Andy Johnson

My feedback

  1. 17 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  (General Feedback) » Offers  ·  Flag idea as inappropriate…  ·  Admin →
    Andy Johnson commented  · 

    Agree, creating custom RBAC roles is somewhat of a pain. Would be nice if you had a RBAC Role builder UI, which could both a) browse permissions and b) evaluate roles and effective permissions for SPN's/accounts/whatever.

    Andy Johnson supported this idea  · 
  2. 54 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Data Lake  ·  Flag idea as inappropriate…  ·  Admin →
    Andy Johnson supported this idea  · 
  3. 480 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    18 comments  ·  Networking » Load Balancing  ·  Flag idea as inappropriate…  ·  Admin →
    Andy Johnson supported this idea  · 
  4. 291 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    8 comments  ·  Networking » Virtual Networks (VNET)  ·  Flag idea as inappropriate…  ·  Admin →
    Andy Johnson supported this idea  · 
  5. 466 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    18 comments  ·  Networking » Virtual Networks (VNET)  ·  Flag idea as inappropriate…  ·  Admin →
    Andy Johnson supported this idea  · 
  6. 235 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    7 comments  ·  Networking » Load Balancing  ·  Flag idea as inappropriate…  ·  Admin →
    Andy Johnson supported this idea  · 
    Andy Johnson commented  · 

    Yes, this is a really common problem, I am surprised it's not addressed in ILB. You don't even need multiple services to trigger this bug: a single VIP, serving two VM's. If your VM's have to make a self-referencing call (to the ILB VIP), the Source NAT rules don't treat it any differently!

    This means if VM1(client) makes call to ILB VIP, and ILB VIP load balances back to VM1(server), the *initial* SYN packet makes it's way to ILB VIP, no problem. When the ILB VIP forwards the packet to VM1(server), the Source NAT steps in, and changes the source IP to become VM1 (just, likely with a different port, for translation purposes). VM1(server) replies to that packet, but since the reply destination is ITS OWN IP, it doesn't leave the network interface.

    I am pretty sure most mature load balancers address this by performing NAT translation of any requests coming from the real servers, with a destination of any of the hosted VIPs, to an IP address OTHER than their own.

Feedback and Knowledge Base