This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(259.20000000000005, 10%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EIW%3C/text%3E%3C/svg%3E)
Due to SNAT port exhaustion issue, we made a change for AKS load balancer outbound rule, so that it can allocate 8000 ports per instance.
This changes is done from Azure Portal manually. However, we found this change rollback to the default by "AzureContainerService" after we upgrade AKS version. Nobody aware of this until there is issue reported.
What's the correct way to change this so that it can preserve the changes we made after AKS cluster upgrade?
![81776-image.png][1] [1]: /api/attachments/81776-image.png?platform=QnA
Although you can set the outbound rules on an AKS Load Balancer, this is not a best practice. Outbound rules & Public IPs are designed to be controlled and managed by AKS. Future AKS upgrades will have the same effect on your outbound rules if you continue to do it this way.
The best way to do this in AKS is to configure your cluster to use multiple LB IPs, and it requires a simple 'az aks update' command using the '--load-balancer-managed-outbound-ip-count' flag as described in the doc. Each additional IP address provided by a frontend provides 64k ephemeral ports for Load Balancer to use as SNAT ports. Changes done this way will persist through version upgrades.