This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(259.20000000000005, 68%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ET%3C/text%3E%3C/svg%3E)
Hello,
If we add 2 ip's as outbound rule in the AKS standard load balancer targeting to same backend pool then does it increase the SNAT ports count to 64k*2.
If yes, can we use 1 default public ip which azure automatically creates and add one more by creating our own.
Please suggest. Thank you.
Kind Regards,
Tanul
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(140.8, 4%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBK%3C/text%3E%3C/svg%3E)
Thank you Tanui
Adding more IP addresses to a Standard Load Balancer in an AKS VMSS does not directly increase the number of SNAT ports available. The number of SNAT ports in Azure is determined by the number of backend instances in the VMSS.
The allocation of SNAT ports in Azure is based on the number of backend instances in the VMSS, with each instance having access to 64,000 SNAT ports. So, if you have a single backend instance in your VMSS, you will have 64,000 SNAT ports available. If you have two backend instances, the total SNAT port count will be 128,000 (64,000 per instance).
Adding multiple IP addresses as outbound rules in the AKS standard load balancer targeting the same backend pool does not directly increase the SNAT port count. The availability of SNAT ports is tied to the number of backend instances, not the number of IP addresses.
Regarding your second question, it is indeed possible to use the default public IP automatically created by Azure and add another public IP of your own. You can create a standard load balancer in Azure and assign the default public IP to it. Additionally, you can create a separate public IP resource and associate it with the same standard load balancer. This allows you to have two public IP addresses available for your AKS cluster.
It is important to note that the number of SNAT ports will still be determined by the number of backend instances in the VMSS, regardless of the number of public IP addresses you have.
I hope I was able to answer your questions.
@Anonymous Oh got it. Then I think. Adding a new public ip will only makes sense if we are adding one new node pool. And using another ip as the outbound for another node pool. Am I correct?
@Anonymous One more query what is backend instance in VMSS. Does that mean one single machine in VMSS or a complete VMSS node pool of n number of machines.
If I'm not wrong backend means VM but backend instance is complete node pool. Am I correct?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(35.2, 30%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAB%3C/text%3E%3C/svg%3E)
Hello Tanul,
The previous answer (from Brian kemboi) is not correct.
Configuring the AKS Standard Load Balancer with more IPs will provide you more SNAT ports. Each IP has 64000 ports.
This is documented here: https://video2.skills-academy.com/en-us/azure/aks/load-balancer-standard#configure-the-allocated-outbound-ports
"Each IP address provided by a frontend provides 64k ephemeral ports for the load balancer to use as SNAT ports."
In that documentation you can find examples on how to calculate and also on how to update the number of LB outbound IP count or update the LB with your own IP.
Hopefully this is what you are looking for! If you have additional questions, please let us know in the comments.
If this has been helpful, please take a moment to accept answers as this helps increase visibility of this question for other members of the Microsoft Q&A community. Thank you for helping to improve Microsoft Q&A!
@Andrei Barbu Oh thank god you saved. One last query.. I have added one more ip in outbound and front end rule of load balancer. Now I've ssh the AKS node and checked the egress ip of that node by running command curl ifconfg.me. Its still showing the same ip created by azure which is 20.xx.xx.xx series. The ip which I have added in the out bound is of 40.xx.xx.xx series. However, I don't have any control on the series range. How to use the another ip created by me for egress in the node pools.
@Andrei Barbu Or both the ip's will act as round robin. Node pools is the backend can pick any one dynamically for egress
Honestly, I am not sure how the connections are distributed but I would assume round-robin. To make sure the configuration is correct, please help with the following information.
1 - Please provide all the steps on how you configured the 40.x.x.x IP address to be used by the AKS LB.
2 - If you open the LB and go to "Frontend IP configuration", will both, the 20.x.x.x and 40.x.x.x IP be shown there?
Steps are as follows:
And didn't click anywhere else. That's how created the ip and added as outbound rule
@Andrei Barbu Is it correct or there is some other process. Could you please help. Really appreciate. Thank you.
Hello @Tanul ! The way you added the IP is not the correct one. You need to do it via "az aks" commands. The LB is managed by AKS and if you modify it manually, the changed will be reverted back after any PUT operation.
Please make sure to carefully read https://video2.skills-academy.com/en-us/azure/aks/load-balancer-standard to understand how to properly manipulate your AKS LB.
Regarding "Adding more IPs doesn't add more ports to any node, but it provides capacity for more nodes in the cluster" that is correct. Any new public IP will have 64k ports, but you need to configure the LB to associate that ports to the nodes.
Your question was if adding a second IP if the SNAT ports will double and that's what I answered. What you mentioned is covered in the link that I initially sent: https://video2.skills-academy.com/en-us/azure/aks/load-balancer-standard#configure-the-allocated-outbound-ports. You'll have to use "az aks update" with "--load-balancer-outbound-ports" parameter to allocate that ports to the nodes.
@Andrei Barbu, Got it. Thank you so much
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(118.4, 98%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKM%3C/text%3E%3C/svg%3E)
Tanul If the answer above helped, please don’t forget to Accept Answer and hit Yes for "was this answer helpful" wherever the information provided helps you. This can be beneficial to other community members for remediation for similar issues.
If you still have questions, please let us know in the "comments" and we would be happy to help you. Comment is the fastest way of notifying the experts.