Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details
  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details
  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details
  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Internal vNet endpoints for SQL Databases and Storage Devices to allow private accessible only via Expressroute Gateway

      To justify using Expressroute to "securely" extend the corporate LAN/WAN infrastructure to the cloud.

      Create Internal vNet Endpoints for SQL Databases and Storage Devices to allow private accessible only via Expressroute Gateway.

      Needed to secure sensitive PII, HIPAA, and Company Confidential Databases and storage devices

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    2. Dynamic routing within VNET

      I would like to have the option to dynamically route traffic within a subnet in Azure.
      Example: I have a two VMs acting as tunnel endpoints for 4G<->Network devices. These VMs are connecting to the same endpoints over Internet but use different technologies and have different connection availability. One is fast but unreliable, the other one slow but reliable. This setup is exported from my on premise VMware setup. But for this to work I have to be able to dynamically choose which VM I want to route traffic to, be it using Cisco route tracking or OSPF.

      I've set…

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    3. Exclude networks in the default Tag "Virtual Network" which are defined in UDR

      When we are using the default Tag "Virtual Network" in NSG to make a Rule for intra VNE communication, the UDR networks are automatically included in the default Tag "Virtual Network", e.g. I have defined a UDR as route route / network 0.0.0.0/0, it is included in to default Tag "Virtual Network", then the Tag is useless for intra vnet communication as it contain the network 0.0.0.0/0.

      My Suggestion is to exclude the UDR from default Tag or allow us to make our own Tag. Also when we are creating NSG with multiple destination ip/networks from same source ip/network and…

      4 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    4. Adding multiple NSGs to a NIC

      I have several virtual machines in several different subnets that need to apply a certain set of network security rules. But for each VM there are also their own unique rules. I would like to be able to set multiple NSG for the NIC of each virtual machine. I do not want to copy common rules to each NSG.

      13 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    5. virtual network integration panel is broken (August 2017)

      Hi,

      The section "IP ADDRESSES ROUTED TO VNET" in the App Service Plan/Networking/Virtual Network Integration panel is no longer working.

      This looks like a GUI error. The section is empty - does not show the actual configured routes, and does not provide an input box to add additional routes.

      This affects classic VNets - I do not know about RM Vnets.

      Regards,
      Ben

      2 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    6. Allow to change subnets modification with enabled vnet peering

      Currentl once vnet is deployed and peering is created with another subscription or vnet. Once the peering is set, it is not possible to extend,remove or add another subnets ranges to all vnets which have valid peering configured. For such if you need to modify the subnet, you have to remove the peering (might cause downtime if peering is used), do the subnet modification and recreate the peering again.

      145 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      under review  ·  4 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    7. time protocol

      Network Time - Precision Time Protocol (IEEE 1588 std) support

      Azure should provide a know reference service for a network time protocol such as NTP or preferably for the IEEE 1588 standard Precision Time Protocol, or provide this as an option with the Blockchain service.

      19 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      under review  ·  1 comment  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    8. Allow a VM's NIC to use a VNET\Subnet from another Subscription

      Given that the syntax of json deployment templates allows referencing resources by a unique resourceid which includes the guid of the subscription, I would like to create a VM in subscription 'A', whose NIC references a subnet that is part of a VNET in subscription 'B'.

      The reason for this is two-fold:
      1) This would allow a corporate networking function to securely manage all the networking infrastructure in a corporate IT-owned and managed subscription, but allow it to be consumed by line-of-business units, whose subscriptions are restricted (via ARM policies) to not allow the creation of VNETs.
      2) This would…

      69 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      planned  ·  1 comment  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    9. Allow transitive network flow between peered VNET's

      if we assume Three networks.

      VNET1 <> VNET2 <>VNET3

      <> denotes vnet peering

      A machine on VNET1 cannot directly see a machine in VNET3

      We would like this facility to enable us to build a network design without having to use vitual network appliances to make this happen.

      86 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      8 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    10. Support VNET re-deployment without destroying subnets

      When you deploy a VNET from an ARM template in incremental mode I would expect omitting the subnet property would not change the subnets since they are child resources. Instead they are destroyed. I think this is inconsistent with all other similar resource types e.g. app service plans and web apps, azure SQL servers and databases, etc... Please make VNETs and subnets deployments consistent.

      https://github.com/Azure/azure-quickstart-templates/issues/2786

      189 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      8 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    11. Allow transit routing between ExpressRoute, VPN Gateways, and NVAs by allowing them to peer with BGP and exchange routes.

      Allow transit routing between ExpressRoute Gateways, VPN Gateways, and NVAs by allowing them to peer with BGP and exchange routes. This functionality would give the customer more flexibility in how they lay out their network.

      164 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      12 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    12. VM MAC address spoofing

      I wanted to run multiple LXC/LXD containers on a single Linux VM and make them exposed to VNET via a bridged interface to provide services in the private network. That's not possible without VM/VNIC ability of MAC address spoofing. Please support it.

      56 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      under review  ·  2 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    13. Specify internal IP address during creating VM on Azure Portal

      We cannot specify internal IP address during creating VM on Azure Portal, so it's required to specify IP address after VM creation. We want to specify internal IP address during creating VM on Azure Portal.

      10 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    14. Allow a UDR to specify any routable "next hop" IP address (not limited to the VNet or Region)

      It would be great if a UDR could point to an IP in another region or on-premises via ExpressRoute. The problem today is that If someone invests in a NGFW virtual appliance, it can only be used from the VNet where it exists or others that are peered to it within the same region. A UDR should be able to route to any routable address... why not?

      10 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    15. Ability to move a NIC from one VNET to another.

      Could we get the ability to detach a NIC from it's current VNET and reattach it to a different VNET? In my case, I accidentally created a new VNET instead of attaching it to a pre-existing one, and it would be more convenient to move it over instead of recreating the NIC.

      51 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    16. Offer NAT as a Service

      There is often the need to connect two or more networks with overlapping addresses over a VPN in regulated industries. The address spaces (often 10.0.0.0/8) can't be changed, however a DMZ subnet can be introduced in each network from the 172.16.0.0/12 address space. The DMZ subnets will not overlap between any network.

      Just like the load balancer, make a NAT device a first class function citizen in virtual networking and allow us to define SNAT, DNAT or Full NAT. Feel free to require a dedicated subnet for the device.

      Then make it easier for custom route rules to route traffic…

      274 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      11 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    17. Automatically add Web hosting plan services to virtual network

      I pretty much want to keep storage, SQL database, web app, VMs, and any other service I use within a private network to keep granular control of which services can connect to other services. The "open to all" connection strings to all services is a hard sell to any organization used to securing their IT behind firewalls and networks of networks. Where are you on this today? It must be considered a less secure since these connection strings always tend to leak..

      10 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    18. Allow basic port forwarding in Network Security Groups

      It'd be really nice if Network Security Groups allowed basic port forwarding without the use of Azure Load Balancers. Being able to use an alternate public port for RDP, for example 23456, and directing the traffic to the native port (3389) in the Azure environment via the network group would make things simpler than having to create a load balancer to sit in front of the NSG and VM.

      104 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  3 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    19. Direct Peering of East Asia (Hong Kong) with China Telecom AS4809 next generation backbone

      the Hongkong Datacenter should establish a direct Peering with China telecom's AS4809 next generation backbone.

      Currently the latency to China is ridiculous high with 40-50ms to Shenzhen / Dongguan area which makes it to slow for some real time applications.

      Rackspace Hongkong for example have a direct peering with CT's AS4809 and the latency is just 7-9ms to their datacenter which is perfect.

      8 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    20. Azure Internal Endpoints to Vnet

      Please provide Azure Services with an Internal Endpoint (a least Azure Storage and Azure Backup) to build up machines without Internet Connection.

      47 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      3 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    • Don't see your idea?

    Feedback and Knowledge Base