Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details
  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details
  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details
  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    How can we improve Azure Networking?

    You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

    There are two ways to get more votes:

    • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
    • You can remove your votes from an open idea you support.
    • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
    (thinking…)

    Enter your idea and we'll search to see if someone has already suggested it.

    If a similar idea already exists, you can support and comment on it.

    If it doesn't exist, you can post your idea so others can support it.

    Enter your idea and we'll search to see if someone has already suggested it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Standard Load Balancer should support using an "internal" IP address for probing the ports.

      The Standard Load Balancer and HA ports are are recommended for load balancing firewall appliances. However, the Load Balancer probe uses a common IP address for internal and external load balancers. This means that only the internal or external ports can be load balanced, which means that a messy Zookeeper alternative must be built to monitor the firewall availability.

      4 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        I agree to the terms of service
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        1 comment  ·  Load Balancing  ·  Flag idea as inappropriate…  ·  Admin →
      • 3 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          I agree to the terms of service
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          0 comments  ·  Load Balancing  ·  Flag idea as inappropriate…  ·  Admin →
        • Change some config on load balancer it takes more than 3 minutes to take effect on it after i saw the succeed returned result on portal.

          This is a customer's comment:
          When changing some config on load balancer it takes more than 3 minutes to take effect on it after i saw the succeed returned result on portal.So the message shows on the portal is not real-time status of the config effecting.

          1 vote
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            I agree to the terms of service
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            0 comments  ·  Load Balancing  ·  Flag idea as inappropriate…  ·  Admin →
          • On Azure portal,under Load balancer the statement of floating IP should be updated.

            Recently i took a case ,customer complained this .On Azure portal,under Load balancer the statement of floating IP "says 'We recommend using this feature only when configuring a SQL Always" needs to be updated.
            The statement needs to be updated as follows :
            We recommend using this feature only when configuring a SQL AlwaysOn Availability Group Listener and SQL Failover Clustered Instance (FCI) IP Address.

            The current statement appears to be old and was true before we started supporting SQL FCI on Azure. You can see the details here
            https://docs.microsoft.com/en-us/azure/virtual-machines/windows/sql/virtual-machines-windows-portal-sql-create-failover-cluster

            1 vote
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              I agree to the terms of service
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              0 comments  ·  Load Balancing  ·  Flag idea as inappropriate…  ·  Admin →
            • Azure load balancer probe service

              Currently you need to provide a custom probe service or use applications (e g SQL Always-On Availability Group) which has built-in probe services or use other services' ports (e g RPC 135) for the probe service. Would it be possible to provide a probe service application that you can install as a service on the nodes instead of having to write your own probe service? I have seen some C# samples of such TCP port probe services, which you could install as a service, but it would be better to have official in case there are improvements, updates or changes…

              3 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                I agree to the terms of service
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                0 comments  ·  Load Balancing  ·  Flag idea as inappropriate…  ·  Admin →
              • fail over active flows from unhealthy to healthy nodes

                In the context of HA ports, we want to use it to loadbalance traffic through a state-synchronized cluster of firewalls. But today the LB itself does not fail over active TCP sessions. This makes state-synchronization on the firewall side useless, and results in hanging TCP sessions when a node fails.

                10 votes
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  I agree to the terms of service
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  under review  ·  1 comment  ·  Load Balancing  ·  Flag idea as inappropriate…  ·  Admin →
                • Zero Downtime Deploys with Azure Load Balancer

                  Currently, Azure Load Balancer does not support any way to programatically mark a node unhealthy or otherwise remove it from the pool temporarily during maintenance. Meaning you have to accept errors to your end users while deploying. It'd be great to either allow a request from the node, or a secondary health check to mark a node as unhealthy without it actually sending errors back to the user.

                  11 votes
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    I agree to the terms of service
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    under review  ·  0 comments  ·  Load Balancing  ·  Flag idea as inappropriate…  ·  Admin →
                  • HA Ports for Standard load balancers with Public IP

                    Current review of HA ports only supports Internal LB without any public IP attached. The majority of NVA deployments are with Public IP attached to the LB.

                    43 votes
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      I agree to the terms of service
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      under review  ·  1 comment  ·  Load Balancing  ·  Flag idea as inappropriate…  ·  Admin →
                    • Binding same IP Address to mulitiple VM

                      I love using your feature load balancer but, our product deployed on multiple VM for redundancy need to share IP address across the VM. Could we have option to bind IP to multiple VM?

                      1 vote
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        I agree to the terms of service
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        under review  ·  1 comment  ·  Load Balancing  ·  Flag idea as inappropriate…  ·  Admin →
                      • Active / passive load balancing without the dependency of the cluster service.

                        Active / passive load balancing without the dependency of the cluster service.

                        1 vote
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          I agree to the terms of service
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          0 comments  ·  Load Balancing  ·  Flag idea as inappropriate…  ·  Admin →
                        • Load Balancer real time statistics

                          I suggest to add the real time statistics in the load balancer so that user can view how much connections are being made to the front end servers and how much data has been transferred.

                          Also it must show the sessions ids and how much hits on the backend pool.

                          7 votes
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            I agree to the terms of service
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            0 comments  ·  Load Balancing  ·  Flag idea as inappropriate…  ·  Admin →
                          • Set idle session timeout for WebApps

                            We want to be able to set idle session timeout in order to reduce SSL handshakes and reduce expensive mobile traffic from our IoC clients to our WebApp. There is currently no way of increasing it beyond 4 minutes. We want to be able to set the same load balancer options as for the dedicated Load Balancer but in Azure Web Apps, please!´

                            OR

                            Beeing able to put a configurable Azure Load Balancer in front of a Azure Web App cluster.

                            Regards,
                            Olof

                            7 votes
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              I agree to the terms of service
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              0 comments  ·  Load Balancing  ·  Flag idea as inappropriate…  ·  Admin →
                            • Increase Idle Timeout on Internal Load Balancers to 120 Mins

                              We use Azure Internal Load Balancers to front services which make use of direct port mappings for backend connections that are longer than the 30 min upper limit on the ILB. That is, our ILBs accept port connections on a nominated set of ports and pass those connections to the backend services running on the same ports.
                              We are experiencing dropped TCP connections from clients connecting to the backend services via the ILB. After investigating the issue in collaboration with the Azure Networking Team it was verified that altering the default OS TCP keep alive duration to below 30mins would…

                              117 votes
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                I agree to the terms of service
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                under review  ·  0 comments  ·  Load Balancing  ·  Flag idea as inappropriate…  ·  Admin →
                              • http probing SharePoint VMs

                                Hi,
                                we have an Azure IaaS dev SharePoint farm and we use Azure Load balancer to handle visitors trafic. We need to probe the SharePoint VMs using http (to get http return codes from a specific SharePoint page) and we discovered that to make http probing work, we had to add an unrelated 100.64.0.0/10 IP to the internal SharePoint alternate access mappings, which turned out to be the VM's physical host private Ip address.
                                Problem is, we shut down the dev VM at night and when they're restarted, they're reallocated to a new host and then refuse to answer correctly…

                                9 votes
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  I agree to the terms of service
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  4 comments  ·  Load Balancing  ·  Flag idea as inappropriate…  ·  Admin →

                                  Thank you for suggesting this. This is appears to be a defect triggered by the mandatory HTTP Host: header specifically. We’re investigating how we can address, how the interaction with Sharepoint AAM actually takes place and how we can change this without breaking existing deployments. This will take some time to sort out.

                                • Load Balancing on Linux servers - net.ipv4.tcp_tw_recycle & reuse settings

                                  Currently you don't allow net.ipv4.tcp_tw_recycle, net.ipv4.tcp_tw_reuse and net.ipv4.tcp_tw_timestamps to be set to 1. You require them to be set to default 0. For our MapR performance improvements, we are required to set them to 1 - which prevents the wait time for the socket to become available and reuses existing.

                                  It will be nice if you could allow us to use the Load Balancer even when we set the reuse and recycle flag to 1.

                                  6 votes
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    I agree to the terms of service
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    1 comment  ·  Load Balancing  ·  Flag idea as inappropriate…  ·  Admin →

                                    Thank you for suggesting this. I have added this is to feature backlog and we need to investigate further if this can be addressed or how. Please follow current support guidance for now to set these kernel variables as follows:

                                    net.ipv4.tcp_tw_recycle = 0
                                    net.ipv4.tcp_tw_reuse = 0
                                    net.ipv4.tcp_timestamps = 0

                                  • Support SNAT on internal Azure load Balancer

                                    Currently it seems Azure Internal Load Balancer does not support Source NAT.
                                    this mean that if 2 different services hosted on 2 different VM and the VM are on the same vnet the traffic is not load balanced if the ILB route the traffic to the same VM that start the request.
                                    example:
                                    Service A (exposed on port x) and B (exposed on port y) are hosted on VM 1 and VM2 on the same vnet.
                                    Service A has VIP z and Service B has VIP m.
                                    if service A is recalled via VIP z from VM 1 and ILB…

                                    121 votes
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      I agree to the terms of service
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      2 comments  ·  Load Balancing  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Azure Load Balancer to support HTTPS probes

                                      Currently it is not possible to utilise a HTTPS (port 443) probe against a backend pool and as a result you must use either port 80 or a TCP probe which isn't the same as actually making a HTTPS request and testing the HTTP response code.

                                      349 votes
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        I agree to the terms of service
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        6 comments  ·  Load Balancing  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Provide explicit drain stop capabilities for Load Balancing.

                                        Many on-prem systems rely on an ability to gracefully drain traffic from a node before removing it from load balancing for updates or maintenance. While there are workarounds today for the Azure Load Balancing infrastructure (http://serverfault.com/questions/686095/gracefully-take-a-server-out-of-azure-load-balancer-drain-stop) it's not as flexible as existing on-prem services. Please add this feature.

                                        206 votes
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          I agree to the terms of service
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          2 comments  ·  Load Balancing  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Allow ICMP ping to VIP (Allow Ping inbound)

                                          Vote for allowing UDP through the firewall. Such as ping inbound, because the ping are the minimal required for so much app.

                                          34 votes
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            I agree to the terms of service
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            1 comment  ·  Load Balancing  ·  Flag idea as inappropriate…  ·  Admin →
                                          • Custom Destination on load balancer failure

                                            It would be good if when the loadbalancer probe fails (It can't reach any page in a timely fashion) it could redirect to a failureURL. This way in the event that something is going wrong customers could still be given a brandend friendly error message or be assured we are working on it.

                                            33 votes
                                            Vote
                                            Sign in
                                            Check!
                                            (thinking…)
                                            Reset
                                            or sign in with
                                            • facebook
                                            • google
                                              Password icon
                                              I agree to the terms of service
                                              Signed in as (Sign out)
                                              You have left! (?) (thinking…)
                                              1 comment  ·  Load Balancing  ·  Flag idea as inappropriate…  ·  Admin →
                                            ← Previous 1
                                            • Don't see your idea?

                                            Feedback and Knowledge Base