Share via

Does Azure server allow spoofing source IP of UDP packet

ling 0 Reputation points
2024-08-02T20:05:14.05+00:00

In order to test load balancer performance, I need to simulate large number of UDP packets coming from different IP address. I wrote a script to spoof source IP of these packets and run the script on Azure VM. But i can not receive any packets on another Azure server. Both servers are in same vnet. Without spoofing source IP, it has no issue to receive packet. Does Azure platform blocking spoofing source IP of UDP packet?

Azure Load Balancer
Azure Load Balancer
An Azure service that delivers high availability and network performance to applications.
451 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Sedat SALMAN 14,065 Reputation points MVP
    2024-08-03T10:21:26.3266667+00:00

    Azure has an integrated high-level security system to protect the customers from different network attack and malicious activity.

    for details you can check the following threads

    https://learn.microsoft.com/en-us/answers/questions/93232/ip-spoofing-attack-in-aks

    https://learn.microsoft.com/en-us/answers/questions/1274172/how-to-address-network-sniffing-and-spoofing-in-az

    https://learn.microsoft.com/en-us/azure/virtual-network/ip-based-access-control-list-overview

    to solve your problem

    Create multiple VMs within your VNet and use different tools or scripts to generate UDP traffic from each VM. This simulates a scenario with diverse source IPs while remaining within the bounds of Azure's networking rules.

    or

    Use specialized load testing tools designed for Azure environments. These tools can often simulate traffic from a range of IP addresses without the need for spoofing. Examples include Azure Load Testing (Preview) and JMeter with Azure plugins.

    0 comments
  2. ChaitanyaNaykodi-MSFT 26,216 Reputation points Microsoft Employee
    2024-08-13T03:15:55.5766667+00:00

    @ling Thank you for reaching out.

    Based on your statement above

    Both servers are in same vnet. Without spoofing source IP, it has no issue to receive packet. Does Azure platform blocking spoofing source IP of UDP packet?

    The reason for the behavior above might be due to an NSG blocking the spoofed IP address. You can check if a NSG can be associated to the VM's Nic or the subnet is blocking this connectivity. You can use IP flow verify if any NSG is blocking the connectivity.Just FYI Azure Load Balancer is Azure's most performant Load Balancer all while keeping latency ultra-low. As documented here "Azure Load Balancer is a pass-through network load balancer. Throughput limitations are determined by the type of virtual machine in the backend pool. To learn about other network throughput related information, see Virtual Machine network throughput."

    Meanwhile you can also go through this Azure Load testing feature and see if it satisfies your requirement.

    You can take a look at Scenarios for deploying Azure Load Testing in a virtual network.

    Hope this helps! Please let me know if the issue still persists and what were your findings from the troubleshooting steps above. Thank you!

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.