Why can’t I ping my #Azure #IaaS VM? – Part 1

Anyone doing work with infrastructure probably uses ping (at least unofficially) to troubleshoot network connectivity. However, while working with Azure infrastructure, ping, by default, does not work.

There are a couple of scenarios to consider:
1. I can’t ping my Azure Windows Virtual Machine from my laptop (or any location outside of Azure)
2. I can’t ping an Azure Windows Virtual Machine from another Virtual Machine within the same Virtual Network

In this post we’ll explore

1. I can’t ping my Windows Azure Virtual AM from my laptop

Azure Firewall has disabled ICMP by default. Hence, you can’t ping your virtual machine from outside of Azure.

Possible solutions:
a. Add an Instance-Level Public IP Address to the Azure virtual machine. This simply bypasses the firewall enabling you to use ping as normal on the Azure VM.

b. You can use PsPing, an utility that performs ping over TCP ports instead of ICMP.

C:\>ping CLJun21WS12R2A.cloudapp.net
Pinging CLJun21WS12R2A.cloudapp.net [23.100.76.67] with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 23.100.76.67:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

C:\>psping CLJun21WS12R2A.cloudapp.net:56972
PsPing v2.01 – PsPing – ping, latency, bandwidth measurement utility
Copyright (C) 2012-2014 Mark Russinovich
Sysinternals – http://www.sysinternals.com
TCP connect to 23.100.76.67:56972:
5 iterations (warmup 1) connecting test:
Connecting to 23.100.76.67:56972 (warmup): 60.44ms
Connecting to 23.100.76.67:56972: 61.28ms
Connecting to 23.100.76.67:56972: 63.41ms
Connecting to 23.100.76.67:56972: 63.69ms
Connecting to 23.100.76.67:56972: 60.41ms

TCP connect statistics for 23.100.76.67:56972:
Sent = 4, Received = 4, Lost = 0 (0% loss),
Minimum = 60.41ms, Maximum = 63.69ms, Average = 62.20ms

TLDR; The ILPIP approach leaves you exposed on the Internet and is not recommended unless you also intend to put in additional time securing the local firewall of the VM. On the other hand, if you know exactly what ports you intend to ping (for instance 3389 for RDP), PsPing tool will allow you to do so without having to open up additional ports.

Advertisements

1 thought on “Why can’t I ping my #Azure #IaaS VM? – Part 1”

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s