Hi @David Jones thank you for your questions. I'll start the conversation with some of my thoughts.
Why is the traffic going out over public IP addresses, when an internal DNS entry could go direct and avoid the need for SNAT ports?
The services you mentioned all use public IPs to publish their services by default unless you create a private endpoint in a vnet. You could create a internal dns entry but without a private endpoint this dns entry would have to resolve to the service public IP address. By default AppService will use its shared public facing IP address for all internet(public) bound connections
Documentation indicates that this can be solved using VNETs, service endpoints, gateways, etc, but are there any other approaches that we should be aware of?
Really the only two options you have is
- Modify the application behavior to stop creating so many connections. As you stated connection pooling could help but also consider your application architecture could you add caching layers in to avoid additional calls to the database. Could you consolidate multiple calls to one.
- Make the traffic take a different path i.e. bypass the AppService Load balancer and its associated limitations. Vnet integration and service endpoints are probably the easiest way to achieve this.