diff --git a/docs/Design-Areas/networking.md b/docs/Design-Areas/networking.md index 982d79e0..def59cba 100644 --- a/docs/Design-Areas/networking.md +++ b/docs/Design-Areas/networking.md @@ -11,6 +11,7 @@ - App Services in the multi-tenanted environment can be deployed with a private or a public endpoint. When deployed with a [Private Endpoint](https://learn.microsoft.com/en-us/azure/app-service/networking/private-endpoint), public exposure of the App Service is eliminated. If there is a requirement for the private endpoint of the App Service to also be reachable via the Internet, consider the use of App Gateway to expose the app service. - The multi-tenanted App Service exposes [a set of ports](https://learn.microsoft.com/en-us/azure/app-service/networking-features#app-service-ports), and these cannot be changed or blocked. - Plan your subnets correctly for outbound VNet integration and consider the number of IP addresses that are required. VNet Integration depends on a dedicated subnet. When you provision a subnet, the Azure subnet loses five IPs from the start. One address is used from the integration subnet for each plan instance. When you scale your app to four instances, then four addresses are used. When you scale up or down in size, the required address space is doubled for a short period of time. This affects the real, available supported instances for a given subnet size. +- If you are using Azure ExpressRoute for hybrid connectivity, ensure high availability for ExpressRoute. For more information, see [Designing for high availability with ExpressRoute](https://learn.microsoft.com/en-us/azure/expressroute/designing-for-high-availability-with-expressroute). To ensure ExpressRoute resliency, check out the best practices detailed in [Azure Proactive Resiliency Library](https://azure.github.io/Azure-Proactive-Resiliency-Library/services/networking/expressroute-gateway/).   ### App Service Environment: - App Services deployed on an ASE get static, dedicated IP addresses for inbound and outbound communication, for the lifetime of the ASE.