Traffic to PostgreSQL Felxible Server going through NAT Gateway?

Andres Del Rio 0 Reputation points
2024-12-05T18:15:54.46+00:00

Hi,

I have a VNET with 2 subnets:

  • web subnet: with Nat gateway integration (because i need fixed outbounf IPs for some external services IP whitelisting) wit app services that access external APIs but also access the PostgreSQL flexible DB on the other subnet
  • DB subnet: where the postGreSQL flexible server is deployed in Private Access VNET integration.

The connection string to the DB on the web services that access the DB is configured with the private IP of the DB server (10.1.2.5), so my understanding is that the traffic to the DB should not be going through te NAT Gateway but straight to that private IP?

I see a lot ot ingress/egress traffic through the NAT gateway (more than I would expect from traffic towards the external APIs), so it is making me think that may be for some reason the traffic to the DB is actually going through the NAT Gateway? Can anyone confirm if the traffic to the DB may be going through the NAT Gateway?

Cheers

Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,577 questions
Azure Database for PostgreSQL
Azure NAT Gateway
Azure NAT Gateway
NAT Gateway is a fully managed service that securely routes internet traffic from a private virtual network with enterprise-grade performance and low latency.
42 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Sai Prasanna Sinde 2,685 Reputation points Microsoft Vendor
    2024-12-10T11:27:49.8233333+00:00

    Hi @Andres Del Rio,

    Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.

    Yes, your understanding is correct.

    The way the flows would work, traffic towards the DB would not go through the NAT gateway, as on the DB connection string you are pointing directly to the private IP of the DB (10.1.2.5) which is configured on Private mode linked to that subnet.

    Hope this clarifies!

    If above is unclear and/or you are unsure about something add a comment below.

    Please don’t forget to close the thread by clicking "Accept the answer" if the information provided helps you, as this can be beneficial to other community members.

    Thanks,

    Sai.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.