Share via

How do I know wich Outbound IP is using my Azure Function?

Federico Crovetto 20 Reputation points
2023-08-03T02:35:30.7566667+00:00

Hi. I'm having an issue with my Azure Function wich triggers every 10 minutes (Consumption plan).
I'm doing an https request agains a web service wich runs ok, but this request is suddenly giving a TimeOut error without nothing changing.
If I go and disable the Function App, and then re-enable it, it starts working again. No changes in the code.
At first I thought it may be a firewall blocking the request, but we searched the logs and we stop getting requests at all. As I'm not in charge of the firewall I can't see its full configuration, so I don't know if there is something else that can be bothering the request.

The only thing I can think about is that the outbound ip is changing and that the firewall is not correctly configured.
The trouble is that in order to before reviewing the firewall configuration I would like to know if there is a way to check wich outbound IP is my Azure Function using in that request.

Don't know if it helps, but the Function App is coded in Node.js, and it has App Insights logs enabled. If I go to the logs the only Field I find "useful" is the "Internal Ip" but its always showing 0.0.0.0 so its not really helping. Maybe I need to do some other configuration to get that information?
I'm a bit lost :/

Azure Functions
Azure Functions
An Azure service that provides an event-driven serverless compute platform.
5,936 questions
0 comments
Accepted answer
  1. TP 125.8K Reputation points Volunteer Moderator
    2023-08-03T03:01:09.49+00:00

    Hi Federico,

    You can see the list of possible Outbound IP addresses for your function in the portal by navigating to your Function App, Networking blade, and then under Outbound addresses click ...Show more

    This will open a panel on the right with a list of possible outbound IP addresses that may be used. In rare cases an IP address that is not included on this list may be used. If you need better control over the Outbound IP that is used you can enable VNet integration with a NAT Gateway. This would require you to switch to a different plan since VNet integration isn't supported by Consumption.

    If you want to detect the Outbound IP address that is likely being used at a particular moment from your function code, you may make a call to a public service that will reply with your public IP. For example, in your code you could make a request to https://api.ipify.org?format=json and it will return the public IP address being used for that call.

    Please click Accept Answer if the above was useful. If something is unclear please add a comment below.

    Thanks.

    -TP

    1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. navba-MSFT 27,550 Reputation points Microsoft Employee Moderator
    2023-08-03T12:42:26.8+00:00

    @Federico Crovetto Thanks for getting back.

    I see that you have a follow-up question
    is it possible to make 2 requests to https://api.ipify.org?format=json and get 2 different responses in the same execution?
    Answer: No. Its not possible to get 2 different responses for the 2 subsequent requests done for the sme endpoint url.

    Can the outbound ip change during the function app execution?

    Answer: Note that the outbound IP addresses may undergo changes at any moment if you are using the Consumption or Premium plan due to Autoscale behavior. In the case of a Dedicated plan, the outbound IP address can also change if you perform actions that alter the inbound IP address or modify your Dedicated (App Service) plan pricing tier.

    You can control the IP address of outbound traffic from your functions by using a virtual network NAT gateway to direct traffic through a static public IP address. You can use this topology when running in a Premium plan or in a Dedicated (App Service) plan. Another option is to deploy the function in an App Service Environment.

    The IP addresses displayed for the function app in the portal's networking section are, in fact, the datacenter's outbound IP address. Hence, it is advisable to include the data center (Azure region) of the function app in your allow list. You have the option to obtain a JSON file containing the list of IP addresses for all Azure data centers.
    Refer the datacenter IP details here: https://www.microsoft.com/en-us/download/details.aspx?id=56519

    Also to address your earlier issue about the Timeout, You can try checking the Application Insight Logs for any exceptions during that time. If you don't see anything suspicious, You can isolate the issue by running the Network Troubleshooter as shown below:

    User's image

    And select the below options and see if that helps:

    User's image

    Hope this helps.

    1 person found this answer helpful.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.