Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details
  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details
  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details
  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    How can we improve Azure Networking?

    You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

    There are two ways to get more votes:

    • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
    • You can remove your votes from an open idea you support.
    • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
    (thinking…)

    Enter your idea and we'll search to see if someone has already suggested it.

    If a similar idea already exists, you can support and comment on it.

    If it doesn't exist, you can post your idea so others can support it.

    Enter your idea and we'll search to see if someone has already suggested it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Support for dropping port out of x-forwarded-for header

      Hi,

      I've seen some compatibility issues with the x-forwarded-for header as it comes in on the format IP:Port rather than just IP. It would be useful to be able to adjust this header to just provide IP without the port. I think this should be adjustable, so IP:Port or just IP being available options rather than just one or the other.

      This would help x-forwarded-for being easy to parse on systems that only expect the IP to be sent through.

      Thanks,

      Neil

      3 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        I agree to the terms of service
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
      • Load balancing with sticky sessions (source IP distribution mode for load balancing) in Cloud Services

        When a load-balanced set changes (removing or adding an instance), the distribution of client requests is recomputed. Cannot depend on new connections from existing clients ending up at the same server. Whenever a new vm is added to the pool make it ready to accept only requests from new clients rather than having requests from existing clients end up on the different server. Make the load balancer to route the same client to the same application server while scaling up/down

        6 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          I agree to the terms of service
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          0 comments  ·  Load Balancing  ·  Flag idea as inappropriate…  ·  Admin →
        • Network Security Groups - Windows Server Roles and Features Rules

          Can a feature be added to allow easy addition of inbound and outbound rules to an NSG for Windows Server Roles e.g. Active Directory Domain Services to add rules for SMB/LDAP/Kerberos to match the rules created/enable by adding a Feature in Server Manager in Windows Server OSs.

          3 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            I agree to the terms of service
            Signed in as (Sign out)
            You have left! (?) (thinking…)
          • Allow Traffic Manager to Support Absolute Monitoring Endpoints

            Current endpoint monitoring in Traffic Manger only supports a relative path. For flexibility, it would be great to support a full url path like http://www.example.com/health

            9 votes
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              I agree to the terms of service
              Signed in as (Sign out)
              You have left! (?) (thinking…)
            • Introduce alert mechanism in network watcher?

              It would be great if you can introduce an alert mechanism with all the monitoring it does. For exmaple : similar to what we have for Azure VMs, when the cpu utilization goes down we can configure an alert for the based on the threshold.

              Network watcher monitors many many things it should have the capability to generate alerts based on it's monitoring capabilities.

              1 vote
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                I agree to the terms of service
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                0 comments  ·  Network Watcher  ·  Flag idea as inappropriate…  ·  Admin →
              • Support for temporary removing nodes through REST API

                It would be great if there was a REST API or something similar we could use to take a node out of rotation without being dependent on the probe detecting it.

                Usecase: We run SF behind the Application Gateway. When we update our front-end service, we would like to take it out of rotation before the service is updated. This does not seem possible today, since we have to rely on the probe detecting that a node has gone down. Since the probes have a lag (it probes on a given interval), some users will have a bad experience when…

                9 votes
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  I agree to the terms of service
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  1 comment  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
                • Introduce CNAME flattening

                  Does
                  #Azure
                  #DNS
                  support CNAME flattening #CloudFlare
                  style? The answer is no yet it would be a very handy feature.

                  See here for more details on how CloudFlare is doing it, and they might actually have introduced the whole notion of "CNAME flattening": https://support.cloudflare.com/hc/en-us/articles/200169056-CNAME-Flattening-RFC-compliant-support-for-CNAME-at-the-root

                  3 votes
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    I agree to the terms of service
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                  • Allow country specific characters in Azure DNS

                    It seems that is is not possible to register domainnames within Azure DNS with sepecific country allowed characters, like ë of ü in Germany.

                    1 vote
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      I agree to the terms of service
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                    • Point-to-site VPN client IP address management - providing predefined IP per user/cert

                      We want to host all our IT environment in Azure. This is including repository server resources with an established bi-directional communication to the development clients (by registered host/client names).

                      The P2S connection currently does not allow fixed/reserved IP addresses for dial-in -clients or -users or -certificates. We then could feed a bunch of name to IP entries into the hosts file on our virtual servers in Azure.
                      I do not see an alternative way ensuring that an Azure virtual server is reaching VPN clients by its name.

                      So my suggestion is for Point-to-site VPN clients an enhanced IP address management…

                      1 vote
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        I agree to the terms of service
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                      • Retry policy for failed requests on Application Gateway

                        To reduce the number of 502 bad gateway requests that are served up Application Gateway should have a retry policy for failed requests, allowing it to move the the next available server. This would be especially useful when used in front of Service Fabric where services are moved between servers.

                        2 votes
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          I agree to the terms of service
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          unplanned  ·  0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
                        • Support edns-client-subnet extension in Traffic Manager

                          I'm surprised to learn the Traffic Manager does not support the client-subnet feature. Most major CDNs & DNS providers seem to support it.

                          18 votes
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            I agree to the terms of service
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            planned  ·  0 comments  ·  Domain Name Service (DNS, Traffic Manager)  ·  Flag idea as inappropriate…  ·  Admin →
                          • Application Gateway: Support wildcard hosts in listeners

                            Our product creates dynamic DNS zones for our customers, e.g. foo.z1.contoso.com, bar.z2.contoso.com, etc. We use Azure DNS for this. (Notice that we stripe our customer's domains across multiple zones (z1, z2), because Azure DNS has a max record count of 5000.)

                            So, to support this, we have a wildcard SSL certificate for each zone e.g. *.z1.contoso.com, *.z2.contoso.com.

                            In order to have Application Gateway provide SSL termintation for us, we obviously need to create Multi-site listeners for port 443. Unfortuantely, the 'Host' field on the Multi-site listener does not accept wildcard entries. Furthermore, specifying the host name 'z1.contoso.com' does not appear…

                            3 votes
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              I agree to the terms of service
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              planned  ·  1 comment  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
                            • Make Traffic manager able to access Web Apps that uses Authentication

                              Traffic manager is currently unable to get the status of a Web App that's using the Authentication/Authorization (simple auth) feature. It would be nice if it could use some kind of service account (or similar) to get authenticated and get the Web App status but still have the security features intact.

                              7 votes
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                I agree to the terms of service
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                              • To know what IP Addresses are used by NAT on Public Peering

                                Currently we know that the Microsoft Edge Routers are doing NAT translation for the packets coming from Public Peering.
                                Sometimes we need to know what IP addresses are used for that, but there is no way to know that without contacting Microsoft Support.
                                We want to know which addresses are used on Portal or PowerShell.

                                42 votes
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  I agree to the terms of service
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  under review  ·  0 comments  ·  ExpressRoute  ·  Flag idea as inappropriate…  ·  Admin →
                                • Increase backend http setting limit on Application Gatway

                                  Application gateway has a backend http setting limit of 20.
                                  We want to use it in front of Service Fabric and legacy cloud applications.
                                  Each of our service fabric apps runs on its own port and so requires a probe, http setting and url rule.
                                  We exceeded the 20 fairly rapidly.

                                  37 votes
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    I agree to the terms of service
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    2 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Traffic Manager should default to port 443 for HTTPS

                                    First time configuring Traffic Manager and I pointed it at https but forgot to change the port, took a support call to resolve.

                                    Suggest that the default port be changed to 443 if you toggle to https, or at least warn that you are on a non-default https port

                                    5 votes
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      I agree to the terms of service
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                    • Ability to group Network Security Groups

                                      Consider adding some kind of grouping functionality within Network Security Groups. This would make things a lot more simple

                                      Somekind like this: https://blogs.technet.microsoft.com/isablog/2009/11/25/forefront-tmg-rule-grouping/

                                      1 vote
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        I agree to the terms of service
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                      • Faster configuration updates

                                        I'm experimenting with using App Gateway as a frontend server to do URL routing to one Windows App Service and one Linux App Service, via the portal. I'm an hour in to this process because each and every step takes many minutes to complete.

                                        19 votes
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          I agree to the terms of service
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →

                                          Thanks for your feedback. We are working on improving the update experience to make it faster. As an alternate suggestion, please note that multiple configuration steps can be combined into a single update via PowerShell or ARM template for faster updates.

                                        • Show domain in logs

                                          The access logs for the application gateway only show the routes. We use a single gateway to host multiple sites and some have similar folder structures, this makes evaluating access and tracing issues a bit difficult. It would be great if the actual domain (http://www.something.com) was listed in there too.

                                          4 votes
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            I agree to the terms of service
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            under review  ·  0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
                                          • Azure Load Balancer to support having VMs from multiple availability sets in the backend.

                                            Currently, only VMs from a single Availability Set is allowed and there are scenarios where a user may wish to add a VM from a 2nd availability set to the backend pool.

                                            46 votes
                                            Vote
                                            Sign in
                                            Check!
                                            (thinking…)
                                            Reset
                                            or sign in with
                                            • facebook
                                            • google
                                              Password icon
                                              I agree to the terms of service
                                              Signed in as (Sign out)
                                              You have left! (?) (thinking…)
                                              planned  ·  2 comments  ·  Load Balancing  ·  Flag idea as inappropriate…  ·  Admin →
                                            ← Previous 1 3 4 5 10 11
                                            • Don't see your idea?

                                            Feedback and Knowledge Base