Azure Private Link Service - How many PaaS service a single private link supports

Animesh Kashyap 21 Reputation points
2023-05-30T04:38:46.1433333+00:00

We have a scenario where need to build a private link service to support two different azure PAAS services. paas service will be behind the standard load balancer thst is accessing paas services over private endpoints configured in back end policies.

From the consumer side (different azure subscription) there would be two different private endpoint accessing the two different paas services (behind ILB) over a single private link service hosted at producer.

Similar to the diagram below (https://learn.microsoft.com/en-us/azure/private-link/private-link-service-overview) where-in VMs behind single ILB considered multiple azure paas services

Diagram of Azure private link service.

Please suggest if it is feasible.

Azure Private Link
Azure Private Link
An Azure service that provides private connectivity from a virtual network to Azure platform as a service, customer-owned, or Microsoft partner services.
492 questions
{count} votes

Accepted answer
  1. GitaraniSharma-MSFT 49,391 Reputation points Microsoft Employee
    2023-05-30T17:34:11.5666667+00:00

    Hello @Animesh Kashyap ,

    Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.

    I understand that you would like to know how many PaaS service a single private link supports.

    Private Link Service is able to support up to 1000 Private Endpoints. Depending on how you configure your load balancer rules and your backend pool, all of those Private endpoints connected to that Private Link Service can access the different PaaS services you are making available.

    enter image description here

    Refer: https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/azure-subscription-service-limits#private-link-limits

    A single Private Link Service can be accessed from multiple Private Endpoints belonging to different VNets, subscriptions and/or Active Directory tenants.

    Some considerations on this setup:

    • Existing Private DNS Zones tied to a single service should not be associated with two different Private Endpoints as it will not be possible to properly resolve two different A-Records that point to the same service. However, Private DNS Zones tied to multiple services would not face this resolution constraint.
    • Adding multiple DNS zone groups to a single Private Endpoint is not supported.

    Refer: https://learn.microsoft.com/en-us/azure/private-link/private-endpoint-overview

    https://learn.microsoft.com/en-us/azure/private-link/private-link-service-overview#details

    https://learn.microsoft.com/en-us/azure/private-link/private-endpoint-dns

    Another point to remember here is: One single Private Endpoint supports only 1 resource. To support multiple PaaS services, you will need multiple Private Endpoints.

    So, your following scenario - From the consumer side (different azure subscription) there would be two different private endpoint accessing the two different paas services (behind ILB) over a single private link service hosted at provider. - is feasible.

    Kindly let us know if the above helps or you need further assistance on this issue.


    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.


0 additional answers

Sort by: Most helpful