Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details
  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details
  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details
  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Support for VNET peering when deploying failover groups

      There is no support for VNET peering when deploying failover groups (one have to create new IPSec VPN tunnels to test failover across regions)

      2 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    2. Backup and restore each network resource configuration settings

      Network resources configuration like VNET, Traffic Manager, Load Balancer, VPN GW, App GW, UDR, NSG, be able to backup and restore by each compornent.
      This would help if configuration ever gets lost, accidentally changes it, corrupt, or we want to recreate a new component and keep some favorite settings.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    3. KMS / RHUI service endpoint

      Could you kindly add service endpoint for KMS and RHUI.
      It will really helpful for managing VMs without SNAT Public IP.

      57 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    4. Add Service Tags to Route Tables/UDR

      Include the ability to add Service Tags to UDRs. We have experienced that while many times services require NSGs to be open for a Service, many users have a default route in the Route Tables to push traffic through network virtual appliances. To circumvent having to put an entire datacenter range IP on UDRs to get services to work, there should be Service Tags in the UDR destination field in order to be able to add specific services the ability to talk to VNET-joined services. A good example of this is API Management. While the team does not support a…

      8 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    5. Network Security Group Rules Export button to CSV in portal

      I would like to have a button in the Portal on the NSG blade to Export all inbound and outbound rules to CSV.

      33 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    6. Add a column to list CIDR ranges currently in use.

      Add a column to list CIDR blocks assigned to each VNET in the Virtual Network Blade. This would provide a quick reference to not overlap CIDR ranges when using multiple VNETS.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    7. allow a user defined route (UDR) to catch smaller routes in one user defined route.

      In a hub / spoke model in which many spokes are created with smaller ip spaces with multiple subnet(s) that need to forward traffic to the hub in exact the same way independent of the spoke, you would have to create specific return udr's to match the size of the subnet else the rule won't work in the hub. (and a 0.0.0.0/0 and a 10.0.0.0/8 wouldn't work / do)

      It would be nice if you could set a flag on a UDR for instance to act as a catch al for multiple spokes. so if I had for instance a…

      18 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    8. Allow VM's to have multiple Public IP's with a single private IP

      We should be able to attach multiple public IP's to a single NIC without having multiple private IP's.

      It is very difficult to configure 3rd party firewalls needing a 1:1 between public IP's and private IP's as far as routing rules go.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    9. Simplify Network Peering across Tenants

      When you need to peer networks across tenants, you need to create a user in each tenant, and then add them as guests to the other tenants. You also need to ensure that the guest users have the appropriate access. This doesn't meet the need-to-know and least-privilege requirements, especially if you don't fully trust the other party. This also makes it incredibly difficult to automate due to the dependency on user accounts.

      Simplify the peering process by allowing both parties to share keys and network ids in order to peer. Allow service principals to create the peers and only connect…

      7 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    10. Utilization

      I need to get the bandwidth utilized per month with cost only for internet traffic in/out from datacenter (**Excluding the VM to VM traffic in/out). It will be helpful for Firewall,WAF,SIEM kind of implementation analysis (if historic usage available for last (1hr,24,7days,30days,,matrix)

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    11. additional VNET Service point for retrieving Linux environments packages

      additional VNET Service point for retrieving Azure certified Linux packages

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    12. Disable BGP Route Propagation for Peered VNETs

      Currently, the BGP Route Propagation for Peered VNETs only affects Routes learned from the Gateway Subnet. For Customer scenarios where all straffic should be forwarded over NVAs, i twould be good if a option to disable propagation from Peered VNETs will be available. Otherwise, multiple static routes are required.

      20 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      3 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    13. Service tag for Azure alert webhooks

      We would like to have a way to whitelist webhook calls from Azure alerts on the NSGs. I have tried using the 'Azure Monitor' service tag, however, it looks like the calls are getting blocked (testing using the Internet service tag which works).

      Could you please let me know if there is a tag for Azure alerts?

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    14. Name display for next hop types

      "The name displayed and referenced for next hop types is different between the Azure portal and command-line tools, and the Azure Resource Manager and classic deployment models."

      This should be changed for intuition. I should be forced to remember multiple names for identical configurations. Azure already has unnecessarily given proprietary names for industry standards.

      Stop making your product unnecessarily difficult to use.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    15. Make sure no new network adapters are created or the new one inherites the values of the pre existing NIC.

      We use DSC to monitor for compliancy. When someone switches the subnet in Azure a new NIC is created in Windows. The networkingDSC resource enables you to rename a NIC so you can monitor it based on a predictable name for monitoring / orchestration purposes. But when a VM is moved to a new Network subnet it creates a new nic and hides the old one in system devices. DSC is then unable to rename the NIC to the same name as it's config due to the old name being in use.... This behavior breaks the goal of eliminating configuration…

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    16. Vnet creation imposes 1 subnet. why not make it optional or allow the creation of all subnet needed at once

      upon creating my vnet I can only 1 subnet. an ADD button would be useful to allow the creation of multiple subnet at one time or make it optional

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    17. There is a bug in firewall settings

      in this page:
      https://portal.azure.com/#@XXXX/providers/Microsoft.Network/networkSecurityGroups/xxxx/overview

      Where I try to change the ip for more that one inbound rule, there is a validation message says that the port is duplicated (although it is not)

      Excepted not to see this message

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    18. Fix summary route's collateral impact on routes within the subnet

      Currently, adding a summary route for a particular address space unexpectedly reroutes what should be direct routes of communication between hosts in a subnet. Adding a summary route should not have any collateral impact on routes within the subnet. Also, routes connecting VNETs have to be created manually -- something that should be achievable automatically.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    19. Delete a network security group: this description is insufficient. please make it better

      Delete a network security group: this description is insufficient. please make it better

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    20. Expand vendor support for Azure virtual network TAP

      Allow Azure virtual network TAP to send collected data to a VM running Suricata, Snort, riverbed etc, not only the current list of vendors.

      9 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      started  ·  1 comment  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    • Don't see your idea?

    Feedback and Knowledge Base