问题
For networking I'm using new Standard SKU (Load balancer, Public IP addresses, etc.). By default everything is disabled for Public IP Address Standard SKU.
I added the following and got TCP outbound connectivity: 1. NSG - enabled all outbound traffic 2. Load balancer rule - rule for Tcp & disabled SNAT 3. Outbound rule - for Tcp
Now when I remote to VMSS VM instance, I can open "google.com". But "ping google.com" keeps timing out.
I wonder what I should configure to enable ping/tracert to work (they are essential for my service offering)?
(First I created VMSS with default Basic Load Balancer - there everything works, including ping).
回答1:
Turned out this is a limitation of Load Balancer. According to documentation it should apply for both Basic and Standard Load Balancers. For me Basic does allow ICMP traffic and Standard does not.
This article suggests a few workarounds (using psping instead of ping): https://blogs.msdn.microsoft.com/mast/2014/06/22/use-port-pings-instead-of-icmp-to-test-azure-vm-connectivity/
来源:https://stackoverflow.com/questions/54705070/azure-load-balancer-standard-sku-how-to-enable-outbound-icmp-traffic-make-p