We have deployed our Azure web application to two separate data centers (one located in West Europe and the other located in South east Asia) for purely performance reasons. We have a configured a Traffic Manager to route requests between these two DC's based on performance. However, when users in Shanghai try to access the site, they are routed to the DC in West Europe when ideally they should have been routed to SE Asia DC. Due to this, users in Shanghai are not seeing the intended performance benefit. However, it works well from India and Europe i.e. they are routed to the closest DC. What could be the problem? Also, is there a way to test traffic manager's performance based routing to see if it working as expected?
↧
Traffic Manager not routing to correct data center
↧
Cisco CallManager in AZURE
I have spun up a CUCM 10.5 VM on VMware Workstation, converted it to a .VHD, and moved it to Microsoft Azure.
When the VM is powered on in Azure, I am not able to ssh to it via it's IP, but I can do this from my local network when it is a VM.
The OS install requires an IP address to be assigned and not dhcp. CallManager is an appliance build on RedHat.
Any ideas how I can get visibility into my VM that is on Azure so that I might be able to configure something on it?
↧
↧
Need to Configure Internal Load Balancer between 3 VMs in Windows Azure which are in different Cloud Services
Hi
I have 3 Vms that needs to be load balanced Internally. All the 3 VMs are associated to its own(different) Cloud Services. The VMs are configured with a Virtual Network with a Virtual Address Space and a Subnet.
Can I configure ILB for my 3 VMs which are in different cloud services. If yes do I have to use this cmdlet "Set-AzureStaticVNetIP" and set a static IP address for 3 VMs before configuring ILB.
Thank You,
Pradhyum Kumar
↧
Extremely high latency into Azure East from Baltimore
We were previously receiving very low latency (sub 20ms) between our office in Baltimore, MD to Azure East, however in the past couple of weeks the latency is now 130ms+.
What's the best route to resolve the issue?
3 4 ms 4 ms 3 ms xe-5-2-0.was12.ip4.tinet.net [213.200.84.121]4 129 ms 128 ms 130 ms microsoft-gw.ip4.gtt.net [46.33.80.106]
5 140 ms 128 ms 129 ms microsoft-gw.ip4.gtt.net [46.33.80.106]
6 139 ms 129 ms 138 ms xe-4-0-2-0.bl2-96c-1b.ntwk.msn.net [207.46.47.87]
7 133 ms 129 ms 128 ms ae10-0.bl3-96cbe-1b.ntwk.msn.net [207.46.35.62]
8 * ^C
↧
How to use point to site connection to azure virtual network from Linux VM?
I want to use point to site VPN connection to Azure virtual network, but the client is Linux should be how to connect?
↧
↧
Set-AzureVNetGatewayKey cmdlet no longer exists in Azure PowerShell?
**Background**
I am attempting to link up multiple VNets with one another in Azure. To do this I am following this tutorial:
VNet-to-VNet: Connecting Virtual Networks in Azure across Different Regions
I also found another reference that does about the same:
Azure VNET to VNET VPN, across regions and data centers: not so complicated
**Problem**
Both tutorials state that I have to set a gateway key through the cmdlet 'Set-AzureVNetGatewayKey'. This however seems to be a non-existant cmdlet. Everything was successful till this point.
I am also unable to find the said command in the Azure Cmdlet Reference
Does anyone know of an alternative way???
I am attempting to link up multiple VNets with one another in Azure. To do this I am following this tutorial:
VNet-to-VNet: Connecting Virtual Networks in Azure across Different Regions
I also found another reference that does about the same:
Azure VNET to VNET VPN, across regions and data centers: not so complicated
**Problem**
Both tutorials state that I have to set a gateway key through the cmdlet 'Set-AzureVNetGatewayKey'. This however seems to be a non-existant cmdlet. Everything was successful till this point.
PS C:\> Set-AzureVNetGatewayKey -VNetName SDNWAPS -LocalNetworkSiteName SDNWAPS
SharedKey *********Set-AzureVNetGatewayKey : The term 'Set-AzureVNetGatewayKey' is not recognized as
the name of a cmdlet, function, script file, or operable program.
Check the spelling of the name, or if a path was included, verify that the path is
correct and try again.
I am also unable to find the said command in the Azure Cmdlet Reference
Does anyone know of an alternative way???
↧
Speed (network) between onprem LAN and azure LAN
Hi! We are running some VMs in azure. they are connected to our onprem LAN via site2site VPN , based on cisco hardware (cisco ASA)
Transfering files between a network share on VM in azure and a onprem VM takes it time. Iperf measures the speed to about 11 Mbps from onprem VM to azure VM.
What speeds are excpected? I would like to quarduple the speed, in order to use azure VMs as an integrated part of our LAN - is that achievable?
↧
Traffic Manager shows website that is not under by subscription
I see website listed
mawscanary-011c8d34-6b425580.azurewebsites.net
which is not created under by subscription id <hidden>. I can send per request.
Thank you
↧
Multi Site Azure Vnet to mutipal local networks
I have set up as per the instructions from MSDN, However after reimporting the XML file, the secondary network creates it self but reports as status unavailable. from PowerShell 'Get-AzureVnetConnection -VNetName VNET' it only gives me info on the primary VPN setup. (configured and working before XML export/import)
is anyone able to advise me what 'Status unavailable' means and what I can do to resolve this
↧
↧
Azure multiple site-to-site VPNs (dynamic gateway) with Cisco ASA devices
Hello
I've been experimenting with moving certain on-premise servers to Azure however they would need a site-to-site VPN link to our many branch sites e.g. monitoring of nodes.
The documentation says I need to configure a dynamic gateway to have multiple site-to-site VPNs. This is not a problem for our typical Cisco ISR's. However three of our key sites use Cisco ASA devices which are listed as 'Not Compatible' with dynamic routing. So I am stuck...
What options are available to me? Is there any sort of tweak-configuration to make a Cisco ASA work with Azure and dynamic routing?
I was hoping Azure's VPN solution would be very flexible.
Thanks
↧
Azure Site to Site VPN to Meraki firewall - dropping randomly, often?
We are wit's end on an Azure-Meraki site to site VPN issue that is causing us massive headaches. Here is the scenario we hope someone can help with:
We have a customer that has offloaded all their servers into Windows Azure. Everything is working great in terms of the virtual machine aspect of Azure, but we have one box that has to have
a site to site tunnel running in order to communicate with a client app that runs on some PCs at the office. Which was fine, we thought, as Azure supports site to site VPNs, so our journey began...
Our original router was a Cisco RV042G, but this was a no-go as Cisco limits pre shared keys on this device at 30 characters. Azure needs 32 characters no less. That was a dead end which we replaced with a Sonicwall TZ as a last minute purchase...
The Sonicwall was a nightmare. Their support team treated us like heretics because we did not purchase a support plan through them instead of through CDW. Even after purchasing a support plan a second time through them, they couldn't get a reliable tunnel working to Azure. Very poor support team, lest we say that we won't be buying any more Sonicwall devices after that experience...
So we finally replaced the Sonicwall with a Meraki MX60. Liking the Meraki gear as we are putting more of their devices into the field and liking what they offer. Problem is that we have gotten a proper tunnel setup to Azure from the Meraki box, and Meraki says all settings are 100%, but we are still experiencing drops either in a few hours or in a couple days.
Meraki says their logs show no issues with the box.... ISP says their connection is stable as ever... the only side we cannot get a definitive answer from is Azure. There seems to be no way to get a log of how the VPN looks on their service unless we open a support ticket, but don't get me started on that, as they refuse to provide MS partners with decent support without paying for an extra hefty fee. Crazy for as much business as we push their way for Azure.
Regardless, I was curious if anyone else here has experience with a site to site tunnel up to Azure, specifically on a Meraki box, dropping at random intervals and refusing to reconnect.
I have been doing some reading and some online claim that the MTU for Azure needs to be 1350 and changing their firewall to this MTU fixes it, and others say that Dynamic Routing VPN setup works better than Static Routing VPN due to a lack of dead peer detection on a Static Route VPN.... any actual evidence to either of these being the case?
We've been picking and poking around this tunnel for the last week or so, and need some solid third party insight on what may be going on. It's frustrating to have this tunnel dropping so often, and Microsoft claims Azure is enterprise ready.... I don't know who to believe during this troubling time.
Is there something that may be taking the tunnel down due to inactivity? And would it be Azure doing it or the Meraki?
Any insight is appreciated. We need to get this going for the client as Azure is working very well in all aspects other than this site to site tunnel.
↧
How to use Traffic Manager to direct traffic to different Azure Web Sites?
I have been using Traffic Manager to direct traffic to different web roles located in different regions (West US, East Asia and West Europe). I am trying to do the same for my web sites. But I can't see the selection when I try to create a new traffic
manager, only my web roles are listed. Is Traffic Manager not for web sites?
Frank
↧
Traffic Manager - session limitions or security
HI,<o:p></o:p>
<o:p> </o:p>
Yesterday night I had experienced a state that 10,500 session came up in the same time.<o:p></o:p>
Does AzureSecurity or Traffic Manager can be blocking traffic because this amount of connection at the same time?(DDOS ?)<o:p></o:p>
↧
↧
Traffic manager is not working as intended with performance mode
Hello,
We established traffic manager on 2 instances one is avaialble in WEU and other in SEA but users from shanghai are still routed to WEU instance instead of SEA instance and facing latency issues. we done some background work as below:
I requested the users in Shanghai to use http://azurespeedtest.azurewebsites.net/ to know the the closest DC. They see "It looks like your nearest Data Center is West Europe. There appears to be a CDN Node nearer your location". When we use the above site from India, it shows "It looks like your nearest Data Center is Southeast Asia". My question is:
- Based on the above lookups, TM seems to be routing correctly even though India is closer to West Europe than Shanghai?
- What is the additional information "There appears to be a CDN Node nearer your location" after data center that is displayed when looked up from Shanghai that is not shown from India? Could this "CDN Node" be making the Shanghai users to detect West Europe?
please provide your valueble suggestion ASAP as its spoiling total moto of adapting Traffic manager
Regards
\praveen
↧
High latency using Point-to-site VPN in Japan West region
Hi,
I created a Point-to-site VPN in Japan West region, but I am experiencing very high latency (>500ms) for the internal connection.
RDP to the VM (same region) using the public IP is quite fast, but using RDP with the internal IP is very slow.
Also HTTPS connection from the VM back to the on-premise Web server is very slow due to the high latency, I think.
I this expected? What is the expected latency between a VM and VNet in Japan West region and on-premise network in downtown Tokyo? The on-premise internet connection speed is 100MBit up and down.
Thank you in advance.
Regards,
Enrico
↧
using SMTP after configuring Azure VPN
Recently I configured site to site Azure VPN. After the configuration I can ping sql instance and other server running on premises., but I am not able to ping smtp server neither I can send mail using SMTP server.
Current SMTP hostname is an ISV provided service and not an on-prem server.
KIndly suggest what are the required setting to send mail from Azure VM using existing SMTP address.
Manohar K - SQL Server DBA Consultant
↧
Virtual Network Design question
Our existing Azure environment has a 10.140.0.0/16 virtual network address space (via VPN connection). a Request came in to use 3 class C networks but they gave me drawings that really use the following networks
172.18.0.0 255.255.128.0 0.0.127.255 32766 172.18.0.1 to 172.18.127.254 172.18.127.255
172.18.127.0/29: 172.18.127.0 255.255.255.248 0.0.0.7 6 172.18.127.1 to 172.18.127.6 172.18.127.7
172.18.1.0 255.255.255.0 0.0.0.255 254 172.18.1.1 to 172.18.1.254 172.18.1.255
172.18.2.0 255.255.255.0 0.0.0.255 254 172.18.2.1 to 172.18.2.254 172.18.2.255
172.18.3.0 255.255.255.0 0.0.0.255 254 172.18.3.1 to 172.18.3.254 172.18.3.255
172.18.4.0 255.255.255.0 0.0.0.255 254 172.18.4.1 to 172.18.4.254 172.18.4.255
172.17.0.0 255.255.128.0 0.0.127.255 32766 172.17.0.1 to 172.17.127.254 172.17.127.255
172.17.127.0/29: 172.17.127.0 255.255.255.248 0.0.0.7 6 172.17.127.1 to 172.17.127.6 172.17.127.7
172.17.1.0 255.255.255.0 0.0.0.255 254 172.17.1.1 to 172.17.1.254 172.17.1.255
172.17.2.0 255.255.255.0 0.0.0.255 254 172.17.2.1 to 172.17.2.254 172.17.2.25
172.17.3.0 255.255.255.0 0.0.0.255 254 172.17.3.1 to 172.17.3.254 172.17.3.255
172.17.4.0 255.255.255.0 0.0.0.255 254 172.17.4.1 to 172.17.4.254 172.17.4.255
172.16.0.0 255.255.128.0 0.0.127.255 32766 172.16.0.1 to 172.16.127.254 172.16.127.255
172.16.127.0/29: 172.16.127.0 255.255.255.248 0.0.0.7 6 172.16.127.1 to 172.16.127.6 172.16.127.7
172.16.1.0 255.255.255.0 0.0.0.255 254 172.16.1.1 to 172.16.1.254 172.16.1.255
172.16.2.0 255.255.255.0 0.0.0.255 254 172.16.2.1 to 172.16.2.254 172.16.2.255
172.16.3.0 255.255.255.0 0.0.0.255 254 172.16.3.1 to 172.16.3.254 172.16.3.255
172.16.4.0 255.255.255.0 0.0.0.255 254 172.16.4.1 to 172.16.4.254 172.16.4.255
Do I need to create 3 new virtual networks or should I use the existing and add something like... ???
10.140.127.0/29: 10.140.127.0 255.255.255.248 0.0.0.7 6 10.140.127.1 to 10.140.127.6 10.140.127.7
10.140.200.0 255.255.255.0 0.0.0.255 254 10.140.200.1 to 10.140.200.254 10.140.200.255
10.140.201.0 255.255.255.0 0.0.0.255 254 10.140.201.1 to 10.140.201.254 10.140.201.255
10.140.202.0 255.255.255.0 0.0.0.255 254 10.140.202.1 to 10.140.202.254 10.140.202.255
10.140.203.0 255.255.255.0 0.0.0.255 254 10.140.203.1 to 10.140.203.254 10.140.203.255
10.140.128.0/29: 10.140.128.0 255.255.255.248 0.0.0.7 6 10.140.128.1 to 10.140.128.6 10.140.128.7
10.140.204.0 255.255.255.0 0.0.0.255 254 10.140.204.1 to 10.140.204.254 10.140.204.255
10.140.205.0 255.255.255.0 0.0.0.255 254 10.140.205.1 to 10.140.205.254 10.140.205.255
10.140.206.0 255.255.255.0 0.0.0.255 254 10.140.206.1 to 10.140.206.254 10.140.206.255
10.140.207.0 255.255.255.0 0.0.0.255 254 10.140.207.1 to 10.140.207.254 10.140.207.255
10.140.129.0/29: 10.140.129.0 255.255.255.248 0.0.0.7 6 10.140.129.1 to 10.140.129.6 10.140.129.7
10.140.208.0 255.255.255.0 0.0.0.255 254 10.140.208.1 to 10.140.208.254 10.140.208.255
10.140.209.0 255.255.255.0 0.0.0.255 254 10.140.209.1 to 10.140.209.254 10.140.209.255
10.140.210.0 255.255.255.0 0.0.0.255 254 10.140.210.1 to 10.140.210.254 10.140.210.255
10.140.211.0 255.255.255.0 0.0.0.255 254 10.140.211.1 to 10.140.211.254 10.140.211.255
Thanks in advance!!
Thank You, Joe
↧
↧
Configure site to site with fortigate 100D
Hi,
How do you configure site to site VPN to fortigate firewall
What are the step to be taken?
Thanks
↧
ON Premises connectivity issue from Azure (using site-to-site connectivity)
I had recently bought Azure subscription and I have created a site-to-site VPN connectivity between the azure network & the Enterprise network. The connectivity shows as successful in the virtual network dashboard & the enterprise VPN gateway logs. We have configured the Virtual address space & the onPremises local network as mentioned in the bottom
Issue
* The connectivity between azure & enterprise network shows successful in the dashboard but when we try reaching theenterprise ip 116.197.178.5 we are unable to reach the IP, tried via nmap, ssh etc.
* From the VM we are able to reach the internet but have issues with the enterprise connectivity.
* The same configuration was working in march 2014 when we had tried using theFree Azure trail account. Looks like there has been a change in Azure services sometime during march 2014
* I don't see anyways to debug this issue
* I had followed the doc in msdn site (Configure a Site-to-Site VPN in the Management Portal)
Help
* Can someone tell me whether I'm doing anything wrong
* Is there a way I can debug this issue
Device Route info
Kernel IP routing tableDestination Gateway Genmask Flags Metric Ref Use Iface
default 10.2.1.1 0.0.0.0 UG 0 0 0 eth0
default 10.2.1.1 0.0.0.0 UG 100 0 0 eth0
10.2.1.0 * 255.255.255.0 U 0 0 0 eth0
Local network
<LocalNetworkSite name="EnterpriseNetwork">
<AddressSpace>
<AddressPrefix>10.1.0.0/16</AddressPrefix>
</AddressSpace>
<VPNGatewayAddress>xxx.197.179.249</VPNGatewayAddress>
</LocalNetworkSite>
Virtual network
<VirtualNetworkSite name="Azure-network" Location="Southeast Asia"><AddressSpace>
<AddressPrefix>10.2.0.0/16</AddressPrefix>
</AddressSpace>
<Subnets>
<Subnet name="FrontEndSubnet">
<AddressPrefix>10.2.0.0/24</AddressPrefix>
</Subnet>
<Subnet name="BackEndSubnet">
<AddressPrefix>10.2.1.0/24</AddressPrefix>
</Subnet>
<Subnet name="ADDNSSubnet">
<AddressPrefix>10.2.2.0/23</AddressPrefix>
</Subnet>
<Subnet name="GatewaySubnet">
<AddressPrefix>10.2.4.0/29</AddressPrefix>
</Subnet>
</Subnets>
<DnsServersRef>
<DnsServerRef name="GoogleDNS" />
</DnsServersRef>
<Gateway>
<ConnectionsToLocalNetwork>
<LocalNetworkSiteRef name="EnterpriseNetwork">
<Connection type="IPsec" />
</LocalNetworkSiteRef>
</ConnectionsToLocalNetwork>
</Gateway>
</VirtualNetworkSite>
↧
Unable to access websites deployed on windows azure virtual machine
Hello,
I have deployed two websites on windows azure SQL virtual machine and I am able to access these websites on local host but not able to access it from outside. Below is what I have already done:
- IIS 8 installed
- End point - HTTP port 80 created
- Website deployed in IIS
- Website folder created under wwwroot folder
- Able to access IIS page from outside network via accessing URL: http://vmname.cloudapp.net/
Problem is how to access various websites deployed in virtual machine. For example- I have www.webiste1.com (works on .net framework 2.0 - changed in application pool), www.webiste2.com (static HTML website), and www.webiste3.com (works on .net framework 2.0 - changed in application pool) then how to assign and custom domain and access from outside?
Please provide your help in resolving this issue.
Regards,
Anuj
↧