Skip to content

Question: Agent Injection in agent snet (sample byo / general) #656

@decker78

Description

@decker78

I am experiencing deployment failures when using network injection for Azure AI Foundry. The deployments reach an "Accepted" or "Running" state before eventually failing without a clear error message.

I would like to clarify if there are any limitations or specific requirements regarding the following configurations on the delegated subnet:

  • The use of a Route Table (UDR). (we have a default udr pointing to the azure firewall)
  • The association of a Network Security Group (NSG).
  • Enabling Private Endpoint Network Policies.
  • Enabling the "private subnet" setting (no default outbound access).
  • We have a number of deny policies related to private subnet, the need of a NSG being associated and a Route Table.

I did not go over the exercise to change them one by one so reaching out if there is more info on the above. I see that the Microsoft performs a "Creates or updates a Service Association Link" with caller Microsoft Azure Legion but I don't see any other interactions with the existing subnet. So I don't think deny policies are the problem here.

I'm using "15b-private-network-standard-agent-setup-byovnet"

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions