APIM Backend remote connectivity issue (Scenario 5: Unable to connect to the remote server)

Sivasankar Thalavai 0 Reputation points
forward-request (0.739 ms)
    "messages": [
        "Unable to connect to the remote server",
        "Error occured while calling backend service.",
        "An attempt was made to access a socket in a way forbidden by its access permissions"

am trying to integrate AKS private Cluster(aks-vnet) ingress (private Ip) exposed Api

from APIm (apimVnet), but it is giving below issue.

already have peering b/w two vnets

can you help me to resolve this issue?

Azure API Management
Azure API Management
An Azure service that provides a hybrid, multi-cloud management platform for APIs.
1,540 questions
Azure Kubernetes Service (AKS)
Azure Kubernetes Service (AKS)
An Azure service that provides serverless Kubernetes, an integrated continuous integration and continuous delivery experience, and enterprise-grade security and governance.
1,664 questions
{count} votes

1 answer

Sort by: Most helpful
  1. navba-MSFT 9,580 Reputation points Microsoft Employee

    @Sivasankar Thalavai Apologies for the late reply. Welcome to Microsoft Q&A Forum, Thank you for posting your query here!

    I understand that you are facing an issue while integrating AKS private Cluster ingress exposed API from APIM. You have already established peering between two VNets. The error message suggests that there is an issue with remote connectivity.

    Here are a few things you could check:

    1.Network Security Group (NSG) Rules: Ensure that the necessary ports are open in your NSG rules. If certain ports are unavailable, API Management may not operate properly and may become inaccessible.

    2.Subnet Configuration: APIM instances should be deployed in a dedicated subnet that does not contain other resources. If you have an NSG assigned to the AKS subnet, you might need to add rules for the necessary ports.

    3.Routing: Check if the routing is properly configured in the ingress controller.

    4.Please check ingress controller logs on the AKS cluster to see if the requests are reaching the ingress controller at all, using kubectl logs -f nginx-ingress-controller-xxxxx. This is a rough representation of how the architecture should look like (replace backends with AKS ingress which eventually leads to the Services and then pods). Please check NSG rules on your AKS VNET and API Gateway VNET.
    5.VNet Peering: Although you mentioned that you have peering between the two VNets, it might be worth double-checking the configuration to ensure that there are no issues. If the API Gateway is deployed in a different Virtual Network, please connect it to the AKS virtual network using VNET Peering or Vnet-to-Vnet Gateway, depending on your use-case.
    6.APIM also supports self-hosted model and can be deployed into AKS cluster directly: https://learn.microsoft.com/en-us/azure/api-management/self-hosted-gateway-overview

    Sharing a few useful articles if that helps:

    Hope this helps.

    0 comments No comments