Azure Front Door
An Azure service that provides a cloud content delivery network with threat protection.
498 questions
telnet/openssl connect to AFD custom domain times out after 5 seconds
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 82%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
Shadi
30
Reputation points
Hello all,
we have an Azure Front Door Premium on one of our customer projects. The customer has high level of incoming data, in average 200.000 per minute. Some of the devices that initiate connection to AFD don't support HTTPs and use HTTP for the connection. All the devices work as follow:
They open a connection to the custom domain defined on AFD, then they prepare their data that needs to be sent, which takes somewhere between 15 to 20 seconds. Then they transfer the data over this connection.
The problem is, some of the devices that initiate the connection using HTTP, receive a timeout after 5 seconds. I also have realized that these connections are not logged under FrontDoorAccessLog so there is no way I can investigate the issue using logs. I tried to re-create the issue myself using telnet command, and I can see that the connection is closed after about 5 seconds with the following message:
Connection closed by foreign host.
In addition to that, I also tried the openssl s_client -connect command to check the connection with TLS, and this request also closes after about 5 seconds.
As far as I know, the AFD TCP connection timeout is 61 seconds by default (I don't know if this could change or not), the keep alive timeout is 90 seconds, and my origin timeout is set to 120 seconds! So I don't see why a request should close/ timeout after 5 seconds. My guess is, since I also see no related logs, it might be that the requests don't reach my AFD profile for some reason!!
Your help is highly appreciated on the matter.
Regards
{count} votes
-
KapilAnanth-MSFT 28,021 Reputation points Microsoft Employee2023-11-13T12:31:22.8333333+00:00 Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.
I understand that you are receiving frequent time outs while accessing Azure Front Door.
- Are you saying that TCP Connection itself is timing out?
- Or TCP is successful but further HTTP/HTTPS Connection is timing out?
- Do you receive any HTTP Response before the connection times out?
- Or the HTTP initiation itself fails and results in time out?
- Can you share the failure for a "curl" or "wget" command?
- I would like to know if this timeout happens at TCP or at HTTP. I am interested in the headers you receive in the HTTP Response.
Cheers,
Kapil.
-
Shadi 30 Reputation points
2023-11-13T13:05:25.53+00:00 Hello @KapilAnanth-MSFT
thank you for replying.
As I am using telnet command to re-create the issue myself, I would say the TCP seems to fail, or at least that is my guess.
A curl wouldn't work, because there is no website on the other side of the URL. An AKS cluster service on the backend of AFD should receive the data sent by the devices. So, when I try to connect to the URL, I get 500 internal error!
I also don't get a timeout message per-se, as I mentioned in the original post, I receive:
Connection closed by foreign host.
The devices however see the following error 5 seconds after they try to establish a connection:
Could not get orders from portal: Post "URL": read tcp LOCAL-IP:PORT ->AFD-IP:443: read: connection reset by peer
I hope this is helpful.
-
Shadi 30 Reputation points
2023-11-13T13:19:27.0366667+00:00 This comment is removed!
-
KapilAnanth-MSFT 28,021 Reputation points Microsoft Employee
2023-11-14T10:21:39.48+00:00 In that case, I think we will need a specialized 1:1 session, where a support engineer can have a screen share session to pinpoint the issue.
If you have a support plan you may file a support ticket, else please do let us know, we will try and help you get a one-time free technical support.
Cheers,
Kapil
-
Shadi 30 Reputation points
2023-11-14T10:23:43.65+00:00 thank you for the information. I do have a support plan, I was just hoping there might be something I am missing which is straight forward.. I will open a support ticket then. Thanks for your help.
-
KapilAnanth-MSFT 28,021 Reputation points Microsoft Employee
2023-11-14T10:25:21.2433333+00:00
Sign in to comment