IP Range for Windows Azure Platform, Identifying connectivity issues
I often come across this question by various customers using Windows Azure Platform. “What is the IP range for Windows Azure? SQL Azure? AppFabric?, etc”
The question arises due to the fact that organizations configure firewall/proxy to block/allow Inbound/Outbound traffic depending on rules they configure. If you are able to configure to allow outbound traffic to 0.0.0.0-255.255.255.255, it solves most of the connectivity problems which might occur while communicating with Windows Azure Platform. If for any reason if you are unable to configure this IP range, check with your Firewall/Proxy Administrators to see if they can allow outbound traffic to *.cloudapp.net address? If you end up needing specific IP ranges, hopefully below information will be helpful.
Microsoft download link https://msdn.microsoft.com/en-us/library/windowsazure/dn175718.aspx has the IP ranges for Windows Azure Datacenters. Please note that the content in this link is revised when there are any changes to the IP ranges.
Note:
- IP range(s) are subject to change without any prior notice. I recommend you to subscribe for RSS feed provided this blog and get notified whenever there is a change to the blog entry.
- IP range(s) are specified in CIDR format. Below links help you understand CIDR format, calculate IP ranges.
- We do not recommend applications taking a hard dependencies on these IP ranges
Various Ports used in Windows Azure Platform
Port(s) |
Description |
80, 443 |
Default http, https ports used for various web scenarios |
9350-9353 |
These ports are used by Windows Azure AppFabric service bus bindings Refer to https://msdn.microsoft.com/en-us/library/ee732535.aspx for more details |
1433 |
SQL Azure port |
3389 |
This port is used for RDP access to VM’s |
Identifying Connectivity Issues:
How to verify whether your firewall is blocking outbound traffic to Windows Azure Platform services? Detecting network related issues is tricky and involves networking expertise. However, many times, you can easily detect if the problem is with specific network or not by using below commands
First command I generally use to detect networking issues is “ping”. Below is the example of ping command.
C:\Users\hari>ping 1d6d6f26c0184f6c8ef29e1cf40a87e7.cloudapp.net
Pinging 1d6d6f26c0184f6c8ef29e1cf40a87e7.cloudapp.net[111.221.109.188] with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 111.221.109.188:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
In this example I1d6d6f26c0184f6c8ef29e1cf40a87e7.cloudapp.net is the application staging URL of my application. Replace this with your application URL while testing your application.
Many servers block ping service by default and hence you may not receive any response for the ping command. It is same with cloud VM’s as well. Ping is by default disabled unless you’ve enabled it. What you should be interested is whether service address is resolving to IP address or not. In the above example, my application URL is resolving to 111.221.109.188. This indicates that there are no DNS related issues with my service.
For more details on ping, please refer https://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/ping.mspx?mfr=true
Next command I would use is telnet. For example
C:\Users\hari>telnet 1d6d6f26c0184f6c8ef29e1cf40a87e7.cloudapp.net 80
In this example, 1d6d6f26c0184f6c8ef29e1cf40a87e7.cloudapp.net is my application URL and port 80 is the port my application is listening at. For testing your application, replace these with your application URL, port.
If you see a blank window coming up as a result of the telnet command, it means your application is working fine and listening at specified port. If you see any errors as a result, it means either your application is not listening at the specified port or there might be networking
issue with your specific network that is blocking the outbound traffic to the specified address. To quickly, isolate whether it is your specific network issue or not, try running the same command by using generic internet providers. For example, from your home network or by using USB Internet stick. Also, telnet is not installed by default on the machines. Please make sure you installed Telnet client on the machine before running the command. For more details on telnet command please refer to https://technet.microsoft.com/en-us/library/cc787407(WS.10).aspx
If you are unable to conclude the issue by running ping, telnet commands, you might need to use tracert command, capture network traces to analyze the networking issue. Involve your network administrators to help you with the same.
Other Useful article(s)
When using ServiceBus, Regardless of which datacenter your namespace is hosted on, you will have to open up IP Range/ports for the United States (South/Central) address range open if you set "ServiceBusEnvironment.SystemConnectivity.Mode = ConnectivityMode.Auto" (which is the default). The Microsoft.ServiceBus.dll assembly has code which connects to the United States (South/Central) datacenter.