Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Update VMSS + LB to use NATv2

See original GitHub issue

Related command

az vmss

Resource Provider

Microsoft.compute

Description of Feature or Work Requested

With VMSS create there is currently client logic like:

If VMSS Uniform, configure NAT Pool,
If VMSS Flex, do not configure NAT pool

LB has recently launched an update to NAT rules that work for both VMSS Uniform and Flex. We would like to revise the VMSS create to always set up NAT rules via the new API:

https://azure.microsoft.com/en-in/blog/manage-port-forwarding-for-backend-pool-with-azure-load-balancer/

      {
        "name": "[concat(variables('lbName'), '/', 'natRule')]",
        "type": "Microsoft.Network/loadBalancers/inboundNatRules",
        "apiVersion": "2021-05-01",
	    "location":"[parameters('location')]",
	    "dependsOn":[
            "[concat('Microsoft.Network/loadBalancers/', variables('lbName'))]"
        ],
        "properties": {
      	  "frontendIPConfiguration": {
      	    "id": "[variables('frontendIPConfigID')]"
      	  },
      	  "protocol": "TCP",
      	  "frontendPortRangeStart": 50000,
      	  "frontendPortRangeEnd": 50100,
	  "backendPort": 3389,
      	  "idleTimeoutInMinutes": 4,
      	  "backendAddressPool": {
      	    "id": "[variables('backendaddressPoolID')]"
	    }
	  }

Minimum API Version Required

2022-03-01 compute 2021-05-01 network

Swagger Link

Normal CRP swagger Normal NRP swagger

Target Date

7/30/2022

Issue Analytics

State:
Created a year ago
Comments:13 (8 by maintainers)

Top GitHub Comments

1reaction

anavinaharcommented, Jul 21, 2022

Yes both are the same functionality. We can replace with nat rules v2

For VMSS Uniform it is @fitzgeraldsteele’s call.

0reactions

zhoxing-mscommented, Sep 19, 2022

The az vmss list-connection-info command will no longer work for Uniform VMSS which uses the NAT rule v2, because we can’t get the backendIPConfiguration from inboundNatRules of loadBalancers anymore.

@mahipdeora @anavinahar @fitzgeraldsteele These two points have been implemented in draft PR. Do you have any ideas or suggestions on the third question?

In addition, can we hide the --nat-pool-name parameter in the help information? Users can continue to use it to avoid breaking change, but they will get the following prompt when using it: Screenshot 2022-09-19 162151 Does this meet your expectations?