This is not supported yet by this tile although we would like to see it happen sometime near in the future.
The reason this is important to us is because we have been running PCF at scale in AWS and we would love to see this working in Azure. Our performance tests fail in Azure because of SNAT port exhaustion. The underlying reason for this is because when we load our foundation, our internal VNET communications from our diego cells have to flow publicly out on to the internet because that is the only way to reach postgres provisioned through this tile. This introduces a NAT'ing problem with a hard 64K port limit per instance. Even worse if you are using an outbound load balancer with a public IP because then those 64K ports are distributed across the your VM's in your backend pool. 10 VM's gives you a distribution of 6400 ports per machine. The answer is to obviously add more public IP's.
The secondary problem is when we remove the outbound load balancer with a public IP then our we run into problems predicting what the IP's are, this causes issues when trying to whitelist them via the firewall rule configuration in postgres. Private links would help alleviate this problem.
Hi
There is a preview offering from Microsoft called "private links" which was released Jan 2020, please see link here: https://azure.microsoft.com/en-gb/updates/private-link-for-azure-database-for-postgresql-single-server-is-now-in-preview/
This is not supported yet by this tile although we would like to see it happen sometime near in the future.
The reason this is important to us is because we have been running PCF at scale in AWS and we would love to see this working in Azure. Our performance tests fail in Azure because of SNAT port exhaustion. The underlying reason for this is because when we load our foundation, our internal VNET communications from our diego cells have to flow publicly out on to the internet because that is the only way to reach postgres provisioned through this tile. This introduces a NAT'ing problem with a hard 64K port limit per instance. Even worse if you are using an outbound load balancer with a public IP because then those 64K ports are distributed across the your VM's in your backend pool. 10 VM's gives you a distribution of 6400 ports per machine. The answer is to obviously add more public IP's.
The secondary problem is when we remove the outbound load balancer with a public IP then our we run into problems predicting what the IP's are, this causes issues when trying to whitelist them via the firewall rule configuration in postgres. Private links would help alleviate this problem.
Can we please consider supporting this?
Many thanks.