Connectivity architecture in Azure Database for MySQL

This article explains the Azure Database for MySQL connectivity architecture as well as how the traffic is directed to your Azure Database for MySQL instance from clients both within and outside Azure.

Connectivity architecture

Connection to your Azure Database for MySQL is established through a gateway that is responsible for routing incoming connections to the physical location of your server in our clusters. The following diagram illustrates the traffic flow.

Overview of the connectivity architecture

As client connect to the database, they get a connection string which connects to the gateway. This gateway has a public IP address that listens to port 3306. Inside the database cluster, traffic is forwarded to appropriate Azure Database for MySQL. Therefore, in order to connect to your server, such as from corporate networks, it is necessary to open up the client side firewall to allow outbound traffic to be able to reach our gateways. Below you can find a complete list of the IP addresses used by our gateways per region.

Azure Database for MySQL gateway IP addresses

The following table lists the primary and secondary IPs of the Azure Database for MySQL gateway for all data regions. The primary IP address is the current IP address of the gateway and the second IP address is a failover IP address in case of failure of the primary. As mentioned, customers should allow outbound to both the IP addresses. The second IP address does not listen in on any services until it is activated by Azure Database for MySQL to accept connections.

Region Name Primary IP Address Secondary IP Address
Australia East
Australia South East
Brazil South
Canada Central
Canada East
Central US
China East 1
China East 2
China North 1
China North 2
East Asia
East US 1
East US 2 *
France Central
Germany Central
India Central
India South
India West
Japan East
Japan West
Korea Central
Korea South
North Central US
North Europe
South Central US
South East Asia
South Africa North
South Africa West
UAE North
UK South
UK West
West Europe
West US 1
West US 2


East US 2 has also a tertiary IP address of

Connection redirection

Azure Database for MySQL supports an additional connection policy, redirection, that helps to reduce network latency between client applications and MySQL servers. With this feature, after the initial TCP session is established to the Azure Database for MySQL server, the server returns the backend address of the node hosting the MySQL server to the client. Thereafter, all subsequent packets flow directly to the server, bypassing the gateway. As packets flow directly to the server, latency and throughput have improved performance.

This feature is supported in Azure Database for MySQL servers with engine versions 5.6, 5.7, and 8.0.

Preview support for redirection is available in the PHP mysqlnd_azure extension, developed by Microsoft, and is available on PECL. See the configuring redirection article for more information on how to use redirection in your applications.

Next steps