Azure SQL Database Connectivity Architecture

Azure SQL Database Connectivity Architecture

Connection policy

Azure SQL Database supports the following three options for the connection policy setting of a SQL Database server:

• Redirect (recommended): Clients establish connections directly to the node hosting the database. To enable connectivity, the clients must allow outbound firewall rules to all Azure IP addresses in the region (try this using Network Security Groups (NSG) with service tags), not just the Azure SQL Database Gateway IP addresses. Because packets go directly to the database, latency and throughput have improved performance.
• Proxy: In this mode, all connections are proxied via the Azure SQL Database gateways. To enable connectivity, the client must have outbound firewall rules that allow only the Azure SQL Database Gateway IP addresses (usually two IP addresses per region). Choosing this mode can result in higher latency and lower throughput, depending on nature of the workload. We highly recommend the Redirect connection policy over the Proxy connection policy for the lowest latency and highest throughput.
• Default: This is the connection policy in effect on all servers after creation unless you explicitly alter the connection policy to either Proxy or Redirect. The effective policy depends on whether connections originate from within Azure (Redirect) or outside of Azure (Proxy).

Change Azure SQL Database connection policy

# Get SQL Server ID
sqlserverid=$(az sql server show -n sql-server-name -g sql-server-group --query 'id' -o tsv)

# Set URI
id="$sqlserverid/connectionPolicies/Default"

# Get current connection policy
az resource show --ids $id

# Update connection policy
az resource update --ids $id --set properties.connectionType=Proxy

sqlserverid=$(az sql server show -n prod-db-rg-sqlserver -g prod-db-rg --query 'id' -o tsv)
id="$sqlserverid/connectionPolicies/Default"
az resource show --ids $id
az resource update --ids $id --set properties.connectionType=Redirect

Notification from Azure :

You’re receiving this notification because you use Azure SQL Database with Azure Virtual Network service endpoints.

To enable higher throughput and lower latency, the default behavior for connectivity to SQL Database with service endpoints will change to Redirect beginning on January 2, 2019. After this date, the change will automatically apply to newly created servers.

Existing servers will not be affected by this change. All existing servers using Virtual Network service endpoints are currently set to Default. However, starting on January 2, 2019, they will be automatically reset to either Proxy (if any current connections are using Proxy) or Redirect (if all current connections are using Redirect) to avoid a change in behavior for existing usage.

When SQL Database is using service endpoints, we highly recommend you set the connection policy to Redirect for better performance. Read complete information about SQL Database connectivity, including instructions for changing connection policy.

References :

https://docs.microsoft.com/en-us/azure/sql-database/sql-database-connectivity-architecture