Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,775 questions
Why is the route configuration dropping on my vNet?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(131.20000000000002, 22%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EWW%3C/text%3E%3C/svg%3E)
William Willis
0
Reputation points
I'm having an issue that I can't figure out, and after 45 minutes with Azure support still couldn't find the issue. I'll try to give the best details I can here.
Short description: I have a VM that hosts 2 nested servers; I followed guides to get them set up - and everything works great. For a while, then it suddenly stops, and the only way I can bring it back is removing the route from 3 route tables, and then adding it back.
Long description:
Azure VM with 2 NICs: 172.20.0.5 / 172.20.1.5; the 0.5 NIC is used for NAT connectivity, 1.5 NIC with IP forwarding, firewall set at 172.20.3.4; nested server at 172.20.2.5. vNet set with address spaces for 172.20.0.0/24, 172.20.1.0/24, 172.20.3.0/24 (firewall), route table for server set with 172.20.2.0/24 -> 172.20.1.5; second route table for FW set with the same route.
Second vNet setup with the virtual Gateway and peered with the vNet above; address spaces of 172.20.4.0/24 (gateway) and 172.20.5.0, route table set for 172.20.2.0/24 -> 172.20.1.5.
Gateway connects with local FW, S2S IPSec, both sides with traffic set for 172.20.1.0/24 and 172.20.2.0/24, no errors on either side.
Now the issue: I get everything set up, and it works - I can RDP to the nested servers on the 172.20.2.0 subnet, ping, etc. Those servers can also reach the internet through the firewall, everything works as expected. After a while, I can no longer reach the 172.20.2.0 subnet from outside the server. I can always reach the 172.20.1.5 address to connect to the host and if I try to connect to the 172.20.2.5 VM I can see the traffic going across the tunnel, so I know the gateway is working.
If I connect to the host server on the 172.20.1.5 I can connect to the 2.5 VM. Connecting on the 2.5 VM I can ping the host and the firewall, but not the gateway.
The only way I can get restore access is dropping the routing of 172.20.2.0/24 -> 172.20.1.5 from all 3 route tables and then adding them back and it's restored immediately.
Working with the support they said everything routes fine, but at that time it was working. What could possibly be happening here?
Azure Virtual Network
{count} votes
-
William Willis 0 Reputation points
2023-06-22T18:36:45.12+00:00 Just for further details: When I cannot connect to the 172.20.2.5 nested vm, I also cannot reach 172.20.2.1 as the gateway. When I can reach 172.20.2.5 I can also reach the host vm on 172.20.2.1. This makes me further inclined to say that any connection is simply not getting routed through the route table.
-
William Willis 0 Reputation points
2023-06-23T00:11:11.0566667+00:00 It seems to be happening at random times, I can't figure a thing out about this. It went down overnight, so I reset it at 8am; it dropped around noon-1pm (I don't have an exact time), then again at 4:04pm, and again at 4:59pm.
When working, the trace route from my computer to the server goes as expected: -mine- > 172.20.10.1 (local gateway) > 172.20.1.5 > 172.20.2.5
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 59%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
ChaitanyaNaykodi-MSFT 27,481 Reputation points Microsoft Employee Moderator2023-06-25T21:04:21.3233333+00:00 Thank you for reaching out and apologies for the delay.
Based on the observations above, can you please validate if there is any rate limiting mechanism involved between the communication?
If there is any firewall implemented with any rate limiting rules can affect the communication.
-
William Willis 0 Reputation points
2023-06-27T17:21:04.1766667+00:00 I think I have it figured out - I had to add the 172.20.2.0/24 to the address space on the vNet with the VPN and Gateway. Adding the address space on the host vNet with the server on it would immediately disconnect anyone connected, but on the other side it stays up.
-
William Willis 0 Reputation points
2023-06-28T15:56:55.8966667+00:00 There is none I am aware of.
Setting the address space to include the 172.20.2.0/24 did not help the connection stay longer. The issue has been happening since before adding the Azure firewall, so I don't see how it could be that. I can easily connect to anything except that one nested network without resetting just the route tables.
Sign in to comment
Sign in to answer