Troubleshooting Azure Networking

This section provides guidance and common solutions for diagnosing and resolving networking issues in Microsoft Azure.

Common Network Issues and Solutions

1. Connectivity Problems

Issues where resources cannot communicate with each other or with external services.

Symptoms:

• Virtual machines cannot reach the internet.
• Applications hosted on Azure are inaccessible.
• On-premises resources cannot connect to Azure VMs.

Troubleshooting Steps:

1. Check Network Security Groups (NSGs):

   Verify that NSG rules are not blocking the required traffic. Use the Network Watcher -> IP flow verify tool to check if traffic is allowed or denied by an NSG.

   # Example NSG Rule (Deny Inbound HTTP)
   - Name: DenyHTTP
     Priority: 100
     Direction: Inbound
     Access: Deny
     Protocol: Tcp
     SourceAddressPrefix: '*'
     SourcePortRange: '*'
     DestinationAddressPrefix: '*'
     DestinationPortRange: '80'

2. Review Route Tables:

   Ensure that traffic is being routed correctly. Check User Defined Routes (UDRs) on subnets. Use the Network Watcher -> Connection troubleshoot tool.

3. Firewall Rules:

   If using Azure Firewall or Network Virtual Appliances (NVAs), check their configurations for blocking rules.

4. DNS Resolution:

   Confirm that DNS is resolving correctly. Use nslookup or dig from a VM.

5. Service Endpoints and Private Endpoints:

   If accessing PaaS services, ensure endpoints are correctly configured and accessible.

2. Performance Degradation

Slow network performance or high latency.

Symptoms:

• Slow application response times.
• High latency between VMs.
• Frequent timeouts.

Troubleshooting Steps:

1. Network Latency:

   Use tools like ping, traceroute, or Azure Network Watcher's Connection troubleshoot to identify bottlenecks.

2. Bandwidth:

   Check the bandwidth limits of your VM SKUs and your Azure subscription. Monitor network throughput using Azure Monitor.

3. Network Virtual Appliances (NVAs):

   If using NVAs, ensure they are sized appropriately and not becoming a bottleneck.

4. Service Health:

   Check the Azure Service Health dashboard for any ongoing incidents that might be affecting network performance.

3. Load Balancer Issues

Problems with distributing traffic across multiple instances.

Symptoms:

• Some backend instances are not receiving traffic.
• Application is unavailable even though backend instances are healthy.

Troubleshooting Steps:

1. Health Probes:

   Ensure that the health probes configured for the load balancer are correctly reaching your backend instances and that the instances are responding correctly.

2. Backend Pool Configuration:

   Verify that the backend pool contains the correct IP addresses or VM names.

3. Load Balancing Rules:

   Check that the load balancing rules are configured with the correct frontend IP, protocol, port, and backend port.

4. NSGs on Backend VMs:

   Ensure that NSGs applied to the backend VMs allow traffic from the load balancer's health probe IP address and the frontend IP.

Advanced Troubleshooting

1. Packet Capture

For deep-dive analysis, use the Packet Capture feature in Network Watcher to capture network traffic flowing to and from a VM.

2. Network Topology

Visualize your Azure network topology to understand the connections between resources and identify potential misconfigurations.

3. Azure CLI and PowerShell

Leverage command-line tools for scripting diagnostics and automating checks.

# Example: Check NSG rules for a VM
az network nsg rule list --resource-group MyResourceGroup --nsg-name MyNsg --query "[].{Name:name, Priority:priority, Direction:direction, Access:access, Protocol:protocol, Source:sourceAddressPrefix, Destination:destinationAddressPrefix}" -o table

# Example: Check effective routes for a VM
az network nic effective-route list --resource-group MyResourceGroup --name MyNic --output table