Azure SQL Database traffic migration to newer Gateways
As Azure infrastructure improves, Microsoft will periodically refresh hardware to ensure we provide the best possible customer experience. In the coming months, we plan to add gateways built on newer hardware generations, migrate traffic to them, and eventually decommission gateways built on older hardware in some regions.
Customers will be notified via email and in the Azure portal well in advance of any change to gateways available in each region. The most up-to-date information will be maintained in the Azure SQL Database gateway IP addresses table.
New SQL Gateways are being added to the following regions:
- Germany West Central : 22.214.171.124, 126.96.36.199
These SQL Gateways shall start accepting customer traffic on 12 October 2020.
New SQL Gateways are being added to the following regions. These SQL Gateways shall start accepting customer traffic on 15 September 2020:
- Australia Southeast : 188.8.131.52
- Canada East : 184.108.40.206, 220.127.116.11
- UK South : 18.104.22.168, 22.214.171.124
Existing SQL Gateways will start accepting traffic in the following regions. These SQL Gateways shall start accepting customer traffic on 15 September 2020 :
- Australia Southeast : 126.96.36.199 and 188.8.131.52
- Central US : 184.108.40.206, 220.127.116.11, 18.104.22.168, 22.214.171.124, and 126.96.36.199
- East Asia : 188.8.131.52, 184.108.40.206, and 220.127.116.11
- East US : 18.104.22.168, 22.214.171.124, 126.96.36.199, and 188.8.131.52
- East US 2 : 184.108.40.206, 220.127.116.11, 18.104.22.168, 22.214.171.124, and 126.96.36.199
- France Central : 188.8.131.52 and 184.108.40.206
- Japan West: 220.127.116.11, 18.104.22.168, 22.214.171.124, and 126.96.36.199
- North Central US : 188.8.131.52, 184.108.40.206, and 220.127.116.11
- Southeast Asia : 18.104.22.168, 22.214.171.124, and 126.96.36.199
- West US: 188.8.131.52, 184.108.40.206, and 220.127.116.11
New SQL Gateways are being added to the following regions. These SQL Gateways shall start accepting customer traffic on 10 September 2020:
- West Central US : 18.104.22.168
- South Africa North : 22.214.171.124
New SQL Gateways are being added to the following regions. These SQL Gateways shall start accepting customer traffic on 1 September 2020:
- North Europe : 126.96.36.199
- West US2 : 188.8.131.52
- West Europe : 184.108.40.206
- South Central US : 220.127.116.11, 18.104.22.168
Existing SQL Gateways will start accepting traffic in the following regions. These SQL Gateways shall start accepting customer traffic on 1 September 2020 :
- Japan East : 22.214.171.124, 126.96.36.199
Impact of this change
Traffic migration may change the public IP address that DNS resolves for your database in Azure SQL Database. You may be impacted if you:
- Hard coded the IP address for any particular gateway in your on-premises firewall
- Have any subnets using Microsoft.SQL as a Service Endpoint but cannot communicate with the gateway IP addresses
- Use the zone redundant configuration for general purpose tier
- Use the zone redundant configuration for premium & business critical tiers
You will not be impacted if you have:
- Redirection as the connection policy
- Connections to SQL Database from inside Azure and using Service Tags
- Connections made using supported versions of JDBC Driver for SQL Server will see no impact. For supported JDBC versions, see Download Microsoft JDBC Driver for SQL Server.
What to do you do if you're affected
We recommend that you allow outbound traffic to IP addresses for all the gateway IP addresses in the region on TCP port 1433, and port range 11000-11999. This recommendation is applicable to clients connecting from on-premises and also those connecting via Service Endpoints. For more information on port ranges, see Connection policy.
Connections made from applications using Microsoft JDBC Driver below version 4.0 might fail certificate validation. Lower versions of Microsoft JDBC rely on Common Name (CN) in the Subject field of the certificate. The mitigation is to ensure that the hostNameInCertificate property is set to *.database.windows.net. For more information on how to set the hostNameInCertificate property, see Connecting with Encryption.
If the above mitigation doesn't work, file a support request for SQL Database or SQL Managed Instance using the following URL: https://aka.ms/getazuresupport
- Find out more about Azure SQL Connectivity Architecture