This article will briefly discuss socket exceptions and how to investigate such issues in Azure App Service.In Azure App Service, the number of outbound connections are restrictive based on the size of the VM. Below are the machine wide TCP limits (as documented here.)
|Limit name||Description||Small (A1)||Medium (A2)||Large (A3)|
|Connections||Number of connections across entire VM||1920||3968||8064|
When an application initiates an outbound connection to a database or a remote service, it uses an TCP connection from this range of allowed TCP connections on the machine.In some scenarios, the number of available outbound ports might get exhausted and when the applications tries to initiate a new connection request, it might fail with this error:
- Exception Details: System.Net.Sockets.SocketException: An attempt was made to access a socket in a way forbidden by its access permissions.
COMMON REASONS THAT CAUSE ABOVE ERROR:
Using client libraries which are not implemented to re-use TCP connections.
- Application code or the client library is leaking TCP socket handles.
- Burst load of requests opening too many TCP socket connections at once.
In case of higher level protocol like HTTP this is encountered if the Keep-Alive option is not leveraged.
For a .NET application,the below code-snippet will log the active outbound connections and details about the external service to which it is connecting. This will not log database related connections as they do not use System.Net.You can create a page PrintConnectionsSummary.aspx under the site and place it under /wwwroot folder. When the application encounters the socket exceptions, the users can browse to the page PrintConnectionsSummary.aspx(download file from here ) to see the connection count to the remote services.
Below screenshot depicts the above code-snippet in action. It is printing out the external connections that the app might be connecting to (via System.net).
Mentioned below is the application code :