
close
close
In this post, I’ll explain why you can’t use Ping with Azure virtual machines via the Internet, and how you can use an alternative (PSPing) that is actually more useful.
Imagine that you’re an IT pro that has just gotten your hands on Azure for the first time. I have a pretty good idea of what you’re going to try to do:
advertisment
The first step should go pretty well, and the second step should make you wonder about how you can use all that bandwidth. And you’ll be left scratching your head on step three because no matter what you do with Azure endpoints or NAT rules, you won’t be able to ping that virtual machine over the Internet.
There’s a reason for this. The following diagram depicts this simple example. Someone has deployed an Azure virtual machine. The only possible connection to that virtual machine is via the Internet. Any traffic entering the virtual network must pass through a load balancer, and this balancer is filtering ICMP traffic.
Note: Ping uses the ICMP protocol to measure the latency of the connection between a local machine and a remote machine. Any connections exceeding a default latency are deemed to be unavailable.
So this means that we cannot use Ping to verify that the virtual machine is actually online on the Internet.
Why PING to Azure VMs fails (Image Credit: Aidan Finn)
There’s another way to verify that your virtual machine is online, and that is to use PsPing, a tool from Microsoft SysInternals, available in the free PsTools suite.
PsPing is similar to Ping in that it verifies connectivity to a remote machine using a command line interface. Where PsPing differs is that it doesn’t use ICMP; instead, you define which TCP port to target. That’s where the added value comes in — instead of doing an ICMP test to a standardized destination service that has little to do with your business, you will target a service that means something to your business.
The following simple example will use PsPing to target HTTP (TCP 80) on a remote machine via a cloud service endpoint (Service Manager):
psping demopetriaf.cloudapp.net:80
The above command will execute one warmup ping to TCP 80 on the destination address, and then run an additional four tests by default, reporting the latency of each ping, and then summarizing the results, much the same way that Ping would have done. So, we lose nothing, but we gain something by being able to test against a TCP port that we care about.
Another alternative is to use a tool you have built into your operating system: PowerShell. Windows 8.1 and Window Server 2012 R2 added the Test-NetConnection cmdlet, which can be used similarly to PsPing.
The following example will verify that the RDP port that NATs to a virtual machine is listening:
advertisment
Test-NetConnection demopetriaf.cloudapp.net -Port 60058
So all is not lost if you cannot ping your Azure virtual machines over the Internet. Far from it, because you’re going to be forced to use either a more powerful tool, like PsPing, or one that you can wrap clever scripts around, such as Test-NetConnection.
More from Aidan Finn
advertisment
Petri Newsletters
Whether it’s Security or Cloud Computing, we have the know-how for you. Sign up for our newsletters here.
advertisment
More in Microsoft Azure
Microsoft's Azure AD Conditional Access Service Can Now Require Reauthentication
May 13, 2022 | Rabia Noureen
Microsoft Addresses Cross-Tenant Database Vulnerability in Azure PostgreSQL
Apr 29, 2022 | Rabia Noureen
Microsoft Simplifies IT Monitoring with New Azure Managed Grafana Service
Apr 19, 2022 | Rabia Noureen
System Center 2022 is Now Available with New Datacenter Management Capabilities
Apr 4, 2022 | Rabia Noureen
Most popular on petri
Log in to save content to your profile.
Article saved!
Access saved content from your profile page. View Saved
Join The Conversation
Create a free account today to participate in forum conversations, comment on posts and more.
Copyright ©2019 BWW Media Group