Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details
  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details
  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details
  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    How can we improve Azure Networking?

    You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

    There are two ways to get more votes:

    • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
    • You can remove your votes from an open idea you support.
    • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
    (thinking…)

    Enter your idea and we'll search to see if someone has already suggested it.

    If a similar idea already exists, you can support and comment on it.

    If it doesn't exist, you can post your idea so others can support it.

    Enter your idea and we'll search to see if someone has already suggested it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. change virtual machine virtual network through portal

      Today, I needed to change a virtual network to a existing Virtual Machine. I had to delete this VM, create a new one using attached disks from the old one and set the Virtual Network. It would be nice if we had another way to do that, using Portal for example.

      650 votes
      Vote
      Sign in
      (thinking…)
      Password icon
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      16 comments  ·  Virtual Networks (VNET)  ·  Flag idea as inappropriate…  ·  Admin →
    2. Allow DNS servers to be advertised per subnet instead of VNET

      Instead of advertising the DNS servers per VNET, is there anyway we can specify what DNS servers should be advertised per subnet? In most cases, I would create a VNET and use NSGs to segregate out my traffic.

      The problem with specifying the DNS servers for the whole VNET, is now I am required to create a completely separate VNET for a DMZ, as my internal DNS servers are being advertised to those machines. In this case, being able to specify DNS servers at a subnet level will allow more flexibility in regards to creating one VNET instead of multiple…

      440 votes
      Vote
      Sign in
      (thinking…)
      Password icon
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      18 comments  ·  Virtual Networks (VNET)  ·  Flag idea as inappropriate…  ·  Admin →
    3. Offer NAT as a Service

      There is often the need to connect two or more networks with overlapping addresses over a VPN in regulated industries. The address spaces (often 10.0.0.0/8) can't be changed, however a DMZ subnet can be introduced in each network from the 172.16.0.0/12 address space. The DMZ subnets will not overlap between any network.

      Just like the load balancer, make a NAT device a first class function citizen in virtual networking and allow us to define SNAT, DNAT or Full NAT. Feel free to require a dedicated subnet for the device.

      Then make it easier for custom route rules to route traffic…

      209 votes
      Vote
      Sign in
      (thinking…)
      Password icon
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      planned  ·  8 comments  ·  Virtual Networks (VNET)  ·  Flag idea as inappropriate…  ·  Admin →
    4. Allow Network Security Groups (NSGs) to Reference Application Security Groups (ASGs) From Different Location

      Remove the limitation of restricting Network Security Groups (NSGs) ability to leverage/associate Application Security Groups (ASGs) that are not within the same location of the target Virtual Network (VNET).

      This is especially important, to provide granularity and segregation/isolation in a hub-and-spoke networking model (i.e. VNetA-ASG1-to-VNetB-ASG1), in association with VNet Peering.

      191 votes
      Vote
      Sign in
      (thinking…)
      Password icon
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      9 comments  ·  Virtual Networks (VNET)  ·  Flag idea as inappropriate…  ·  Admin →
    5. Allow transit routing between ExpressRoute, VPN Gateways, and NVAs by allowing them to peer with BGP and exchange routes.

      Allow transit routing between ExpressRoute Gateways, VPN Gateways, and NVAs by allowing them to peer with BGP and exchange routes. This functionality would give the customer more flexibility in how they lay out their network.

      154 votes
      Vote
      Sign in
      (thinking…)
      Password icon
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      12 comments  ·  Virtual Networks (VNET)  ·  Flag idea as inappropriate…  ·  Admin →
    6. Bring Your Own Public IP Address space and Internet subnet routing in Azure Virtual Networks

      When you own a public address space IPv4 and/or IPv6, Windows Azure should provide a way to use it (via LISP and/or classic routing).
      When you don't own a public address space, you should be able to rent it for your virtual network on Windows Azure both via Microsoft or via Tunnel Broker providers

      151 votes
      Vote
      Sign in
      (thinking…)
      Password icon
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      7 comments  ·  Virtual Networks (VNET)  ·  Flag idea as inappropriate…  ·  Admin →

      Reactivating this request…apologies that it was closed due to misunderstanding of your intent.

      We’ll take this request as: I need a simple way to host IP space that I own as Public IP’s in Azure which I can then use on my Azure-hosted services/VM’s.

      We’ve had multiple requests for this feature recently and are actively working through the design now. Unfortunately, we don’t have an estimated release date yet.

    7. VNet Peering Limit - INCREASE

      With new concepts like Global VNet Peerings, Virtual Datacenter and Hub-Spoke Topology - VNEt peerings become more and more important.
      Please INCREASE the number of 50x allowed Peerings / Subscription/Vnet

      Many thanks in advance, you are doing a great JOB - keep it UP!
      Catalin

      140 votes
      Vote
      Sign in
      (thinking…)
      Password icon
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      3 comments  ·  Virtual Networks (VNET)  ·  Flag idea as inappropriate…  ·  Admin →
    8. Support VNET re-deployment without destroying subnets

      When you deploy a VNET from an ARM template in incremental mode I would expect omitting the subnet property would not change the subnets since they are child resources. Instead they are destroyed. I think this is inconsistent with all other similar resource types e.g. app service plans and web apps, azure SQL servers and databases, etc... Please make VNETs and subnets deployments consistent.

      https://github.com/Azure/azure-quickstart-templates/issues/2786

      134 votes
      Vote
      Sign in
      (thinking…)
      Password icon
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      under review  ·  5 comments  ·  Virtual Networks (VNET)  ·  Flag idea as inappropriate…  ·  Admin →
    9. Allow the use of a known outbound nat gateway for vnets

      VMs placed in a vnet today with a public ip attached, access the Internet from arbitrary, unknown addresses. This makes it hard to manage access from Azure VMs to backend systems relying on IP-address ACLs. We simply need to know which ip address azure vms use for accessing resources outside the vnet. If I use UDR's with dest 0.0.0.0/0, load balancing in Azure doesnt work. Please give us a configurable NAT gatway per subnet or vnet similar to what aws has.

      93 votes
      Vote
      Sign in
      (thinking…)
      Password icon
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      6 comments  ·  Virtual Networks (VNET)  ·  Flag idea as inappropriate…  ·  Admin →
    10. Multiple Network Security Groups per subnet

      Provide ability to associate multiple Network Security Groups with a single subnet. Right now there is limitation to associate only one NSG per subnet.

      This limits reusability of NSGs which are created at subscription level. We have come across use-cases where multiple subnets have common rules and few subnet-specific rules.

      It will be help a lot in terms of rules management and reusability if it is possible to segregate common rules across subnets in an NSG which can them be applied on a subnet with additional NSGs for subnet specific rules.

      89 votes
      Vote
      Sign in
      (thinking…)
      Password icon
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual Networks (VNET)  ·  Flag idea as inappropriate…  ·  Admin →
    11. Global VNET peering remote gateway and gateway transit support

      Remote gateways and gateway transit are currently not supported with global vnet peering. Is there a plan to support remote gateways in the global vnet peering feature to build a global hub-spoke topology over multipe regions?

      85 votes
      Vote
      Sign in
      (thinking…)
      Password icon
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      8 comments  ·  Virtual Networks (VNET)  ·  Flag idea as inappropriate…  ·  Admin →
    12. Allow to change subnets modification with enabled vnet peering

      Currentl once vnet is deployed and peering is created with another subscription or vnet. Once the peering is set, it is not possible to extend,remove or add another subnets ranges to all vnets which have valid peering configured. For such if you need to modify the subnet, you have to remove the peering (might cause downtime if peering is used), do the subnet modification and recreate the peering again.

      83 votes
      Vote
      Sign in
      (thinking…)
      Password icon
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      under review  ·  3 comments  ·  Virtual Networks (VNET)  ·  Flag idea as inappropriate…  ·  Admin →
    13. update DNS settings for VNET without restart of the VMs to take effect

      Current when we try to update the DNS settings in the VNET or NIC, it required the VMs to be restarted to take effect. But when there are a large amount of VMs under the VNET, it would be a hard work to do so.
      If this process could be simplify so that the restarted of VM will be no longer required, it would be a good news.

      69 votes
      Vote
      Sign in
      (thinking…)
      Password icon
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      6 comments  ·  Virtual Networks (VNET)  ·  Flag idea as inappropriate…  ·  Admin →
    14. Allow transitive network flow between peered VNET's

      if we assume Three networks.

      VNET1 <> VNET2 <>VNET3

      <> denotes vnet peering

      A machine on VNET1 cannot directly see a machine in VNET3

      We would like this facility to enable us to build a network design without having to use vitual network appliances to make this happen.

      58 votes
      Vote
      Sign in
      (thinking…)
      Password icon
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      5 comments  ·  Virtual Networks (VNET)  ·  Flag idea as inappropriate…  ·  Admin →
    15. KMS / RHUI service endpoint

      Could you kindly add service endpoint for KMS and RHUI.
      It will really helpful for managing VMs without SNAT Public IP.

      54 votes
      Vote
      Sign in
      (thinking…)
      Password icon
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual Networks (VNET)  ·  Flag idea as inappropriate…  ·  Admin →
    16. Allow a VM's NIC to use a VNET\Subnet from another Subscription

      Given that the syntax of json deployment templates allows referencing resources by a unique resourceid which includes the guid of the subscription, I would like to create a VM in subscription 'A', whose NIC references a subnet that is part of a VNET in subscription 'B'.

      The reason for this is two-fold:
      1) This would allow a corporate networking function to securely manage all the networking infrastructure in a corporate IT-owned and managed subscription, but allow it to be consumed by line-of-business units, whose subscriptions are restricted (via ARM policies) to not allow the creation of VNETs.
      2) This would…

      50 votes
      Vote
      Sign in
      (thinking…)
      Password icon
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      planned  ·  1 comment  ·  Virtual Networks (VNET)  ·  Flag idea as inappropriate…  ·  Admin →
    17. VM MAC address spoofing

      I wanted to run multiple LXC/LXD containers on a single Linux VM and make them exposed to VNET via a bridged interface to provide services in the private network. That's not possible without VM/VNIC ability of MAC address spoofing. Please support it.

      50 votes
      Vote
      Sign in
      (thinking…)
      Password icon
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      under review  ·  2 comments  ·  Virtual Networks (VNET)  ·  Flag idea as inappropriate…  ·  Admin →
    18. Azure Internal Endpoints to Vnet

      Please provide Azure Services with an Internal Endpoint (a least Azure Storage and Azure Backup) to build up machines without Internet Connection.

      47 votes
      Vote
      Sign in
      (thinking…)
      Password icon
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      3 comments  ·  Virtual Networks (VNET)  ·  Flag idea as inappropriate…  ·  Admin →
    19. Ability to move a NIC from one VNET to another.

      Could we get the ability to detach a NIC from it's current VNET and reattach it to a different VNET? In my case, I accidentally created a new VNET instead of attaching it to a pre-existing one, and it would be more convenient to move it over instead of recreating the NIC.

      39 votes
      Vote
      Sign in
      (thinking…)
      Password icon
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Virtual Networks (VNET)  ·  Flag idea as inappropriate…  ·  Admin →
    20. Azure Security Group

      Azure Security Group (ASG) should have the option to show all the NICs associated with it.

      36 votes
      Vote
      Sign in
      (thinking…)
      Password icon
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      5 comments  ·  Virtual Networks (VNET)  ·  Flag idea as inappropriate…  ·  Admin →
    ← Previous 1 3 4
    • Don't see your idea?

    Feedback and Knowledge Base