Azure Public IP - inbound connection limitations and metrics

Michael Lvovsky 20 Reputation points Microsoft Employee
2023-04-18T18:32:21.3566667+00:00

Hi, I am trying find out if there is any limit for inbound concurrent connections for a single Azure public IP? And if there is a limit, do I have a way, metric or something else to monitor this number of active connections and track how close this number is to the limit ? Thank you, Michael

Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
8,109 questions
Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
8,021 questions
0 comments No comments
{count} votes

Accepted answer
  1. brtrach-MSFT 16,686 Reputation points Microsoft Employee
    2023-04-18T23:55:02.2333333+00:00

    Boris provided a great answer, which I believe should satisfy your questions. I was concurrently working a response earlier today but got pulled into some meetings, so I apologize for the delay in responding.

    Azure Web Apps do not have a limit on the number of inbound concurrent connections for a single Azure public IP. However, there are some limits on the number of total connections that can be established across the entire VM, which can affect the number of inbound connections that can be established. These limits on the number of total connections that can be established across a web app. These limits are based on the size of the VM that is hosting the web app. For example, for a Basic tier VM, the limit is 240 total connections. For a Standard tier VM, the limit is 600 total connections. For a Premium tier VM, the limit is 3,500 total connections. It's important to note that these limits are for the entire VM, not just for a single web app. So if you have multiple web apps running on the same VM, the total number of connections across all of the web apps cannot exceed the limit for the VM. If you need to increase the connection limit for your web app, you can scale up to a larger VM size that has a higher connection limit. You can also scale out to multiple instances of your web app, which will distribute the connections across multiple VMs and increase the total connection limit. Regarding the monitoring of the number of active connections, Azure provides a metric called "Connections" that can be used to monitor the number of connections across the entire VM. This metric can be used to track how close the number of active connections is to the limit. You can view this metric in the Azure portal or programmatically using Azure Monitor. Please note that the "Connections" metric includes both inbound and outbound connections, so you will need to filter the metric to only show inbound connections. You can do this by using the "Direction" filter in the Azure portal or by using the "direction" parameter in the Azure Monitor API.

    Let Boris or I know if you have further questions or concerns that we can assist you with.

    0 comments No comments

2 additional answers

Sort by: Most helpful
  1. Boris Von Dahle 3,126 Reputation points
    2023-04-18T19:03:47.0166667+00:00

    Hello, There is no specific limit on the number of inbound concurrent connections for a single Azure public IP. However there can be specific limitations on the number of connections depeding on the service you place the public IP on.

    To monitor the number of active connections, you can use Azure Monitor to collect and analyze various metrics related to your Azure resources.

    For each service with a public IP, the monitoring process might be different.

    If you found this answer usefull, please accept it so other users can find the topic.

    Regards

    1 person found this answer helpful.
    0 comments No comments

  2. Michael Lvovsky 20 Reputation points Microsoft Employee
    2023-04-19T06:41:33.94+00:00

    Thanks @brtrach-MSFT @Boris Von Dahle for the answer, was very useful, now I know what to ask next :)

    Actually my public IP is associated with NAT Gateway, and it has limits, up to 2M connections (here)
    I checked the NAT Gateway's metrics and I don't see any relevant metric for inbound connections, only for outbound or inbound bytes and packets. So I want to know how close the current number of connections to the limit. I do know that limit was reached, but only after. then I can see DDOS metrics in my Public IP. My goal is to monitor "the current number of active inbound connections" to prevent DDOS in advance.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.