With the NetworkTrafficRules element you can specify how a role communicates with other roles. To be more specific, it can limit which roles can access the internal endpoints of the specific role.
The NetworkTrafficRules element is not a standalone element, but it exists in combination with a WebRole or a WorkerRole. The element NetworkTrafficRules may be provided for more than one role.
A template of a NetworkTrafficRules element looks like this:
<ServiceDefinition ...>
<NetworkTrafficRules>
<OnlyAllowTrafficTo >
<Destinations>
<RoleEndpoint endpointName="<name-of-the-endpoint>"
roleName="<name-of-the-role-containing-the-endpoint>"/>
</Destinations>
<AllowAllTraffic/>
<WhenSource matches="[AnyRule]">
<FromRole
roleName="<name-of-the-role-to-allow-traffic-from>"/>
</WhenSource>
</OnlyAllowTrafficTo>
</NetworkTrafficRules>
</ServiceDefinition>
The elements of the NetworkTrafficRules schema are:
Elements |
Characteristics |
OnlyAllowTrafficTo |
Contains a collection of endpoints and the roles that can communicate with them. You can specify multiple nodes of this element. |
Destinations |
Contains a collection of RoleEndpoint. |
RoleEndpoint |
Contains a description of an endpoint on a role and allows the communication with this endpoint element. You can specify multiple nodes of this element. |
AllowAllTraffic |
Contains a rule that allows all roles to communicate with the endpoints defined in the Destinations node. |
WhenSource |
Contains a collection of roles that can communicate with the endpoints defined in the Destinations node. |
FromRole |
Specifies the roles that can communicate with the endpoints defined in the Destinations node. You can specify multiple nodes of this element. |