This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(0, 95%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGC%3C/text%3E%3C/svg%3E)
We have API Gateway hosted in AWS EKS and upstream API aka backend hosted in AWS. Also same API Gateway hosted in Azure (AKS).
When we run a perf test on following scenarios
Scenario - 1
Scenario - 2
Scenario 2 is yielding us 20% drop in TPS compared to scenario 1 and around 1% traffic failed due to connection errors to aws upstream.
Can anyone help me understand what could be potential reason ?
Hello @Ghanapuram, Chaitanya
Thank you for reaching out to the Microsoft Q&A platform.
Based on the provided information, it seems like you are experiencing a drop in TPS and connection errors when using the Azure API Gateway to connect to the AWS upstream API. There could be multiple factors that can affect connectivity success, such as firewall or other traffic management components at the destination, API rate limiting imposed by the destination side, and volumetric DDoS mitigations or transport layer traffic shaping.
To diagnose connection issues, you can use NAT gateway metrics in Azure monitor. Look at packet count at the source and the destination (if available) to determine how many connection attempts were made. Look at dropped packets to see how many packets were dropped by NAT gateway. You can also check for SNAT exhaustion due to NAT gateway configuration, validate connectivity to an endpoint in the same region or elsewhere for comparison, and explore if reducing the rate reduces the occurrence of failures.
It is also important to note that outbound Passive FTP may not work for NAT gateway with multiple public IP addresses, depending on your FTP server configuration. To prevent possible passive FTP connection failures, make sure to check that your NAT gateway is attached to a single public IP address rather than multiple IP addresses or a prefix, and make sure that the passive port range from your NAT gateway is allowed to pass any firewalls that may be at the destination endpoint.
If your investigation is inconclusive, you can open an azure technical support case for further troubleshooting and collect the necessary information for a quicker resolution.
Hello @Ghanapuram, Chaitanya
Do you have any updates here?