This article answers some frequently asked questions (FAQs) about Azure Relay. For general Azure pricing and support information, see the Azure Support FAQs.
Obs!
We recommend that you use the Azure Az PowerShell module to interact with Azure. To get started, see Install Azure PowerShell. To learn how to migrate to the Az PowerShell module, see Migrate Azure PowerShell from AzureRM to Az.
The Azure Relay service facilitates your hybrid applications by helping you more securely expose services that reside within a corporate enterprise network to the public cloud. You can expose the services without opening a firewall connection, and without requiring intrusive changes to a corporate network infrastructure.
A namespace is a scoping container that you can use to address Relay resources within your application. You must create a namespace to use Relay. It's one of the first steps in getting started.
The previously named Service Bus Relay service is now called Azure Relay. You can continue to use this service as usual. The Hybrid Connections feature is an updated version of a service that's been transplanted from Azure BizTalk Services. Windows Communication Foundation (WCF) Relay and Hybrid Connections both continue to be supported.
This section answers some frequently asked questions about the Relay pricing structure. You also can see the Azure Support FAQs for general Azure pricing information. For complete information about Relay pricing, see Service Bus pricing details.
For complete information about Relay pricing, see the Hybrid Connections and WCF Relays table on the Service Bus pricing details page. In addition to the prices noted on that page, you're charged for associated data transfers for egress outside of the datacenter in which your application is provisioned.
WCF Relay is available only in Standard tier namespaces. Pricing and connection quotas for relays otherwise haven't changed. This means that relays continue to be charged based on the number of messages (not operations) and relay hours. For more information, see the "Hybrid Connections and WCF Relays" table on the pricing details page.
In some cases, a single relay has many connected listeners. A relay is considered open when at least one relay listener is connected to it. Adding listeners to an open relay results in additional relay hours. The number of relay senders (clients that invoke or send messages to relays) that are connected to a relay doesn't affect the calculation of relay hours.
(It applies only to WCF relays. Messages aren't a cost for Hybrid Connections.)
In general, billable messages for relays are calculated by using the same method that is used for brokered entities (queues, topics, and subscriptions), described previously. However, there are some notable differences.
Sending a message to Azure Relay is treated as a "full through" send to the relay listener that receives the message. It isn't treated as a send operation to the Azure Relay, followed by a delivery to the relay listener. A request-reply style service invocation (of up to 64 KB) against a relay listener results in two billable messages: one billable message for the request and one billable message for the response (assuming the response is also 64 KB or smaller). It's different than using a queue to mediate between a client and a service. If you use a queue to mediate between a client and a service, the same request-reply pattern requires a request send to the queue, followed by a dequeue/delivery from the queue to the service. It's followed by a response send to another queue, and a dequeue/delivery from that queue to the client. Using the same size assumptions throughout (up to 64 KB), the mediated queue pattern results in 4 billable messages. You'd be billed for twice the number of messages to implement the same pattern that you accomplish by using relay. There are benefits to using queues to achieve this pattern, such as durability and load leveling. These benefits might justify the additional expense.
Relays that are opened by using the netTCPRelay WCF binding treat messages not as individual messages, but as a stream of data flowing through the system. When you use this binding, only the sender and listener have visibility into the framing of the individual messages sent and received. For relays that use the netTCPRelay binding, all data is treated as a stream for calculating billable messages. In this case, Service Bus calculates the total amount of data sent or received via each individual relay on a 5-minute basis. Then, it divides that total amount of data by 64 KB to determine the number of billable messages for that relay during that time period.
Quota name | Scope | Notes | Value |
---|---|---|---|
Relay namespaces per Azure subscription | Azure subscription | - | 1000 |
Concurrent listeners on a relay | Entity (hybrid connection or WCF relay) | Subsequent requests for additional connections are rejected and an exception is received by the calling code. | 25 |
Concurrent relay connections per all relay endpoints in a service namespace | Namespace | - | 5,000 |
Relay endpoints per service namespace | Namespace | - | 10,000 |
Message size for NetOnewayRelayBinding and NetEventRelayBinding relays | Namespace | Incoming messages that exceed these quotas are rejected and an exception is received by the calling code. | 64 KB |
Message size for HttpRelayTransportBindingElement and NetTcpRelayBinding relays | Namespace | No limit on message size. | Unlimited |
Number of virtual network and IP filter rules | Namespace | - | 128 |
By default, for any cloud service, Microsoft sets an aggregate monthly usage quota that is calculated across all of a customer's subscriptions. We understand that at times your needs might exceed these limits. You can contact customer service at any time, so we can understand your needs and adjust these limits appropriately. For Service Bus, the aggregate usage quotas are as follows:
- 5 billion messages
- 2 million relay hours
Although we reserve the right to disable an account that exceeds its monthly usage quotas, we provide e-mail notification, and we make multiple attempts to contact the customer before taking any action. Customers that exceed these quotas are still responsible for excess charges.
A Relay namespace name must be between 6 and 50 characters in length.
To move a namespace from one Azure subscription to another subscription, you can either use the Azure portal or use PowerShell commands. To move a namespace to another subscription, the namespace must already be active. The user running the commands must be an Administrator user on both the source and target subscriptions.
Azure portal
To use the Azure portal to migrate Azure Relay namespaces from one subscription to another subscription, see Move resources to a new resource group or subscription.
PowerShell
To use PowerShell to move a namespace from one Azure subscription to another subscription, use the following sequence of commands. To execute this operation, the namespace must already be active, and the user running the PowerShell commands must be an Administrator user on both the source and target subscriptions.
# Create a new resource group in the target subscription.
Select-AzSubscription -SubscriptionId 'ffffffff-ffff-ffff-ffff-ffffffffffff'
New-AzResourceGroup -Name 'targetRG' -Location 'East US'
# Move the namespace from the source subscription to the target subscription.
Select-AzSubscription -SubscriptionId 'aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa'
$res = Find-AzResource -ResourceNameContains <NAMESPACE NAME> -ResourceType 'Microsoft.ServiceBus/namespaces'
Move-AzResource -DestinationResourceGroupName 'targetRG' -DestinationSubscriptionId 'ffffffff-ffff-ffff-ffff-ffffffffffff' -ResourceId $res.ResourceId
For a description of common exceptions and suggested actions you can take, see Relay exceptions.
Shared Access Signatures (SAS) are an authentication mechanism based on SHA-256 secure hashes or URIs. For information about how to generate your own signatures in Node.js, PHP, Python, Java, C, and C#, see Service Bus authentication with shared access signatures.
Yes. The relay client makes connections to the Azure Relay service by using fully qualified domain names. Customers can add an entry for *.servicebus.windows.net
on firewalls that support DNS approval listing.
It's also possible to allowlist a specific namespace by using your-namespace-name.servicebus.windows.net
. In this case you'll also need to allowlist the gateways for your namespace, which can be found by using this PowerShell script.