Forum Discussion

henry_coding101's avatar
henry_coding101
Copper Contributor
Sep 26, 2024

Peering Virtual Network Access to OpenAI resources?

In tenant A, I have an existing OpenAI resource that is set to only be accessible from a virtual network, in which a VM rests in place.


The VM can connect to the OpenAI resource successfully.

 

Now to access other OpenAI resources from another tenant B, I have added a peering connection to connect the virtual network of the OpenAI resources from tenant B with the virtual network in tenant A. (the typical 10.0.0.0-10.1.0.0 example)

 

But when trying to call the API endpoint in the VM using REST or JavaScript SDK, 403 error occurs: "Access denied due to Virtual Network/Firewall rules"

 

The peering network is confirmed to be successfully through the network interface of the VM.

 

 

Is linking to Azure OpenAI resources like this possible, or do we have to use a private endpoint?

 

1 Reply

Sort By
  • Kidd_Ip's avatar
    Kidd_Ip
    MVP
    Dec 23, 2024

    Try referring to this:

     

    1. Check Network Security Groups (NSGs)
    • Ensure that the Network Security Groups (NSGs) associated with both virtual networks allow traffic between them. Specifically, check for inbound and outbound rules that permit traffic on the necessary ports.
    1. Update Firewall Rules
    • Verify that the firewall rules for the OpenAI resource in tenant B allow traffic from the peered virtual network in tenant A. You may need to add the IP address range of the peered network to the allowed list.
    1. Private Endpoint Configuration
    • If you're using private endpoints, ensure that the private endpoint for the OpenAI resource in tenant B is correctly configured to accept traffic from the peered network in tenant A.
    1. DNS Configuration
    • Ensure that DNS settings are correctly configured to resolve the OpenAI resource's private endpoint from the VM in tenant A. You might need to set up custom DNS or use Azure Private DNS zones.
    1. Virtual Network Peering Settings
    • Double-check the peering settings to ensure that "Allow forwarded traffic" and "Allow gateway transit" options are enabled if necessary.
    1. Service Endpoint Configuration
    • If you're using service endpoints, ensure that they are enabled for the necessary services on both virtual networks.

     

Resources