You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: support/azure/azure-kubernetes/connectivity/basic-troubleshooting-outbound-connections.md
+6-6Lines changed: 6 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -76,10 +76,10 @@ When you troubleshoot outbound traffic in AKS, it's important to know what netwo
76
76
The flow could also differ based on the destination. For example, internal traffic (that is, within the cluster) doesn't go through the external network resources and only uses the cluster networking. For public outbound traffic, determine which network resources are implemented for your cluster.
77
77
78
78
#### Check outbound connectivity path and blockers with Azure Virtual Network Verifier (Preview)
79
-
To check where traffic is blocked within your network resources to specific endpoints (e.g.`mcr.microsoft.com`), you can use the [Azure Virtual Network Verifier (Preview)](/azure/virtual-network-manager/concept-virtual-network-verifier) tool. By running a connectivity analysis, you can visualize the hops within the traffic flow and any misconfigurations within Azure networking resources that are blocking traffic. We recommend using the Virtual Network Verifier tool as a first step in troubleshooting outbound connectivity issues to isolate the issue and detect problematic network configuration. For more instructions, [check if Azure network resources are blocking traffic to the endpoint using Azure Virtual Network Verifier (Preview)](#check-if-azure-network-resources-are-blocking-traffic-to-the-endpoint).
79
+
To check where traffic is blocked within your network resources to specific endpoints (for example,`mcr.microsoft.com`), you can use the [Azure Virtual Network Verifier (Preview)](/azure/virtual-network-manager/concept-virtual-network-verifier) tool. By running a connectivity analysis, you can visualize the hops within the traffic flow and any misconfigurations within Azure networking resources that are blocking traffic. We recommend using the Virtual Network Verifier tool as a first step in troubleshooting outbound connectivity issues to isolate the issue and detect problematic network configuration. For more instructions, [check if Azure network resources are blocking traffic to the endpoint using Azure Virtual Network Verifier (Preview)](#check-if-azure-network-resources-are-blocking-traffic-to-the-endpoint).
80
80
81
81
#### Manual troubleshooting
82
-
For manual troubleshooting, we recommend you check the following:
82
+
For manual troubleshooting, we recommend you check the following items:
83
83
84
84
- The source and the destination for the request.
85
85
- The hops in between the source and the destination.
@@ -150,15 +150,15 @@ To determine if traffic is blocked to the endpoint due to Azure network resource
150
150
2. Identify the nodepool you want to run a connectivity analysis from. Click on the nodepool to select it as the scope.
151
151
3. Select "Connectivity analysis (Preview)" from the toolbar at the top of the page. If you don't see it, click on the three dots "..." in the toolbar at the top of the page to open the expanded menu. <imgwidth="626"alt="image"src="https://github.com/user-attachments/assets/b2f05947-f753-49b9-9536-98d0b998ab52" />
152
152
4. Select a Virtual Machine Scale Set (VMSS) instance as the source. The source IP addresses are populated automatically.
153
-
5. Select a public domain name/endpoint as the destination for the analysis e.g.`mcr.microsoft.com`. The destination IP addresses are also populated automatically.
154
-
6. Run the analysis and wait up to 2 minutes for the results. In the resulting diagram, identify the associated Azure network resources and where traffic is blocked. Click on the arrows or the "JSON output" tab to view the detailed analysis output.
153
+
5. Select a public domain name/endpoint as the destination for the analysis, one example is`mcr.microsoft.com`. The destination IP addresses are also populated automatically.
154
+
6. Run the analysis and wait up to 2 minutes for the results. In the resulting diagram, identify the associated Azure network resources and where traffic is blocked. To view the detailed analysis output, click on the "JSON output" tab or click into the arrows in the diagram.
155
155
156
156
157
157
#### Check that the Domain Name Service (DNS) resolution for the endpoint works correctly
158
158
159
-
You can run a DNS lookup to the endpoint by running a debugging pod on one of your AKS nodes. If you have isolated the connectivity issue to a specific problematic pod or namespace, run the DNS lookup from within the same namespace where you notice the problem.
159
+
You can run a DNS lookup to the endpoint by running a debugging pod on one of your AKS nodes. If the issue is isolated to a specific problematic pod or namespace, run the DNS lookup from within the same namespace where you notice the problem.
160
160
161
-
If you can't run the [kubectl exec](https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands#exec) command to connect to the pod and install the DNS Utils package, you can [start a test pod in the same namespace as the problematic pod](https://kubernetes.io/docs/tasks/administer-cluster/dns-debugging-resolution/#create-a-simple-pod-to-use-as-a-test-environment), and then run the tests.
161
+
If you can't run the [kubectl exec](https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands#exec) command to connect to an existing pod, you can [start a test pod in the same namespace as the problematic pod](https://kubernetes.io/docs/tasks/administer-cluster/dns-debugging-resolution/#create-a-simple-pod-to-use-as-a-test-environment) to run the tests.
0 commit comments