Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details
  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details
  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details
  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    How can we improve Azure Networking?

    You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

    There are two ways to get more votes:

    • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
    • You can remove your votes from an open idea you support.
    • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
    (thinking…)

    Enter your idea and we'll search to see if someone has already suggested it.

    If a similar idea already exists, you can support and comment on it.

    If it doesn't exist, you can post your idea so others can support it.

    Enter your idea and we'll search to see if someone has already suggested it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Provide explicit drain stop capabilities for Load Balancing.

      Many on-prem systems rely on an ability to gracefully drain traffic from a node before removing it from load balancing for updates or maintenance. While there are workarounds today for the Azure Load Balancing infrastructure (http://serverfault.com/questions/686095/gracefully-take-a-server-out-of-azure-load-balancer-drain-stop) it's not as flexible as existing on-prem services. Please add this feature.

      471 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: oidc
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      18 comments  ·  Load Balancing  ·  Flag idea as inappropriate…  ·  Admin →
    2. Support SNAT on internal Azure load Balancer

      Currently it seems Azure Internal Load Balancer does not support Source NAT.
      this mean that if 2 different services hosted on 2 different VM and the VM are on the same vnet the traffic is not load balanced if the ILB route the traffic to the same VM that start the request.
      example:
      Service A (exposed on port x) and B (exposed on port y) are hosted on VM 1 and VM2 on the same vnet.
      Service A has VIP z and Service B has VIP m.
      if service A is recalled via VIP z from VM 1 and ILB…

      225 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: oidc
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      7 comments  ·  Load Balancing  ·  Flag idea as inappropriate…  ·  Admin →
    3. HA Ports for Standard load balancers with Public IP

      Current review of HA ports only supports Internal LB without any public IP attached. The majority of NVA deployments are with Public IP attached to the LB.

      185 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: oidc
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      8 comments  ·  Load Balancing  ·  Flag idea as inappropriate…  ·  Admin →
    4. Increase Idle Timeout on Internal Load Balancers to 120 Mins

      We use Azure Internal Load Balancers to front services which make use of direct port mappings for backend connections that are longer than the 30 min upper limit on the ILB. That is, our ILBs accept port connections on a nominated set of ports and pass those connections to the backend services running on the same ports.
      We are experiencing dropped TCP connections from clients connecting to the backend services via the ILB. After investigating the issue in collaboration with the Azure Networking Team it was verified that altering the default OS TCP keep alive duration to below 30mins would…

      126 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: oidc
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      under review  ·  2 comments  ·  Load Balancing  ·  Flag idea as inappropriate…  ·  Admin →
    5. Internal load balancer vnet peering

      Currently when you connect 2 VNETS using a global vnet peer you cannot access internal load balancer between the networks. E.g if you have a resource behind a load balancer in vnet1 and you try to connect to the load balancer from vnet2 then you cannot connect.

      This causes problems for SQL Server Availability groups running over 2 regions meaning you need an internal load balancer in each region. If you then have a web farm spread over the 2 regions only web servers within the region hosting the listener address can connect to the listener. This basically removes one…

      122 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: oidc
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      6 comments  ·  Load Balancing  ·  Flag idea as inappropriate…  ·  Admin →
    6. Internal load balancer Log Analytics

      Log analytics currently works only for Internet facing load balancers.
      We need this very urgent for our Internal facing load balancers!

      78 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: oidc
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      5 comments  ·  Load Balancing  ·  Flag idea as inappropriate…  ·  Admin →
    7. Azure Loadbalancer must delete unhealthy VM of Azure VMSS

      I have create Azure VMSS behind Public Azure Std LB with HTTP based Health Probe. Azure Loadbalancer is working as per expectation. But If VM is unhealthy then it must be deleted or re-provisioned. So that machine can attain healthy state again.

      73 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: oidc
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      4 comments  ·  Load Balancing  ·  Flag idea as inappropriate…  ·  Admin →
    8. Support communicating to the frontend IP address of a globally peered internal load balancer

      The VNet peering documentation contains the following constraint:

      Resources in one virtual network cannot communicate with the frontend IP address of an Azure internal load balancer in the globally peered virtual network. The load balancer and the resources that communicate with it must be in the same region.

      In scenarios that require a resource to access a load balanced application in another region, a 3rd party load balancer is required.

      50 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: oidc
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      started  ·  6 comments  ·  Load Balancing  ·  Flag idea as inappropriate…  ·  Admin →
    9. Allow ICMP ping to VIP (Allow Ping inbound)

      Vote for allowing UDP through the firewall. Such as ping inbound, because the ping are the minimal required for so much app.

      46 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: oidc
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Load Balancing  ·  Flag idea as inappropriate…  ·  Admin →
    10. HA Port feature should support stateless load balancing.

      The objective is to support two types of scenarios
      1. Active-Passive firewalls.
      Currently if the active firewall fails the LB keeps sending the data to dead firewall and the existing TCP sessions times out causing the disruption/outage to the user traffic. However, if the LB simply diverts the traffic to the newly Active firewall without worrying about state, the disruption or outage to the user will not have to experience any termination, because normally most Active-Passive firewall implementation session states are shared between the pair. This will mean that there is no outage during Azure maintenance windows. This means no…

      45 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: oidc
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      3 comments  ·  Load Balancing  ·  Flag idea as inappropriate…  ·  Admin →
    11. Standard Load Balancer should support using an "internal" IP address for probing the ports.

      The Standard Load Balancer and HA ports are are recommended for load balancing firewall appliances. However, the Load Balancer probe uses a common IP address for internal and external load balancers. This means that only the internal or external ports can be load balanced, which means that a messy Zookeeper alternative must be built to monitor the firewall availability.

      43 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: oidc
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      3 comments  ·  Load Balancing  ·  Flag idea as inappropriate…  ·  Admin →
    12. Allow Upgrade or Swap VIP also when number of endpoints has been changed

      Or allow the external IP address to be fixed/allocated to the Hosted Service.

      The scenario is that during the lifetime of the application you may need to modify the number of endpoints, and re-deploy the solution BUT KEEP PUBLIC IP.

      The best would be if Swap VIP could handle this - to avoid downtime, but I am willing to have some downtime as long as Upgrade is supported. This is to avoid service unavailable during the time DNS CNAME records are updated.

      41 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: oidc
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      4 comments  ·  Load Balancing  ·  Flag idea as inappropriate…  ·  Admin →
    13. Active/Standby mode for a Backend Pool on a Load Balancer

      You select one device to be active in the backend pool and another to be standby. If the primary fails then the secondary becomes active. This would work great with other vendors Firewall NVA appliances running in Active/Standby scenario.

      40 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: oidc
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Load Balancing  ·  Flag idea as inappropriate…  ·  Admin →
    14. Custom Destination on load balancer failure

      It would be good if when the loadbalancer probe fails (It can't reach any page in a timely fashion) it could redirect to a failureURL. This way in the event that something is going wrong customers could still be given a brandend friendly error message or be assured we are working on it.

      37 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: oidc
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Load Balancing  ·  Flag idea as inappropriate…  ·  Admin →
    15. allow custom host header for azure load balancer health probes

      HTTP health probes for Azure load balancer are hard-coded to use the IP of backend as their host headers. This forces the backend hosts have to be configured to allow its IP as one of its allowed domain. It's very surprising that Azure doesn't custom host header for HTTP(s) health probes. Please add custom headers for HTTP(s) heath probes; at least, host header support should be there.

      29 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: oidc
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Load Balancing  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    16. Zero Downtime Deploys with Azure Load Balancer

      Currently, Azure Load Balancer does not support any way to programatically mark a node unhealthy or otherwise remove it from the pool temporarily during maintenance. Meaning you have to accept errors to your end users while deploying. It'd be great to either allow a request from the node, or a secondary health check to mark a node as unhealthy without it actually sending errors back to the user.

      26 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: oidc
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      under review  ·  0 comments  ·  Load Balancing  ·  Flag idea as inappropriate…  ·  Admin →
    17. TLS termination of TCP/TLS traffic

      It would be useful for Azure Load Balancer to support TLS termination / offloading when using TCP/TLS traffic.
      Application Gateway can do it for HTTPs traffic but there is no way to do it for other protocols based on TLS.
      AWS can do it with the Network Load Balancer tier of AWS Elastic Load Balancing.

      25 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: oidc
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Load Balancing  ·  Flag idea as inappropriate…  ·  Admin →
    18. Load Balancing on Linux servers - net.ipv4.tcp_tw_recycle & reuse settings

      Currently you don't allow net.ipv4.tcp_tw_recycle, net.ipv4.tcp_tw_reuse and net.ipv4.tcp_tw_timestamps to be set to 1. You require them to be set to default 0. For our MapR performance improvements, we are required to set them to 1 - which prevents the wait time for the socket to become available and reuses existing.

      It will be nice if you could allow us to use the Load Balancer even when we set the reuse and recycle flag to 1.

      20 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: oidc
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Load Balancing  ·  Flag idea as inappropriate…  ·  Admin →

      Thank you for suggesting this. I have added this is to feature backlog and we need to investigate further if this can be addressed or how. Please follow current support guidance for now to set these kernel variables as follows:

      net.ipv4.tcp_tw_recycle = 0
      net.ipv4.tcp_tw_reuse = 0
      net.ipv4.tcp_timestamps = 0

    19. VM scale set does not work with internal standard sku Azure load balancer backend pool

      It would be great if allowing Selection of VMs within scale set for standard SKU Load balancer backend pool.

      the feature does exist in Basic only , yet in Standard not. even though it is mentioned in the documentation it supports it. https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-standard-overview#why-use-standard-load-balancer

      Currently, we can associate a public facing load balancer with VM scale set when creating a scale set on the Azure portal. But if we create an internal standard load balancer and a scale set separately. We could not select this scale set as backend pool.

      19 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: oidc
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Load Balancing  ·  Flag idea as inappropriate…  ·  Admin →
    20. Active / passive load balancing without the dependency of the cluster service.

      Active / passive load balancing without the dependency of the cluster service.

      16 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: oidc
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Load Balancing  ·  Flag idea as inappropriate…  ·  Admin →
    ← Previous 1 3
    • Don't see your idea?

    Feedback and Knowledge Base