Troubleshoot latency issues within a virtual network

  • 8 minutes

You work as a support engineer supporting Azure infrastructure. You've been contacted by your web team about an issue with the website not responding. The web team have a pool of webservers behind a load balancer and public IP address.

Screenshot of a network topology diagram showing a pool of webservers behind a load balancer.

In this exercise, you'll use what you've learned to go through steps to troubleshoot the connection issues to the virtual machines.

Verify that the website can't be reached

Use the Cloud Shell on the right.

  1. Use this Azure CLI command to get the public IP address of the scale set.

    az network public-ip show \
--resource-group cloud-shell-storage-westeurope \
--name myScaleSetLBPublicIP \
--query '[ipAddress]' \
--output tsv

  2. Copy the IP address, in a new tab in your browser, try to navigate to it.

Screenshot of the website not responding.

Check that Network Security Groups are configured correctly

  1. In another browser tab, navigate to the Azure portal.

  2. Search for Network security groups.

    A screenshot showing the virtual machine scale set is shown on screen.

  3. Under Services, select Network Security Groups.

    A screenshot showing that in this environment there are no NSGs created.

Check the port rules for the scale set

  1. In the Azure portal, search for scale set, and then under Services, select Virtual machine scale sets.

    A screenshot showing the virtual machine scale set is highlighted.

  2. In the list, select myScaleSet to view the details.

  3. On the left, under Settings, select Networking.

    A screenshot of Networking selected, with inbound and outbound port rules highlighted.

  4. Select the Inbound port rules tab, and then select the Outbound port rules tab.

Note

There are no network security groups (NSG) on this network interface.

Check the network settings for the pool instances

  1. On the left, under Settings, select Instances.

    A screenshot showing an instance in the scale set highlighted.

  2. Select the first instance listed, in the above example this is myScaleSet_2. In your environment this could be different.

  3. On the left, under Settings, select Networking.

    A screenshot showing the instances without NSG setup.

  4. There isn't an NSG being used by this instance.

  5. In the breadcrumb trail, select myScaleSet, and then repeat steps 2 to 4 to see that there isn't an NSG on the other instance.

Check the load balancer for a scale set

  1. Select the Load balancing tab, and then select the myScaleSetLB load balancer.

    A screenshot showing the myScaleSetLB highlighted.

  2. On the left, under Settings, select Frontend IP configuration.

    A screenshot showing the frontend IP address highlighted.

  3. Check that there is a frontend IP address, and that this is the IP you tested at the beginning of this exercise.

  4. On the left, under Settings, select Load balancing rules.

    Screen shot showing the load balancing rules.

    Note

    There is a rule for port 80 and port 443.

  5. On the left, select Diagnose and solve problems.

Use the Diagnose and solve problems troubleshooter

  1. Select the No connectivity to the backend pool troubleshooter.

    A screenshot showing the No connectivity to backend pool troubleshooter.

  2. In the Tell us more about the problem you are experiencing drop-down box, select Intermittent connectivity.

  3. Scroll down and read the insight found.

Screen shot of the connectivity results showing the backend pool can't be connected to over port 443.

The insight points to the fact that the backend instances in the pool aren't listening for port 443. The website instances should be listening to port 80. This insight points to a problem in the load balancer rule.