Azure Container Registry Performance Issues and SLA

Question

We are using Azure Container Registry to provide images to our customers for their use in Azure Container App, and some of our customers are complaining about slow performance (~15 minutes) to pull an image of around 2GiB. The metrics appear to be fairly limited, but we don't see any pull failures or "Too Many Requests" errors reported

We're already on the "Premium" tier so are concerned about future scalability as the number of customers increases.

1. Is Azure Container Registry designed to support public/anonymous image pulls?
2. What is the maximum amount of concurrent image pulls that Azure Container Registry can be expected to support?
3. What bandwidth can be expected for Azure Container Registry?
4. Is there more detailed telemetry available (e.g. bandwidth usage, throttling)

Answer 1

Hey Jack,

it sounds like you’re seeing really slow pulls (15 minutes for a ~2 GiB image) even though you’re on the Premium tier and not getting any 429s. Let me walk through your questions and share how to both size your registry and get deeper visibility into what’s happening under the covers.

1. Is ACR designed to support public/anonymous image pulls?
   • By default, Azure Container Registry is a private registry (you authenticate with AAD or the admin user).
   • If you need true “no-auth” public pulls, ACR now offers an anonymous-pull feature (in public preview at last check) where you can mark specific repositories as public so anyone can pull without credentials. Otherwise you can create a scoped read-only token and share that for “semi-public” access.
2. What’s the max number of concurrent pulls I can expect?
   • It depends on your SKU. Premium supports significantly more concurrent read operations (Blob reads + registry reads) than Standard or Basic. While there isn’t a single “hard” limit on total concurrent clients (the service scales), Premium is built for large-scale scenarios—think hundreds of concurrent pulls per second. If you really need to push it further, you can contact Azure Support to discuss a limit increase.
   • For exact API concurrency/read-ops limits per tier, see the SKU limits doc below.
3. What bandwidth can I expect?
   • Azure Container Registry backs onto Azure Blob Storage, so your pull throughput is bounded by: a) The network path between the client and the region (latency + bandwidth). b) The blob storage throughput targets for that region and storage account (these can be very high, but you should validate).
   • In a best-case scenario (clients in the same Azure region on a fast VM), you can hit hundreds of MB/s or more. From the internet, you’ll likely be limited by your own ISP link. It’s worth running an AzureSpeed or AzCopy test to establish a baseline.
4. Is there more detailed telemetry (bandwidth usage, throttling)?
   • Absolutely. You can turn on resource logs (ContainerRegistryRepositoryEvents) in the Diagnostic settings for your registry and send them to Log Analytics or Event Hubs. Those logs will show you per-layer pull events, durations and any HTTP 429 throttles.
   • You also have built-in metrics in Azure Monitor for ingress (bytes in), egress (bytes out), total requests, and throttled requests. Charting those over time can help you spot spikes or patterns.

What you can try right away:

• Run a simple network speed test (AzCopy or AzureSpeed) against blob storage in your ACR’s region.
• Try pulling the same image from a VM in the same region vs. from your customer locations—this will help isolate network vs. registry limits.
• Enable the diagnostic logs and query for “Pull” operations in Log Analytics to see actual pull durations per layer.
• If you haven’t already, consider geo-replicating your Premium registry into regions closer to your customers (and configure DNS for the geo-replica to ensure clients hit the nearest endpoint).

Follow-up questions to narrow this down further:

1. Where are your customers pulling from (their client geography vs. your registry’s region)?
2. Have you measured upload/download speeds from their network to Azure blob storage in your region?
3. Are you using geo-replication or hitting the single-region endpoint?
4. Roughly how many concurrent pulls are happening when they see the slowdown?

Hope this gives you a clear path forward!

Reference docs:

• Troubleshoot registry performance: https://docs.microsoft.com/azure/container-registry/container-registry-troubleshoot-performance
• Pull is Slow Self Help: https://docs.microsoft.com/azure/container-registry/container-registry-troubleshoot-performance#check-expected-network-speed
• Azure Container Registry SKU features and limits: https://docs.microsoft.com/azure/container-registry/container-registry-skus
• Enable resource logs: https://docs.microsoft.com/azure/container-registry/container-registry-diagnostics-audit-logs

Note: This content was drafted with the help of an AI system. Please verify the information before relying on it for decision-making.