Jump to content
Free PC Help Forum
Logging In to Free PC Help Forum Has Changed

Investigate Azure Spring Apps Networking Issue with the new Connect feature

Guest Hanli_Ren

By Guest Hanli_Ren
in Microsoft Support & Discussions

 Share

Recommended Posts

Guest Hanli_Ren

Guest Hanli_Ren

Posted
Posted

In A Simple Network Connection Test Tool for Azure Spring Cloud we demonstrated a way to build a very simple App for DNS resolve and TCP ping tests in Azure Spring Apps.

 

 

 

Azure Spring Apps published a new Connect Feature that allows you access the shell environment inside your application instances to do advanced troubleshooting.

 

 

 

This blog aimed to describe how to directly access the shell environment inside your application instances to investigate common networking issues.

 

 

 

Step 1: Connect to an app instance for troubleshooting

 

Step 2: Investigate Azure Spring Apps Networking Issue in the Console

 

Step 1: Connect to an app instance for troubleshooting

 

 

Reference Doc: Connect to an app instance for troubleshooting

 

 

1. Before connecting to an app instance, you must be granted the role Azure Spring Apps Connect Role to your Azure Spring Apps service.

Detailed guide can be found in Assign Azure Spring Apps Connect Role

 

  • Using Azure Portal
    Azure Spring Apps -> Access control (IAM) -> Add role assignment

 

largevv2px999.png.b87ac4f98a750271eb05cdc96773b232.png

 

 

 

  • Use Azure CLI

 

 

 

az role assignment create --role 'Azure Spring Apps Connect Role' --scope '/subscriptions/xxx/resourceGroups/xxx/providers/Microsoft.AppPlatform/Spring/xxx' --assignee xxx@xxx.com

 

 

 

 

 

 

 

2. Connect to app instance

Important Note:

If your Azure Spring Apps is created with VNET injection, by default, the shell environment can only be accessed from inside the VNET.

If you want to connect the console from outside the VNET, please enable "Log streaming on public network".

 

869x707vv2.png.b701c622fed2199e970019a418b92df2.png

 

 

 

  • Using Azure Portal to connect to app instance
    Azure Spring Apps -> Apps, select the App you want to connect to

 

740x215vv2.png.91be060c91364d6d9eb82ad4876ab0ed.png

 

 

 

Go to
Console

Select the
App instance
and
Start up shell
, then click
Connect
.

 

largevv2px999.png.776e01a08df34e02bf1b6d21fb25b1fc.png

 

 

 

  • Using Azure CLI to connect to app instance

 

 

 

az spring app connect \

--subscription <subscription-id> \

--service <your-service-instance> \

--resource-group <your-resource-group> \

--name <app-name> \

--deployment <deployment-name> \

--instance <instance_name> \

--shell-cmd /bin/bash

 

 

 

 

 

 

Note: --deployment, --instance and --shell-cmd are optional arguments.

 

956x141vv2.png.bc4b8ae1914222626f6ff8b85590eab7.png

 

 

 

Step 2: Investigate Azure Spring Apps Networking Issue in the Console

 

 

After we Connect to the shell environment inside your application instances, we can use preinstalled commands to investigate the following common networking issues:

 

 

 

DNS resolve failure

 

Connection Timeout Issue

 

SSL handshake issue

 

Monitor established connections status

 

 

 

DNS resolve failure

 

 

It is a common issue that our customer DNS server is not correctly configured to forward DNS requests to upstream public DNS server. In this case we can use nslookup command to run name resolver test.

 

For example:

Test nslookup with default DNS server

 

Note: If you are using VNET injection for your Azure Spring Apps, the platform will pick your DNS server configured in your VNET as the default DNS server.

 

 

 

nslookup mcr.microsoft.com

 

 

 

780x398vv2.png.7020a8bd74426ea0ac12a959f596a973.png

 

 

 

Test nslookup with Azure DNS server

 

 

 

nslookup mcr.microsoft.com 168.63.129.16

 

 

 

 

 

788x188vv2.png.283935a77bed0c5a1f54712a3db19b40.png

 

 

 

Test nslookup with Custom Specified DNS server

 

 

 

nslookup mcr.microsoft.com 10.0.0.123

 

 

 

 

 

785x124vv2.png.c69b4b91bdaadce29764ba8f78d8615e.png

 

 

 

Connection Timeout Issue

 

 

It is a common issue that an App running inside Azure Spring Apps encounter connection issue to a remote target.

We can use "ncat" command to test connection in TCP/UDP level.

 

For example:

Test TCP connection

 

 

 

nc -vz mcr.microsoft.com 443

 

 

 

 

 

659x211vv2.png.9512bb2b4e83790aa231e29d43fc09cf.png

 

 

 

Test UDP connection

 

 

 

nc -vz -u ntp.ubuntu.com 123

 

 

 

 

 

671x118vv2.png.873facbec8e37b21454c78024f44af27.png

 

 

 

SSL handshake issue

 

 

It is also common to encounter SSL handshake issue.

We can use "curl" command to run SSL test.

 

For example:

Curl Failed because of SSL failures

 

 

 

curl https://self-signed.badssl.com/

 

 

 

 

 

733x154vv2.png.4ae43605c297bb56d8883fd0ab382960.png

 

 

 

Test connection without security check

 

 

 

curl --insecure https://self-signed.badssl.com/

 

 

 

 

 

738x419vv2.png.ac191a07c9b1fd5ac14a8346f6d76cdb.png

 

 

 

Use “curl -iv” to do further investigation

 

 

 

curl -iv https://self-signed.badssl.com/

 

 

 

 

 

693x305vv2.png.9ffad6bc46e55961230125daaa05817b.png

 

 

 

Monitor established connections status

 

 

We can also use netstat command to monitor established connections status.

 

 

 

netstat -anp

 

 

 

 

 

708x483vv2.png.032d75be0ecbac3b7ebe4f7ce5a7ea0f.png

 

Continue reading...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...