I am peering two VNets within different subscriptions but same Region using VNET-to-VNET peering. We have a private DNS Zone setup to resolve domain names and have configured the following settings as per Microsoft's documentation; WEBSITE_DNS_SERVER with value 168.63.129.16 and WEBSITE_VNET_ROUTE_ALL with value 1. When setting WEBSITE_VNET_ROUTE_ALL to 1 a whole lot of errors start to be thrown by the FunctionApp which we can see inside App Insights. Also code within our functions is unable to route to destination webservices in peered VNet. For testing purpose we have created another subnet with the Same VNet that the Function Subnet is deployed and can successfully connected to the destinations webservices we are trying to call. Is there any additional configuration needed for the FunctionApp that we need?
0
votes
Could you show which docs you followed? What you describe "destination webservices in peered VNet.". Are webservice hosting on Azure VM or VMSS or Azure app service?
– Nancy Xiong
Hi @NancyXiong thanks very much for you response. Working with Microsoft I managed to resolve this issue. Please see my answer below.
– Brett Jacobsen
1 Answers
0
votes
This reason that I was getting errors when enabling the config setting WEBSITE_VNET_ROUTE_ALL on the function app was because the function app itself could no longer see it's app key and site files from the storage account. Due to all traffic no being routed within my on virtual network. What needed to be done was setup private endpoints for Blob and File storage within the storage account once the private endpoints are setup you also need to setup private DNS Zones with the appropriate routing.
This article explains the network configuration needed:
This article explains the private links and appropriate DNS entries:
https://docs.microsoft.com/en-us/azure/storage/common/storage-private-endpoints
