the hostname you are trying to connect to cannot be resolved by the DNS server.

Here are a few possible causes for this issue when making an HTTPS call to an APIM instance from an Azure Function:

The Azure Function is not in the same virtual network as the APIM instance: Make sure that the Azure Function and APIM instances are in the same VNET and subnet.
The service endpoint for the Microsoft.ApiManagement service is not configured: Make sure that the Azure Function has been granted access to the APIM subnet by creating a service endpoint for the Microsoft.ApiManagement service.
The Azure Function's IP address is not in the list of allowed IP addresses in the APIM configuration: Make sure that the Azure Function has been granted access to the APIM instance by adding its IP address to the list of allowed IP addresses in the APIM configuration.
The Azure Function is not using the internal URL of the APIM: Make sure that the Azure Function is calling the internal URL of the APIM, which can be found under the "Networking" tab of the APIM instance in the Azure Portal.
The private endpoint for the APIM instance is not created: Make sure that you have created a private endpoint for the APIM instance in the same VNet and subnet of the Azure Function.
The DNS server of the VNET is not configured to resolve the APIM's hostname: Make sure that the DNS server of the VNET is configured to resolve the hostname of the APIM instance.

You can check the Azure function's application logs for more information about the error. Also, you can try to use the FQDN of the APIM instance instead of the hostname to see if it resolves the issue.

Lopez Alonso, Luis 186 Reputation points

2023-01-23T18:31:22.85+00:00

Thanks!! My problem was that DNS server of the VNET was not configured to resolve APIM's hostname.... Once DNS entry was added, Function App in Code+Test works as expected.

Ton of thanks for your support!!

Share via

Azure Function vnet integrated calls APIM vnet Internal mode

0 additional answers

Your answer