question

anuthereaper avatar image
0 Votes"
anuthereaper asked SaiKishor-MSFT commented

UDP networking on Azure VM

I'm trying to create a UDP server on an Azure VM and a UDP client on my personal laptop using python. The server (on the VM) has bound a socket with local IP 127.0.0.1 and port 20001. I only have an NSG and no Vnet. The UDP client on my local laptop tries to send a message to the public IP of the VM on the same port 20001. However, the VM never receives this packet. I suspect it has something to do the networking and NSG settings but I'm a bit clueless as to what IPs and ports need to be whitelisted and where.
I tried :
- Changing the local IP on the server to 0.0.0.0.
- whitelisted my laptop IP and all ports on the NSG.

Is there something specific I need to whitelist on my laptop itself? Anything more to be whitelisted on the NSG?

azure-virtual-machines-networking
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

There is no clear definition of what a UDP server is. See Difference between UDP Server / UDP Client - Stack Overflow where it says:

Since UDP is connection-less ... There is no such socket API that is unique for server or client only(talking about UDP). So I would prefer to call sides peers or sender/receiver instead of server/client.

Are you sure you are catching all errors when you send the UDP packet?

A packet sniffer might help.





0 Votes 0 ·

Your question is more related with azure network, I will remove windows-network-access-protection tag. Thank you!

0 Votes 0 ·
SaiKishor-MSFT avatar image
0 Votes"
SaiKishor-MSFT answered anuthereaper commented

@anuthereaper Thank you for reaching out to Microsoft Q&A.

I understand that you are unable to reach your Server VM on UDP port 20001. Please make sure to check the Effective security rules view in Azure Network Watcher on the NIC of the VM to verify the effective rules. You should ideally have the following rule:

Priority: Lowest priority than all rules (preferrably)
Source: Your client/laptop IP as seen from https://whatismyipaddress.com/
Source ports: 0-65535
Destination: 0.0.0.0/0
Destination Port/s: 20001 (either any port or 20001 port specifcially should work)
Protocol: UDP (or any)
Access: Allow

If possible, please share a snapshot of these Effective security rules for your NIC of the Virtual Machine so I can verify the same. Sharing details on how to get to the same in the portal below:

115527-nic.png115535-esr.png

Further, please also make use of the IP flow verify option of networj watcher to check for the IP flow and determine if the access is allowed or not as shown from a test on my VM below:

115400-ip-flow.png

I hope these tools help you troubleshoot the issue with your VM. If you need any further assistance, please feel free to let us know and we will be glad to assist further. Thank you!



nic.png (104.0 KiB)
esr.png (94.8 KiB)
ip-flow.png (134.4 KiB)
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

I've posted another answer so I can put the code as well as the snapshot. This was exceeding the comment word limit.

0 Votes 0 ·
anuthereaper avatar image
0 Votes"
anuthereaper answered SaiKishor-MSFT commented

Thank @SaiKishor-MSFT for replying.
I tried as you mentioned and none of the settings worked. At the end I eventually opened up all ports and all IPs and checked that the flow was fine on the IP flow verify. But still the messages from my laptop UPD sender were not reaching the VM UDP listener.
My VM was given a public IP of 20.193.236.121 and private ip of 10.0.0.4. My listener code

 import socket
 localIP     = "0.0.0.0"
 localPort   = 20001
 bufferSize  = 1024
 msgFromServer       = "Hello UDP Client"
 bytesToSend         = str.encode(msgFromServer)
 # Create a datagram socket
 UDPServerSocket = socket.socket(family=socket.AF_INET, type=socket.SOCK_DGRAM)
 # Bind to address and ip
 UDPServerSocket.bind((localIP, localPort))
 print("UDP server up and listening")
 # Listen for incoming datagrams
 while(True):
     bytesAddressPair = UDPServerSocket.recvfrom(bufferSize)
     message = bytesAddressPair[0]
     address = bytesAddressPair[1]
     clientMsg = "Message from Client:{}".format(message)
     clientIP  = "Client IP Address:{}".format(address)
     print(clientMsg)
     print(clientIP)
     # Sending a reply to client
     UDPServerSocket.sendto(bytesToSend, address)

My sender code

 import socket
 msgFromClient = "Hello UDP Server"
 bytesToSend = str.encode(msgFromClient)
 serverAddressPort = ("20.193.236.121", 20001)   # I tried changing this to 10.0.0.4 as well but no success
 bufferSize = 1024
 print("starting send")
 # Create a UDP socket at client side
 UDPClientSocket = socket.socket(family=socket.AF_INET, type=socket.SOCK_DGRAM)
 # Send to server using created UDP socket
 UDPClientSocket.sendto(bytesToSend, serverAddressPort)
 msgFromServer = UDPClientSocket.recvfrom(bufferSize)
 msg = "Message from Server {}".format(msgFromServer[0])
 print(msg)

115564-pic1.jpg



pic1.jpg (30.2 KiB)
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@anuthereaper Thank you for clarifying the above details.

Everything looks good wrt configuration as seen from the snapshots. Also if the IP flow verify is working, that shows there is no issues with configuration of NSGs/routes etc., I would dug deeper into the config on the OS and the client side to troubleshoot the issue further. Can you please do a packet capture on the source and destination sides while this communication happens (please make sure the capture starts and after that the communication is initiated so we can look at the entire packet flow)?

If using Windows server, please use wireshark to capture the traffic- https://www.wireshark.org/download.html for all traffic using port 20001
If using Linux- "yum install tcpdump" should install it. Then you can use "tcpdump -i eth0 port 20001" to capture traffic.

Please attach the captures to the thread and I can verify the same to futher troubleshoot the issue. Thank you!

0 Votes 0 ·

@anuthereaper Any update?

0 Votes 0 ·