Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details
  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details
  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details
  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    How can we improve Azure Networking?

    You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

    There are two ways to get more votes:

    • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
    • You can remove your votes from an open idea you support.
    • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
    (thinking…)

    Enter your idea and we'll search to see if someone has already suggested it.

    If a similar idea already exists, you can support and comment on it.

    If it doesn't exist, you can post your idea so others can support it.

    Enter your idea and we'll search to see if someone has already suggested it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. GetBestNeigbhors for a given Source Azure Region

      GetBestNeighbors
      Input :
      AzureRegion SourceRegion : Source region , Frame of Reference
      AzureRegion[] Regions : List of regions which needs to be reached from Source Region

      Output : Ordered list of azure regions “best” reachable from SourceRegion

      Alternatively , Simpler version

      GetBestNeighbors
      Input :
      AzureRegion SourceRegion : Source region

      Output : Ordered list of all available azure regions “best” reachable from SourceRegion

      Alternatively ,Even more simpler version

      GetBestNeighbors
      Input :

      Output : Ordered list of all available azure regions “best” reachable from SourceRegion. This must be same as it would have been called from Source region as above.

      2 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        I agree to the terms of service
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        0 comments  ·  Network Watcher  ·  Flag idea as inappropriate…  ·  Admin →
      • Local Network Watcher for End User for their Azure Instance

        Local Network Watcher possibly tied into Internet Connection API. No overhead and only fires when the connection drops or is having issues. Allows the user to input their own instances and is able to visually see where the issue might be and possible solutions. So a mini Network Monitor.

        3 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          I agree to the terms of service
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          0 comments  ·  Network Watcher  ·  Flag idea as inappropriate…  ·  Admin →
        • scheduled connectivity check

          Scheduled connectivity check
          Check functionality is fine. I want to get email when check is completed and failed. So we need recurring checks.

          3 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            I agree to the terms of service
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            0 comments  ·  Network Watcher  ·  Flag idea as inappropriate…  ·  Admin →

            Thank you for your feedback. We are investigating your suggestion to make scheduled connectivity checks with alerting and we will continue to update the status of this item appropriately. Please continue to share any feedback regarding the connectivity check and Network Watcher

          • Predefined Access Rules for Every Region

            Microsoft Azure should have predefined access rules for every region.
            For example, if someone wants to block traffic for every region except only one, should choose to allow for the specific one and add block rule for every other region.
            That would be good for DDos attacks

            3 votes
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              I agree to the terms of service
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              0 comments  ·  Network Watcher  ·  Flag idea as inappropriate…  ·  Admin →
            • Introduce alert mechanism in network watcher?

              It would be great if you can introduce an alert mechanism with all the monitoring it does. For exmaple : similar to what we have for Azure VMs, when the cpu utilization goes down we can configure an alert for the based on the threshold.

              Network watcher monitors many many things it should have the capability to generate alerts based on it's monitoring capabilities.

              4 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                I agree to the terms of service
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                0 comments  ·  Network Watcher  ·  Flag idea as inappropriate…  ·  Admin →

                Thank you for your feedback. We are reviewing your suggestion about how we can provide alerting functionality in Network Watcher. It would be helpful if you could comment on which features or monitoring areas you would most like to see alerting.

              • Add OMS integration for NSG Flog Logs

                Currently you can only send flow logs to a storage account. Add support for sending them to OMS.

                27 votes
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  I agree to the terms of service
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  0 comments  ·  Network Watcher  ·  Flag idea as inappropriate…  ·  Admin →
                • Network Watcher in Azure Stack?

                  Can you provide any guidance on when we could expect to see this awesome tool in Azure Stack? it would be hugely beneficial

                  7 votes
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    I agree to the terms of service
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    2 comments  ·  Network Watcher  ·  Flag idea as inappropriate…  ·  Admin →
                  • Next Hop - show which route entry was used

                    When you use next hop feature, it shows the route table ID that was used - but it would be nice if it showed the rule name from the route table as well.

                    7 votes
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      I agree to the terms of service
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      0 comments  ·  Network Watcher  ·  Flag idea as inappropriate…  ·  Admin →
                    • Let IP flow verify show which NSG is matched.

                      The current implementation of IP flow verify in network watcher shows the name of the rule that is matched for allowing/denying traffic. It doesn't show the name of the effective NSG itself (only the rule in an NSG). A useful addition would be to show the name of the NSG in additional to the matched rule. A click through to the NSG for instant changes would help as well.

                      4 votes
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        I agree to the terms of service
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        0 comments  ·  Network Watcher  ·  Flag idea as inappropriate…  ·  Admin →
                      • Let security group view show the order in which rules are processed

                        The current security group view allows multiple ways to sort the security rules that show up. It would be most useful if there would be a way to sort the security rules in the effective way they would be processed, meaning:
                        1. customer defined rules on the subnet
                        2. default rules on the subnet
                        3. customer defined rules on the NIC
                        4. default rules on the NIC.

                        1 vote
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          I agree to the terms of service
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          0 comments  ·  Network Watcher  ·  Flag idea as inappropriate…  ·  Admin →

                          Thank you for the suggestion, we’ll consider adding this sort option. The current UI in Portal provides you with tabs to see the security rules applied on the Subnet and the NIC, as well as the default rules.

                          Note, the rule processing order you provided only applies for inbound traffic. From https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-nsg :

                          Inbound traffic

                          1. NSG applied to subnet: If a subnet NSG has a matching rule to deny traffic, the packet will be dropped.

                          2. NSG applied to NIC (Resource Manager) or VM (classic): If VM\NIC NSG has a matching rule to deny traffic, packet will be dropped at VM\NIC, although subnet NSG has a matching rule to allow traffic.

                          Outbound traffic

                          1. NSG applied to NIC (Resource Manager) or VM (classic): If VM\NIC NSG has a matching rule to deny traffic, the packet will be dropped.

                          2. NSG applied to subnet: If…

                        • Allow access to packet capture while capture is running.

                          When a packet capture is running in the Network watcher, you currently have to wait until the capture is complete to view the .pcap file. It would be useful to be able to look at the .pcap file while the capture is running.

                          5 votes
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            I agree to the terms of service
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            0 comments  ·  Network Watcher  ·  Flag idea as inappropriate…  ·  Admin →
                          • Monitor container network traffic within a node

                            I would like to see a solution for monitoring traffic between containers on the same node. I'm not sure if the Network Watcher product already does this or not - it wasn't specified.

                            1 vote
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              I agree to the terms of service
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              2 comments  ·  Network Watcher  ·  Flag idea as inappropriate…  ·  Admin →
                            • Network Watcher Topology should get information for resources in different resource group than VNET

                              The preview of Network Watcher has a Topology feature which draws objects connected to a specific VNET, which is great. But, I noted that for a full topology, ALL resources need to be on the same Resource Group than the VNET chosen. That doesn't make sense, because is pretty common to have VMs and NICs on different RGs. Would be great if you choose a RG and a VNET as a starting point, and Topology feature gather all other resources interconnected independently of their RGs.

                              46 votes
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                I agree to the terms of service
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                planned  ·  6 comments  ·  Network Watcher  ·  Flag idea as inappropriate…  ·  Admin →
                              • Azure Networking Traffic Simulator

                                You should consider adding a Azure Networking Traffic Simulator somewhere in Azure to provide better tooling for troubleshooting and configuring NSG firewall rules.

                                2 votes
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  I agree to the terms of service
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  planned  ·  1 comment  ·  Network Watcher  ·  Flag idea as inappropriate…  ·  Admin →
                                • Network Monitor Dashboard

                                  Provide a dashboard to help understand the Azure network topology and to visualise the NSG rules

                                  11 votes
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    I agree to the terms of service
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    0 comments  ·  Network Watcher  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Can network traffic (volume, speed, etc.) be visible in blades either at network interface or network security group?

                                    Can network traffic (volume, speed, etc.) be a tile visible in blades either at network interface or network security group or VM?

                                    1 vote
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      I agree to the terms of service
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      0 comments  ·  Network Watcher  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Don't see your idea?

                                    Feedback and Knowledge Base