Azure Load Balancer (Standard SKU) - how to enable outbound ICMP traffic (make ping work)?

0
votes

For networking I'm using new Standard SKU (Load balancer, Public IP addresses, etc.). By default everything is disabled for Public IP Address Standard SKU.

I added the following and got TCP outbound connectivity: 1. NSG - enabled all outbound traffic 2. Load balancer rule - rule for Tcp & disabled SNAT 3. Outbound rule - for Tcp

Now when I remote to VMSS VM instance, I can open "google.com". But "ping google.com" keeps timing out.

I wonder what I should configure to enable ping/tracert to work (they are essential for my service offering)?

(First I created VMSS with default Basic Load Balancer - there everything works, including ping).

1
azure-vm-scale-setazure-load-balancer
How did you do thisFirst I created VMSS with default Basic Load Balancer - there everything works, including ping, could you describe it? the default LB with vmss is standard public LB on my side.afaik, Azure LB does not support ICMP, only TCP and UDP.Nancy Xiong
Used "az vmss create". It creates with Basic LB. Ping works there.ZakiMa
I did az vmss create with basic LB, but cannot ping www.google.com on the windows vmss instance. Could you verify this?Nancy Xiong
Yes, i can still ping it =)ZakiMa

1 Answers

0
votes

Turned out this is a limitation of Load Balancer. According to documentation it should apply for both Basic and Standard Load Balancers. For me Basic does allow ICMP traffic and Standard does not.

This article suggests a few workarounds (using psping instead of ping): https://blogs.msdn.microsoft.com/mast/2014/06/22/use-port-pings-instead-of-icmp-to-test-azure-vm-connectivity/