Azure Relay WCF and Hybrid Connections DNS Support
Published Mar 15 2019 12:27 PM 13K Views
Microsoft

For Relay customers who have struggled maintaining a whitelist of Azure datacenter IP addresses, you can now whitelist "*.servicebus.windows.net". The newest version of the client will make outbound calls to the Relay service using fully qualified domain names instead of IP addresses when using HTTP connectivity. Additionally, we are moving Azure Relay to Virtual Machine Scale Sets which will provide the latest infrastructure to improve our customers' experience. We hope this makes your network configuration a lot simpler!

After that it should be all set for your app to connect using Web Sockets that use DNS names instead of IPs.

Also, even if you are using TCP connectivity mode, finding out which IP addresses are used to rendezvous for a namespace is now possible by DNS queries. If you have statically configured IP addresses or DNS names in your infrastructure or firewalls, you may need to update your settings. To make sure interruptions are non-impacting, it is our suggestion to make sure our customers have all gateways listed in your configuration. See below for instructions:



For example:

ping yournamespace.servicebus.windows.net resolves to something like ns-prod-cy4-001.cloudapp.net for VMSS or ns-sb2-prod-cy4-001.cloudapp.net for legacy platforms.


The gateways of namespaces in your cluster can be obtained with something like:

 

Names that start with "G" or "GV" will resolve. If you see a name with "GV", it will be a new gateway to our Latest platform. For optimal performance, please ensure all gateways are listed in your configuration settings.

 

* We also have a PowerShell script for you to use that allows you to look up DNS records for your relay namespace: https://github.com/Azure/azure-relay-dotnet/blob/dev/tools/GetNamespaceInfo.ps1

 

ping gv0- prod-cy4-001 -sb.servicebus.windows.net resolves to something like 13.78.149.88
ping gv1- prod-cy4-001 -sb.servicebus.windows.net resolves to something like 13.78.149.110
ping gv2- prod-cy4-001 -sb.servicebus.windows.net resolves to something like 13.78.149.158
... ... ... ... ... ... ... ... ... ...
ping gv31- prod-cy4-001 -sb.servicebus.windows.net resolves to something like 13.78.149.50

or

ping - prod-cy4-001 -sb.servicebus.windows.net resolves to something like 13.78.149.88

... ... ... ... ... ... ... ... ... ...

ping g31- prod-cy4-001 -sb.servicebus.windows.net resolves to something like 13.78.149.110


Customers may also be wondering about the IP addresses for the Azure datacenters they connect to for the Relay service, here are some FAQs:

1. Are these IPs fixed?
No, these IPs will change over time.

2. How often and how much do these IPs change?
There is no contract on this, but our expectation is that between 10-20% of the IPs will change every month.

3. Can we get notifications when these IPs change?

We currently suggest using the provided PowerShell script mentioned above.

4. How many gateway machines typically exist for a ‘scale unit’?

There is no contract on this, but typical sizes are 16, 32 and 64.
It is very safe to assume that there will always be less than 128 per scale unit.

*Important Note:

Whatever setup you have this will not break your existing relays. We do strongly recommend using DNS filtering to simplify proxy/firewall management.

 

In the latest release of the Service Bus .NET Client (3.4.5) comes a highly requested feature for Azure WCF Relay customers, it now supports domain names! Our SDK supports DNS and IP configurations. To view the latest SDK, follow this link. Azure.Messaging.ServiceBus (7.16.2)

If you want to try this out, here’s how:

1. Use the Microsoft.ServiceBus.dll available in the latest client release (3.4.5 or higher)
2. Set ServiceBusEnvironment.SystemConnectivity.ConnectivityMode = ConnectivityMode.Https

 


--Relay Out--

Co-Authors
Version history
Last update:
‎Feb 12 2024 02:42 PM
Updated by: