Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details
  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details
  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    How can we improve Azure Networking?

    You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

    There are two ways to get more votes:

    • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
    • You can remove your votes from an open idea you support.
    • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
    (thinking…)

    Enter your idea and we'll search to see if someone has already suggested it.

    If a similar idea already exists, you can support and comment on it.

    If it doesn't exist, you can post your idea so others can support it.

    Enter your idea and we'll search to see if someone has already suggested it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Display health probe status in Load Balancer

      Display health probe status for each node in the backend pools in Load Balancer

      2 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        I agree to the terms of service
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        0 comments  ·  Load Balancing  ·  Flag idea as inappropriate…  ·  Admin →
      • Increase limit for Public IP by Virtual Machine

        Increase limit for Public IP by Virtual Machine, today we can set just one IP for each VM. Sometimes it is important to get more IP by instance, mainly when I've many websites on some host. We could to create other VIPs.

        3 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          I agree to the terms of service
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          1 comment  ·  IP addresses  ·  Flag idea as inappropriate…  ·  Admin →
        • Gray out existing connections so they can't be connected with ExpressRoute.

          Gray out existing connections so they can't be connected with ExpressRoute again and cause an outage.

          Failed to create connection 'ExpressRoute-EUS'. Error: The ExpressRoute connection for Nrp Resource Uri: https://eastus.network.azure.com/subscriptions/GUID/resourceGroups/expressroute-rg/providers/Microsoft.Network/connections/ExpressRoute-EUS2 already exists with a different Nrp Resource Uri:https://eastus.network.azure.com/subscriptions/GUID/resourceGroups/expressroute-rg/providers/Microsoft.Network/connections/US-East2

          "Do not allow redundant ER connection deployments to start. There is currently an error message but no block to starting a redundant connection deployment. This operation causes the circuit to lose connectivity."

          15 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            I agree to the terms of service
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            0 comments  ·  ExpressRoute  ·  Flag idea as inappropriate…  ·  Admin →
          • multiple public IP

            Allow secondary NICs to have public IPs. We're trying to deploy Palo Alto Network appliances as a VPN endpoint and it requires dual-NIC each with a public IP address. PA's reference architecture uses a NAT server to provide a second public interface. This is not idea since we have to manage multiple servers and routes. The completed multi public IP feature allows multiple public IPs on the same NIC. We're looking for public IPs on multiple NICs.

            2 votes
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              I agree to the terms of service
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              0 comments  ·  IP addresses  ·  Flag idea as inappropriate…  ·  Admin →
            • NAPTR Support (Name Authority Pointer)

              Support NAPTR records with Azure DNS. These are primarily used to complement SRV records which you currently support.
              https://en.wikipedia.org/wiki/NAPTR_record

              1 vote
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                I agree to the terms of service
                Signed in as (Sign out)
                You have left! (?) (thinking…)
              • App Gateway to support an URL length which is greater than 2048 characters

                When running MVC applications with federated authentication with IdPs like Azure AD B2C, the OAuth response coming back from AD is always greater than 2048 character url length. This becomes limitation of AG as AG can not be used for application doing federated authentication with various IdPs including Azure AD B2C.

                Please remove the 2048 character limitation as well any other request size limitation which could truncate url as well as request body including cookies etc.

                3 votes
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  I agree to the terms of service
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
                • Allow special chartacters in the pre-shared key for IPSec VPN tunnels

                  Allow special chartacters in the pre-shared key for IPSec VPN tunnels

                  2 votes
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    I agree to the terms of service
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                  • HEAD requests to monitor health

                    It would be nice to be able to use HEAD requests for health monitoring instead of full GET

                    3 votes
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      I agree to the terms of service
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
                    • Headers to identify health monitoring requests

                      My ApplicationInsights logs show all the health requests done by AG to monitor the health of the system.
                      I'd like to have the possibility to recognize health requests through specific headers so that I can skip standard HTTP pipeline and immediately return 200 status code, without logging the request

                      3 votes
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        I agree to the terms of service
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
                      • virtual machine scale sets NSG support

                        Virtual machine scale sets (VMSS) do not have any feature which can allow blocking certain IP addresses from accessing it via load balancer. It would be great to have network security group support for VMSS to allow blocking unwanted traffic from the internet.

                        3 votes
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          I agree to the terms of service
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                        • Application Gateway WAF Rules and Concerns

                          I understand that AAGs WAF is in preview currently. We have the following concerns and would like to know what we should expect when WAF is GA.

                          It currently appears that all REST calls must contain certain headers (Accept, User-Agent). This causes problems with many 3rd party packages that make REST calls but are not configurable to adjust the headers before being sent. Is the expectation that when WAF is GA that these headers will still be required?

                          We currently have any PUT requests (with the necessary headers) rejected by the WAF:
                          Access denied with code 403 (phase 1). Match…

                          15 votes
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            I agree to the terms of service
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            1 comment  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
                          • NSG rule for Azure Backup and Recovery services.

                            Is it possible to have Azure fabric as a preset tag to allow traffic for Backup/ASR when creating NSG rules.

                            7 votes
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              I agree to the terms of service
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                            • stop letting non-Azure Microsoft networks use BGP routes that Azure learns through ExpressRoute. This easily leads to asymmetric routing.

                              stop letting non-Azure Microsoft networks use the BGP routes that Azure learns through ExpressRoute. This leads to asymmetry in many cases.
                              Also, the current behavior lets bandwidth hungry Microsoft services like Windows Update consume the bandwidth and metered data of ExpressRoute.
                              As of today, companies using ExpressRoute need to set up their network in an unnecessary complicated way to avoid this problem.
                              One way to do it is to only announce a small prefix, and use that prefix for NAT'ing all the traffic destined for Azure services over ExpressRoute.
                              Then one has to make sure that all traffic destined for…

                              12 votes
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                I agree to the terms of service
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                3 comments  ·  ExpressRoute  ·  Flag idea as inappropriate…  ·  Admin →
                              • Specify internal IP address during creating VM on Azure Portal

                                We cannot specify internal IP address during creating VM on Azure Portal, so it's required to specify IP address after VM creation. We want to specify internal IP address during creating VM on Azure Portal.

                                6 votes
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  I agree to the terms of service
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  0 comments  ·  Virtual Networks (VNET)  ·  Flag idea as inappropriate…  ·  Admin →
                                • Monitoring of ExpressRoute

                                  I want to be alerted, when my metered ExpressRoute is reaching a certain limit (that it is cheaper for me to go with unlimited model).
                                  Overall no monitoring supported to verify if peering is up, how much inbound and outbound traffic is going through the ExpressRoute/Virtual Network Gateway.
                                  The ExpressRoute is critical and therefore its state needs to be monitored.

                                  7 votes
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    I agree to the terms of service
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    started  ·  2 comments  ·  ExpressRoute  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Provide dyndns protocols

                                    Provide dyndns2 and other dynamic DNS protocols for Azure DNS to allow updating from network devices and such.

                                    1 vote
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      I agree to the terms of service
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)

                                      Hi,

                                      Thank you for your suggestion on feedback.azure.com for Dynamic DNS support in Azure DNS.

                                      Please can you clarify a couple of points about your suggestion for us:
                                      1. Are you looking for Dynamic DNS support for Internet-facing domains, or for internal domains?
                                      2. In the case of Internet domains, how would you expect requests to be secured?

                                      Thanks!

                                    • designate set of name servers to all self hosted dns zones

                                      When maintaining DNS Records in Azure, you have to update registrars records to use name servers assigned to a domain. Now that those nameserver sets varies, it takes extra effort to create Records, specially if you have to do it manually.
                                      It would be easier if you could try and use same set of name servers to all dnz zones for the dns zones you are maintaining.

                                      3 votes
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        I agree to the terms of service
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)

                                        Thanks for the suggestion. We are tracking this on our backlog.

                                        Some background: Azure DNS supports multiple name servers, which are dynamically assigned as zones are created. This allows us to let customers create zones without first proving that they own the domain name (since if we supported only a single name server set, we couldn’t allow just anyone to create a zone and thereby block the legitimate domain name owner). Domain proof-of-ownership checks are a significant hassle, so it’s important that we avoid them where possible.

                                        Having said all that, I do understand that in some scenarios having a consistent set of name server names is desirable, and we are considering options for how we might support this in future.

                                      • Add Custom Tags to NSG Rules

                                        It would be great if we can define our own on-premise network ranges (using 'Named networks' in AAD?) and add these as Custom Tags to our NSG rules. Now we have our on-premise ip-adresses/subnets as a seperate item in every NSG. When these ip-adresses/subnets change for whatever reason, we have to check every NSG and change this item. If we could use these 'centrally managed' ip-adresses/subnets as 'Custom Tags' in our NSG's rules we don't have to check and change every NSG rule with every ip-address change.

                                        32 votes
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          I agree to the terms of service
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                        • Enable configurable encryption cipher suites and priorities

                                          Legacy client applications that call our services are stuck on antiquated platforms like Java 1.6. These clients cannot use the latest/greatest TLS ciphers. There is no intersection of supported ciphers between vanilla Java 1.6 and those ciphers permitted by Application Gateway.

                                          Fighting to get customers to patch and upgrade their ERP and other systems in the name of security is often a time-consuming and losing battle.

                                          The ability to enable the ciphers of our choice, perhaps (dare I dream?) by source IP, would be an amazing boon to supporting legacy clients.

                                          24 votes
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            I agree to the terms of service
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            planned  ·  1 comment  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
                                          • Route Summarization in UDRs to direct traffic to Virtual Appliance

                                            For VNETS connected with Express Route, BGP Routes populate the Azure System Routes. So, we have to use UDRs to direct traffic to go to the Virtual Appliance Firewall, Traffic towards Any Route not in the UDR prefers the BGP Route and sends the traffic to the Virtual Network Gateway. This renders the summarized routes in UDR useless , as any route with a smaller subnet in BGP Routes, is preferred over the summarized UDR route, and the traffic for that route goes to the VNET Gateway instead of the Virtual Firewall.

                                            This limits our ability to route effectively, and…

                                            16 votes
                                            Vote
                                            Sign in
                                            Check!
                                            (thinking…)
                                            Reset
                                            or sign in with
                                            • facebook
                                            • google
                                              Password icon
                                              I agree to the terms of service
                                              Signed in as (Sign out)
                                              You have left! (?) (thinking…)
                                              3 comments  ·  ExpressRoute  ·  Flag idea as inappropriate…  ·  Admin →
                                            ← Previous 1 3 4 5 9 10
                                            • Don't see your idea?

                                            Feedback and Knowledge Base