Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details
  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details
  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details
  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    How can we improve Azure Networking?

    You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

    There are two ways to get more votes:

    • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
    • You can remove your votes from an open idea you support.
    • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
    (thinking…)

    Enter your idea and we'll search to see if someone has already suggested it.

    If a similar idea already exists, you can support and comment on it.

    If it doesn't exist, you can post your idea so others can support it.

    Enter your idea and we'll search to see if someone has already suggested it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Azure DNS needs DNSSEC support

      DNSSEC is required to be able to secure your DNS requests. At the moment this is not available. We cannot move until our domains to Azure DNS untill these requirements have been met.

      2,905 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: oidc
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    2. Support IPv6 Throughout the Azure Platform

      IPv6 has been a standard for years and ISPs are starting to roll out native IPv6 stacks to consumers. The time is now to support IPv6.

      1,521 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: oidc
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      65 comments  ·  IPv6  ·  Flag idea as inappropriate…  ·  Admin →
    3. Stop/Start Virtual Network Gateway - to don't pay when it not in use

      There are two charges related to the Azure VPN service: the compute resource charge at $0.05/hour, and the egress data volume charge. Both are based on resource consumption, Unfortunately, even if the VPN tunnels are not connected, the gateway compute resource is still being consumed and will cost ~$38 monthly!
      This is not really "Pay only for what you use".

      Need functionality to “STOP” (and of course "START") a gateway if the customer is certain that the gateway will not be in use.

      1,493 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: oidc
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    4. Support URL rewriting with Application Gateway

      PathBasedRouting is nice, but not super great without the ability to rewrite paths. I am trying to front a Service Fabric cluster, where multiple HTTP services live on http://+:80, at different path prefixes. Would be nice to use Application Gateway to direct https://api.company.com to http://cluster/api, and https://www.company.com to http://cluster/www

      1,000 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: oidc
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      31 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    5. Azure should be its own domain registrar

      Windows Azure should offer domain registrar services so users don't have to maintain our domain names with a separate company. This also has the potential to greatly streamline the process of setting up a website on Azure.

      916 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: oidc
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    6. Extend Azure DNS to support zone transfers so it can be used as seconday DNS

      If Azure DNS supported zone transfers, then if could be used both as a reliable secondary DNS service, or as an external proxy service for AD split-brain, or on-premise hosted DNS configurations.

      858 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: oidc
      Signed in as (Sign out)
      You have left! (?) (thinking…)

      Thanks you for the suggestion. This remains a key backlog item for us.

      We’d be interested in further input via your comments. Please consider the following questions:
      – Do you require zone transfers in to Azure DNS, or zone transfers out? Why?
      – Do you require AXFR or IXFR?
      – How should zone transfers be secured?

    7. Allow Mutual SSL Auth on Application Gateway

      At the moment SSL termination is possible with Application Gateway but it doesn't cater for instances where client authentication is required (mutual auth). So if client auth is required, SSL needs to be passed through and terminated on each of the web servers. This increases load across the server farm and makes management of certificates more difficult since all certs need to be maintained on all servers. I believe this function is available with API Management but the additional cost is hard to justify if one doesn't require the other additional features. So having mutual SSL auth capability built into…

      677 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: oidc
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      39 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    8. change virtual machine virtual network through portal

      Today, I needed to change a virtual network to a existing Virtual Machine. I had to delete this VM, create a new one using attached disks from the old one and set the Virtual Network. It would be nice if we had another way to do that, using Portal for example.

      647 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: oidc
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      16 comments  ·  Virtual Networks (VNET)  ·  Flag idea as inappropriate…  ·  Admin →
    9. Application Gateway: Support wildcard hosts in listeners

      Our product creates dynamic DNS zones for our customers, e.g. foo.z1.contoso.com, bar.z2.contoso.com, etc. We use Azure DNS for this. (Notice that we stripe our customer's domains across multiple zones (z1, z2), because Azure DNS has a max record count of 5000.)

      So, to support this, we have a wildcard SSL certificate for each zone e.g. *.z1.contoso.com, *.z2.contoso.com.

      In order to have Application Gateway provide SSL termintation for us, we obviously need to create Multi-site listeners for port 443. Unfortuantely, the 'Host' field on the Multi-site listener does not accept wildcard entries. Furthermore, specifying the host name 'z1.contoso.com' does not appear…

      639 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: oidc
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      28 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    10. Provide a 301 (Permanent) redirect service for apex (naked) domains

      Discussed in the Azure DNS docs: https://azure.microsoft.com/en-us/documentation/articles/dns-getstarted-create-recordset/#comment-2294403853

      Right now, you must use a static IP address if you want to point an apex (naked) domain (e.g., mycompany.com) to a Cloud Service (e.g., mycloudservice.cloudapp.net). Static IP's are stable as long as the Cloud Service isn't deprovisioned; however, for maximum security, simplicity, and maintainability (i.e., even if a cloud service is deprovisioned), it would be awesome if we could have 301 redirects for the apex domain to a the www CNAME endpoint and not need to be concerned with the IP address of the Cloud Service at all. The scenario goes like…

      529 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: oidc
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    11. Provide explicit drain stop capabilities for Load Balancing.

      Many on-prem systems rely on an ability to gracefully drain traffic from a node before removing it from load balancing for updates or maintenance. While there are workarounds today for the Azure Load Balancing infrastructure (http://serverfault.com/questions/686095/gracefully-take-a-server-out-of-azure-load-balancer-drain-stop) it's not as flexible as existing on-prem services. Please add this feature.

      468 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: oidc
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      18 comments  ·  Load Balancing  ·  Flag idea as inappropriate…  ·  Admin →
    12. Support SSL certificates stored in Key Vault secrets for listeners and backend HTTP settings on Application Gateway

      Azure Web Apps support the ability to store an SSL certificate in a Key Vault secret. A certificate resource can be created that references the Key Vault secret. The App service will periodically check for an updated SSL certificate in the Key Vault. The Application Gateway needs to have the same support for storing the SSL certificates in the Key Vault. It should be able to reference a Key Vault secret that contains the SSL certificate in the listener and backend HTTP settings configuration. This capability will allow the management of SSL certificates for Application Gateway and the Web Apps…

      465 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: oidc
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      26 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    13. Change existing Public IP SKU from Basic to Standard

      We have already setup our business in Azure and utilize Public IPs in our infrastructure that are used by many different clients. With the release of Standard SKU Load Balancer and the requirement for Standard SKU Public IPs, we cannot proceed to upgrade our setup. A change in IPs would mean weeks or even months in planning/communication and reconfiguration of firewalls,VPNs,application restrictions.

      461 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: oidc
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      under review  ·  25 comments  ·  IP addresses  ·  Flag idea as inappropriate…  ·  Admin →
    14. Allow DNS servers to be advertised per subnet instead of VNET

      Instead of advertising the DNS servers per VNET, is there anyway we can specify what DNS servers should be advertised per subnet? In most cases, I would create a VNET and use NSGs to segregate out my traffic.

      The problem with specifying the DNS servers for the whole VNET, is now I am required to create a completely separate VNET for a DMZ, as my internal DNS servers are being advertised to those machines. In this case, being able to specify DNS servers at a subnet level will allow more flexibility in regards to creating one VNET instead of multiple…

      449 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: oidc
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      18 comments  ·  Virtual Networks (VNET)  ·  Flag idea as inappropriate…  ·  Admin →
    15. Let's Encrypt Integration for HTTPS certificates

      It should be possible to define a list of SSL hostnames. Application Gateway should automatically acquire and renew certificates for all given hostnames (most probably through the HTTP domain validation process).

      For every request, Application Gateway should use the correct certificate based on the hostname.

      Supporting multiple hostnames is critical to use Let's Encrypt with multi-site routing.

      441 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: oidc
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    16. Site to Site VPN: allow local network range to include Azure VNET range

      I’ve created a virtual network (10.25.0.0/17) that our instances will live in, and created a local network representing CORPNET (10.0.0.0/8). In effect, we’re trying to have the virtual network be a subnet within our larger internal IP block to emulate an internal datacenter. When trying to create the site to site VPN using the local network, I get an error about an address conflict, which seems to be due to the virtual network and local network be overlapping.
      Per MSFT: The local network range cannot include the Azure VNET range. The local network definition(s) are used to establish routes between…

      424 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: oidc
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    17. VPN Gateway monitoring

      It would be great to have monitoring options in the azure portal which would show the bandwidth usage and throughput charts. It would help in figuring out if the 100mbps limit of the standard gateway sku is being hit at peak loads. If the details can be further provided for each individual site-to-site or point-to-site connection then that would be great thing to have. It would help immensely in finding out which connection is hogging the bandwidth the most.

      422 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: oidc
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    18. Auto-connect for point-to-site VPN.

      When the device is restarted, or internet connectivity is regained, the device automatically connects to the VPN again.

      380 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: oidc
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    19. Please add port-mirroring to Azure to enable DLP and logging applications

      We would like a virtual span port or port-mirroring ability

      361 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: oidc
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      planned  ·  13 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
    20. Increase listener limit for Application Gateway

      Application gateway has a very low listener limit (20 listeners / certificates). This severely limits it's usefulness for multi-tenant/domain applications where a web farm / service hosts many endpoints. IIS itself has no such small limit, but due to constraints on certificate deployment in cloud services, Application Gateway is the only clear path to wide scale SNI based SSL hosting. With it's low limit, it does not come close to meeting our use case. I would suggest the limit be removed or set to a very high limit like 10k+ so many certificates could be bound to host many different…

      341 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: oidc
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      19 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      We have raised the limit to 100 recently. We are regularly reviewing the limits and will continue to look for opportunities to raise the limits even further. If you have scenarios requiring limits higher than what is supported, please add your scenario details here (if you are comfortable with that) or raise an issue with Azure support and we will get back to you.

    ← Previous 1 3 4 5 35 36
    • Don't see your idea?

    Feedback and Knowledge Base