This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(313.6, 15%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVS%3C/text%3E%3C/svg%3E)
We have an aks cluster sitting behind an azure loadbalancer. All inbound/outbound connectivity to/from the aks cluster goes through this LB. The LB has an outbound rule with 13 public IP's. We have another system on prem which has some firewall rules to only allow connectivity from certain IP's. To make sure connectivity from the aks cluster to the on prem system is established we have allowed these 13 IP's in our firewall rules, but now we want to test this connectivity from the aks cluster using all the 13 IP's, when i try telnet from aks node i am seeing it is always using the first frontend ip to connect and not using the others, is there a way to force aks to use the other ips for testing ??
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(310.4, 8%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAA%3C/text%3E%3C/svg%3E)
Hello @Vaishak Shetty M
Thank you for your question, did you whitelist those IP on AKS cluster to use those Public IP's.
please check this document Update the cluster with your own outbound public IP
and make sure those IP's whitelisted on FW also.
I hope that answered your question. If an answer has been helpful, please consider accepting the answer to help increase visibility of this question for other members of the Microsoft Q&A community. If not, please let us know what is still needed in the comments so the question can be answered. Thank you for helping to improve Microsoft Q&A!
We have added our own outbound IPs and have whitelisted them in our on prem server, the question is now how should we test whether connectivity is working from all the IPs (13). When I try telnet from the worker it always seems to only use the first IP in the list.
Thank you for clarifying! that by default, it will keep use the first IP allocated once the AKS cluster created, scale the number of managed outbound public IPs to help resolve the SNAT exhaustion, by default every node would use 1024 ports, if that number exceeded so it will use the 2nd IP, total ports will be 2048 and so on Configure the allocated outbound ports.
Which means, if you only use --load-balancer-managed-outbound-ip-count you can add as many ips as you want but you will still use 1024 ports if you have less than 50 instances.
Now, number 2 didn’t work, because you added 2 Ips and asked for 4k ports, but the DEFAULT rule is to add 1024 ports per ip when you have less than 50 instances, so for this to work without touching the default behavior you would need to: --load-balancer-managed-outbound-ip-count 4
Thank you.