Question 207083 in Azure Question posted in
The official documentation to get you started can be found here.

Azure Load Balancer does not accept traffic on a particular port

I have a weird issue with Azure Load Balancer where one port won’t accept traffic at all and I’m not sure why. I looked at everything I could think of. Here’s the description:

  • azure load balancer with a backend pool which contains one linux VM
  • the VM is supposed to accept traffic on two ports
  • port1 works, port2 doesn’t
  • both ports have a load balancer rule each. The rules are identical (except port numbers obv).
  • VM network security group has both ports open
  • the VM responds to pings on both ports as open when pinged via https://ping.eu/port-chk/
  • the load balancer responds with open at port1 and closed at port2 when pinged.

I feel like I’m at a point where I’m just going in circles around Azure portal and not finding anything obvious that could be blocking the port.

Any help would be GREATLY appreciated.

Steps I took involve:

  1. Pinging both the VM and the load balancer IP with https://ping.eu/port-chk/ to confirm that the ports are actually open. VM accepts traffic on both the load balancer does not.
  2. I tried recreating the load balancer rule (deleted and then created again) for the closed port which did not help.
  3. I reviewed the VMs network security group to see if there was maybe blocking there. Nothing found.
  4. I tried looking at azure firewall details but it doesn’t look like there’s anything that’s configured there that could be blocking the port.
  5. I did not see any network security rules for the load balancer itself.
  6. Confirmed that the app on the VM is listening on the said ports.
Tags:

2

Answers


  1. Chosen as BEST ANSWER
    0

    If anyone else runs into this it looks like the issue was that the health probe was using HTTPS protocol and it should be using TCP instead.

    My other working port is also using HTTPS so not sure why that works but the other one doesn't. In any case change your health probe protocols people.


  2. 0

    Here are some suggestions:

    Check that a health probe is correctly configured for port2 on the Load Balancer. Also, ensure that the probe response is successful.

    Ensure that VM is in the backend pool used by the load balancing rule for port2.

    Use Azure Network Watcher to identify any issues. You can use its IP Flow Verify or Next Hop capability to see if traffic is being allowed or denied to your VM.

    Ensure there are no IPTables rules or firewall rules on the VM itself that are blocking traffic on port2.

    Check whether there are any UDRs that might be causing traffic to port2 to be routed incorrectly.

    Check the effective security rules on the NIC to see what’s being applied.

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search