0

I'm encountering a connection problem from our Azure App Service web application (.NET Framework 4.7) and our service running in a container instance. When trying to establish a connection, an exception is raised. When enabling the .NET Socket logging, I see the following:

System.Net.Sockets Verbose: 0 : [4404] Entering Socket#48359280::Connect(10.0.1.4)
    ProcessId=7176
    DateTime=2021-02-09T08:08:14.0357422Z
System.Net.Sockets Verbose: 0 : [4404] Entering DNS::GetHostAddresses(10.0.1.4)
    ProcessId=7176
    DateTime=2021-02-09T08:08:14.0357422Z
System.Net.Sockets Verbose: 0 : [4404] Exiting DNS::GetHostAddresses()            -> IPAddress[]#44849943
    ProcessId=7176
    DateTime=2021-02-09T08:08:14.0490561Z
System.Net.Sockets Verbose: 0 : [4404] Entering Socket#48359280::Connect(IPAddress[]#44849943)
    ProcessId=7176
    DateTime=2021-02-09T08:08:14.0490561Z
System.Net.Sockets Verbose: 0 : [4404] Entering Socket#48359280::Connect([::ffff:10.0.1.4]:7600#501859741)
    ProcessId=7176
    DateTime=2021-02-09T08:08:14.0490561Z
System.Net.Sockets Error: 0 : [4404] Socket#48359280::UpdateStatusAfterSocketError() - AccessDenied
    ProcessId=7176
    DateTime=2021-02-09T08:08:14.0658428Z
System.Net.Sockets Error: 0 : [4404] Exception in Socket#48359280::Connect - An attempt was made to access a socket in a way forbidden by its access permissions [::ffff:10.0.1.4]:7600.
    ProcessId=7176

The code, which establishes the connection is:

    try
    {
        socket = new Socket(AddressFamily.InterNetworkV6, SocketType.Stream, ProtocolType.Tcp);
        if (socket != null)
        {
            socket.SetSocketOption(SocketOptionLevel.IPv6, SocketOptionName.IPv6Only, false);
            socket.NoDelay = noDelay;

            socket.Connect(fileservername, port);
            // More statements omitted ...
        }
    }
    catch (Exception ex)
    {
        string message = String.Format("Cannot connect to fileserver {0} on port {1}", fileservername, port);
        Debug.WriteLine(message);
        Debug.WriteLine("{0}", ex.ToString());
        throw new FileserverException(message, -1);
    }

The container runs inside a vnet and has the IP 10.0.1.4. When using Kudo PowerShell, I am able to connect from the app service server to the container. When using a public IP, it also works.

It looks like 10.0.1.4 is transformed into "::ffff:10.0.1.4" and establishing a connection to this address does not work. We have set SocketOptionName.IPv6Only to false.

Is it not possible to use AddressFamily.InterNetworkV6 within Azure vnets?

The code is also running in an on-prem environment without problems. Therefore we don't want to include a switch, which checks for Azure and uses then IP4 only. Is there a better solution to this problem?

Thanks for your help.

Stati
  • 45
  • 1
  • 4
  • From the last socket forbidden error, you could check if the port is used by another process or any firewall blocks this port. https://stackoverflow.com/questions/15619921/an-attempt-was-made-to-access-a-socket-in-a-way-forbidden-by-its-access-permissi – Nancy Feb 18 '21 at 02:47
  • When using IPv4 it works without problems. – Stati Feb 19 '21 at 10:57

0 Answers0