Connectivity architecture in Azure Database for MySQL
This article explains the Azure Database for MySQL connectivity architecture as well as how the traffic is directed to your Azure Database for MySQL instance from clients both within and outside Azure.
Connection to your Azure Database for MySQL is established through a gateway that is responsible for routing incoming connections to the physical location of your server in our clusters. The following diagram illustrates the traffic flow.
As client connect to the database, they get a connection string which connects to the gateway. This gateway has a public IP address that listens to port 3306. Inside the database cluster, traffic is forwarded to appropriate Azure Database for MySQL. Therefore, in order to connect to your server, such as from corporate networks, it is necessary to open up the client side firewall to allow outbound traffic to be able to reach our gateways. Below you can find a complete list of the IP addresses used by our gateways per region.
Azure Database for MySQL gateway IP addresses
The following table lists the primary and secondary IPs of the Azure Database for MySQL gateway for all data regions. The primary IP address is the current IP address of the gateway and the second IP address is a failover IP address in case of failure of the primary. As mentioned, customers should allow outbound to both the IP addresses. The second IP address does not listen in on any services until it is activated by Azure Database for MySQL to accept connections.
|Region Name||Primary IP Address||Secondary IP Address|
|Australia South East||22.214.171.124||126.96.36.199|
|China East 1||188.8.131.52|
|China East 2||184.108.40.206|
|China North 1||220.127.116.11|
|China North 2||18.104.22.168|
|East US 1||22.214.171.124||126.96.36.199|
|East US 2||188.8.131.52||184.108.40.206 *|
|North Central US||220.127.116.11||18.104.22.168|
|South Central US||22.214.171.124||126.96.36.199|
|South East Asia||188.8.131.52||184.108.40.206|
|South Africa North||220.127.116.11|
|South Africa West||18.104.22.168|
|West US 1||22.214.171.124||126.96.36.199|
|West US 2||188.8.131.52|
East US 2 has also a tertiary IP address of
Azure Database for MySQL supports an additional connection policy, redirection, that helps to reduce network latency between client applications and MySQL servers. With this feature, after the initial TCP session is established to the Azure Database for MySQL server, the server returns the backend address of the node hosting the MySQL server to the client. Thereafter, all subsequent packets flow directly to the server, bypassing the gateway. As packets flow directly to the server, latency and throughput have improved performance.
This feature is supported in Azure Database for MySQL servers with engine versions 5.6, 5.7, and 8.0.
Preview support for redirection is available in the PHP mysqlnd_azure extension, developed by Microsoft, and is available on PECL. See the configuring redirection article for more information on how to use redirection in your applications.