Hi there people,
For those who run firewalls, routers, or SD‑WAN NVAs in Azure and your ache is connection scale reasonably than uncooked Mbps, there’s a characteristic it’s best to take a look at: Accelerated Connections. It shifts connection processing to devoted {hardware} within the Azure fleet and allows you to dimension connection capability per NIC, which interprets into greater connections‑per‑second and extra complete energetic periods in your digital home equipment and VMs.
This text distills a current E2E chat I hosted with the Technical Product Supervisor engaged on Accelerated Connections and reveals you the best way to allow and function it safely in manufacturing. The demo and steering under are primarily based on that dialog and the present public documentation.
Accelerated Connections is configured on the NIC stage of your NVAs or VMs. You possibly can select which NICs take part. Which means you would possibly allow it solely in your excessive‑throughput ingress and egress NICs and depart the administration NIC alone.
It improves two issues that matter to infrastructure workloads:
- Connections per second (CPS). New flows are established a lot sooner.
- Complete energetic connections. Every NIC can maintain much more simultaneous periods earlier than you hit limits.
It does not enhance your nominal throughput quantity. The profit is stability underneath excessive connection strain, which helps scale back drops and flapping throughout surges. There’s a small latency bump since you introduce one other “bump within the wire,” however in software phrases it’s sometimes negligible in comparison with the soundness you achieve.
Within the conventional path, host CPUs consider SDN insurance policies for flows that traverse your digital community. That turns into a bottleneck for connection scale. Accelerated Connections offloads that coverage work onto specialised information processing {hardware} within the Azure fleet so your NVAs and VMs are usually not capped by host CPU and movement‑desk reminiscence constraints.
Trade companions have described this as decoupling the SDN stack from the server and shifting the quick‑path onto DPUs residing in objective‑constructed home equipment, delivered to you as a functionality you connect on the vNIC. The result’s a lot greater CPS and energetic connection scale for digital firewalls, load balancers, and switches.
You decide a efficiency tier per NIC utilizing Auxiliary SKU values. At the moment the tiers are A1, A2, A4, and A8. These map to rising capability for complete simultaneous connections and CPS, so you’ll be able to proper‑dimension price and efficiency to the NIC’s function.
As mentioned in my chat with Yusef, the mnemonic is straightforward: A1 ≈ 1 million connections, A2 ≈ 2 million, A4 ≈ 4 million, A8 ≈ 8 million per NIC, together with rising CPS ceilings. Select the smallest tier that clears your peak, then monitor and alter. Pricing is per hour for the auxiliary functionality.
Tip: Begin with A1 or A2 on ingress and egress NICs of your NVAs, observe CPS and energetic session counters throughout peak occasions, then scale up provided that wanted.
You possibly can allow Accelerated Connections by the Azure portal, CLI, PowerShell, Terraform, or templates. The setting is utilized on the community interface. Within the portal, export the NIC’s template and you will notice two properties you care about: auxiliaryMode and auxiliarySku.
Set auxiliaryMode to AcceleratedConnections and select an auxiliarySku tier (A1, A2, A4, A8).
Observe: Accelerated Connections is at present a restricted GA functionality. You could want to enroll earlier than you’ll be able to configure it in your subscription.
- Standalone VMs. You possibly can allow Accelerated Connections with a cease then begin of the VM after updating the NIC properties. Plan a brief outage.
- Digital Machine Scale Units. As of now, transferring current scale units onto Accelerated Connections requires re‑deployment. Parity with the standalone movement is deliberate, however don’t financial institution on it for present rollouts.
- Altering SKUs later. Transferring from A1 to A2 or comparable additionally implies a downtime window. Deal with it as an in‑place upkeep occasion.
Operationally, method this iteratively. Replace a decrease‑visitors area first, validate, then roll out broadly. Use energetic‑energetic NVAs behind a load balancer so one occasion can drain when you replace the opposite.
- Choose the precise NICs. Don’t allow on the administration NIC. Deal with the interfaces carrying excessive connection quantity.
- Baseline and monitor. Earlier than enabling, seize CPS and energetic session metrics out of your NVAs. After enabling, confirm reductions in connection drops at peak. The purpose is stability underneath strain.
- Capability planning. Begin at A1 or A2. Transfer up provided that you see sustained saturation at peak. The tiers are designed so you don’t pay for headroom you don’t want.
- Anticipate a tiny latency enhance. There’s one other hop within the path. In actual software flows the profit in fewer drops and better CPS outweighs the added microseconds. Validate with your personal A/B exams.
- Plan change home windows. Enabling on current VMs and resizing the Auxiliary SKU each contain downtime. Use energetic‑energetic pairs behind a load balancer and drain one aspect when you flip the opposite
Clients in regulated and excessive‑visitors industries like well being care typically discovered that connection scale compelled them to horizontally increase NVAs, which inflated each cloud spend and licensing, and sophisticated operations. Offloading the SDN coverage work to devoted {hardware} permits you to course of many extra connections on fewer situations, and to take action extra predictably.
Subsequent steps
- Validate eligibility. Affirm your subscription is enabled for Accelerated Connections and that your goal areas and VM households are supported. Study article
- Choose candidate workloads. Prioritize NVAs or VMs that hit CPS or movement‑desk limits at peak. Use current telemetry to select the primary area and equipment pair. 31
- Pilot on one NIC per equipment. Allow on the info‑path NIC, begin with A1 or A2, then cease/begin the VM throughout a brief upkeep window. Measure earlier than and after. 32
- Roll out iteratively. Broaden to extra areas and home equipment utilizing energetic‑energetic patterns behind a load balancer to reduce downtime. 33
- Proper‑dimension the SKU. For those who observe sustained headroom, keep put. For those who method limits, step up a tier throughout a deliberate window. 34
