Be rational about SNAT Port Exhaustion Alert on Azure App Service

Recently Azure App Service users might receive email alert on potential SNAT Port Exhaustion risk of services. Here is a sample email.  

This post is about looking at this alert rationally. 

This alert alone does not mean there is a drop in availability or performance of our app services.   

If we suspect the availability or performance of our app services degraded and SNAT Port Exhaustion is a possible reason for that, we can have a quick check if there were below symptoms correlated with the alert.  

• Slow response times on all or some of the instances in a service plan.  
• Intermittent 5xx or Bad Gateway errors  
• Timeout error messages  
• Could not connect to external endpoints (like SQLDB, Service Fabric, other App services etc.)  

Because SNAT Port is consumed only when there are outbound connections from App Service Plan instances to public endpoints. If port exhausted, there must be delay or failure in those outbound calls. Above symptoms will help justify if we are on the right track looking into SNAT Port Exhaustion.   

If we did observe slowness or failure in outbound calls that correlated with the email alert, we may refer to the guidance section mentioned in alert email and this document Troubleshooting intermittent outbound connection errors in Azure App Service - Azure App Service | Microsoft Docs for further troubleshooting.