Reputation: 5487
SQL Azure DB Connection Router Repair Message: Do I need to take action?
After the well-known issues with SQL Azure and Azure DNS this week, we've just received a message in our Azure portal:
In the course of this week and next week starting 16 Sep 2016, we will be failing over SQL Azure DB connection router to increase capacity and provide additional resiliency in West Europe as one of the repair item from Azure SQL DB outage on 9/12 and 9/15 (Listed here: https://azure.microsoft.com/en-us/status/history) We have identified you who might be impacted by this change as you may be using outgoing firewall rules. As part of the failover process the IP address behind .database.windows.net will change. We recommend you add the following IP addresses to your rules to allow connections on port 1433 - Australia East: 13.75.149.87 - Australia South East: 13.73.109.251 - Japan East: 13.78.61.196 - Japan West: 104.214.148.156 - North Europe: 40.113.93.91 - South Central US: 13.66.62.124 - South East Asia: 104.43.15.0 - West Europe: 40.68.37.158 - West US: 104.42.238.205 Alternatively, please considering opening the outgoing firewall rules to the entire Azure IP address range set, available at https://www.microsoft.com/en-us/download/details.aspx?id=41653 For an overview of Azure SQL DB connectivity architecture for connections from inside and outside of Azure, please refer to this MDSN article https://azure.microsoft.com/en-us/documentation/articles/sql-database-develop-direct-route-ports-adonet-v12/ .
Now we simply have a very standard ASP.NET MVC App deployed to App Service. It connects to an SQL Azure database (with a hostname ending in .database.windows.net) hosted in the same region. This leads me to believe that we don't need to do anything in response to the message above, because it's all "inside Azure". Would somebody be kind enough to confirm our thoughts here, and perhaps explain in which situations one would need to react to the message above? Unfortunately the links in the message aren't particularly relevant to this exact change, so perhaps an answer here would benefit others who also received this message and want to make sure they're not missing anything.
Upvotes: 1
Views: 208
Answers (1)
Reputation: 71120
Seems like you won't need to do anything in your case: There's a generic firewall rule already in-place to allow for Azure resources (such as Web Apps) to access SQL Database. And you should already have that rule enabled.
Outbound firewall rules are going to be specific to outside VM's/servers (e.g. on-premises) that are trying to establish a connection to an Azure-based SQL Database instance and have an active firewall limiting outbound traffic. So anyone with an active firewall that whitelists IP ranges, and allows for SQL Database access, will need to update their firewall's IP ranges accordingly.
Upvotes: 3
Related Questions
- Azure error - connection string difficulties
- SQL Azure - Failed Connections - But no problems?
- strange azure sql database connection issue
- Unable to connect to Azure SQL Server. Getting an error "The Network path was not found"
- Azure SQL database Connection issues
- SQL Connection Issues... next steps
- Connection to SQL Azure DB is unstable
- SQL Azure connectivity fails all of a sudden
- Azure SQL firewall database bug & contacting technical support
- Cannot connect to SQL Azure