Share via

How can I increase my SNAT ports for my app service experiencing SNAT port exhaustion?

Pamela Reynolds 0 Reputation points
2023-12-19T19:21:18.8433333+00:00

I have an app service that has been working without major SNAT port issues for years. During this Azure planned maintenance for Dec 11 - 21, 2023 suddenly my SNAT port usage has jumped by a factor of 10. My app service is mostly unresponsive. We have a single HTTP connection which is reused for the app service. We have DB connection pooling as well. My app service supports my web app frontend and makes external calls to other APIs not hosted in Azure. I need help ASAP. Neither of my app services (frontend or backed) use VNAT,

Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
8,999 questions

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. SnehaAgrawal-MSFT 22,706 Reputation points Moderator
    2024-01-03T08:43:02.8033333+00:00

    @Pamela Reynolds Thanks for reaching here!

    So, to add further for solving a SNAT port exhaustion issue for App Service, you can follow the general guidance in the Problem Solving section of Outbound connections in Azure, which applies to App Service web applications. The guidance includes:

    • Reusing connections in the application
    • Using connection pooling in the application
    • Using less aggressive retry logic in the application
    • Using keepalives to reset the outbound idle timeout

    In addition, you can also try these App Service-specific solutions:

    • Make sure the backend services can respond quickly
    • Scale out the App Service plan to more instances
    • Use App Service Environment, which has more SNAT ports for each worker instance, due to its smaller instance pool size

    A load test should simulate real world data at a steady pace.

    Suggest you refer below detailed blog links would be helpful-

    Let us know if further query or issue remains.

    1 person found this answer helpful.
    0 comments
  2. Luis Arias 8,621 Reputation points Volunteer Moderator
    2023-12-19T21:19:56.9766667+00:00

    Hi Pamela Reynolds,

    There are some ways to avoid the SNAT port limitation on azure web app;

    • connection pools: By pooling your connections, you avoid opening new network connections for calls to the same address and port.
    • service endpoints: You don't have a SNAT port restriction to the services secured with service endpoints.
    • private endpoints: You don't have a SNAT port restriction to services secured with private endpoints.
    • NAT gateway: With a NAT gateway, you have 64k outbound SNAT ports that are usable by the resources sending traffic through it. https://learn.microsoft.com/en-us/azure/app-service/troubleshoot-intermittent-outbound-connection-errors

    It depends on your application architecture you can add eaither a service connection or private endpoint to communicate to your app service.

    Additional help:

    Cheers,

    Luis

    If the information helped address your question, please Accept the answer.

    0 comments
  3. Jerson Paul Iglesias 0 Reputation points
    2024-06-24T08:55:25.4433333+00:00

    .....................

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.