Networking
The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.
Virtual Network:
Traffic Manager:
Network Watcher:
If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.
-
Exclude networks in the default Tag "Virtual Network" which are defined in UDR
When we are using the default Tag "Virtual Network" in NSG to make a Rule for intra VNE communication, the UDR networks are automatically included in the default Tag "Virtual Network", e.g. I have defined a UDR as route route / network 0.0.0.0/0, it is included in to default Tag "Virtual Network", then the Tag is useless for intra vnet communication as it contain the network 0.0.0.0/0.
My Suggestion is to exclude the UDR from default Tag or allow us to make our own Tag. Also when we are creating NSG with multiple destination ip/networks from same source ip/network and…
4 votesThank you for your suggestion. We are considering this for inclusion in our roadmap.
-
Create a UDR nextHopType VnetPeering
At the moment there is no way to set a UDR route entry nextHopType to Vnet Peering. This makes it cumbersome to overwrite standard routes to force them through for instance a virtual firewall.
For instance, I would like to be able to route a full VNET peered address space to a Virtual Firewall NIC IP, and then make a more specific route for the subnet of the Virtual NIC pointing to VnetPeering. At the moment you will have to keep the standard created address space summary and create multiple specific routes for all the other subnets.
3 votes -
IP and domain restrictions - add posibility to configure it in Portal
Instead of configuring IP and domain access restrictions in web.config like described here: http://azure.microsoft.com/blog/2013/12/09/ip-and-domain-restrictions-for-windows-azure-web-sites/ , it would be nice to add posibility to set restrictions somewhere in Portal.
3 votesThank you for your suggestion. We included this in our roadmap.
-
VNet peering circular dependency reference due to cross 'dependsOn' between the two VNets
When a peering is set up between two vNets, VNET1 and VNET2, there would be two 'dependsOn' properties in the template generated from the Automation script blade of the resource group. VNET1 would depend on VNET2, and VNET2 would depend on VNET1. This causes a circular dependency error and the deployment of the template would fail. If you manually remove the two 'dependsON' properties, the deployment would succeed with the same result. I think that this should be fixed, I found this suggestion in this post : https://techcommunity.microsoft.com/t5/Azure/Does-vNet-peering-cause-a-circular-dependency-error-in/m-p/369823#M3963
3 votes -
IP-in-IP
Provide the ability to unblock IP-in-IP encapsulated packets in a virtual network.
3 votes -
Dynamic routing within VNET
I would like to have the option to dynamically route traffic within a subnet in Azure.
Example: I have a two VMs acting as tunnel endpoints for 4G<->Network devices. These VMs are connecting to the same endpoints over Internet but use different technologies and have different connection availability. One is fast but unreliable, the other one slow but reliable. This setup is exported from my on premise VMware setup. But for this to work I have to be able to dynamically choose which VM I want to route traffic to, be it using Cisco route tracking or OSPF.I've set…
3 votesHi there – we do not currently have a way to do this. However, you could do this via BGP. Thanks for your feedback. We will look into this.
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-bgp-overview
-
Add metrics for routes in route tables
Add metrics for routes to provide an easy way to utilize backup routes in Azure.
3 votes -
ASGs for UDRs
ASGs are wonderful. They decouple ACLs from subnets, and so allow me to segment my application tiers without having to create separate subnets for each tier.
However, the moment I need to use UDRs, I'm back to using subnets for each tier. It would be great to be able to define UDRs for an ASG, so I can decouple routing from subnets just as I can currently decouple ACLs from subnets.
3 votes -
Allow Network Adapter to move to different VNET
Please allow one to move a VM or VM NIC to a different VNET. Its pretty crazy that one of the suggested options is a backup and restore to change the virtual machines network
3 votes -
Need ability to update NIC IP configurations for VMs that are stopped but not deallocated
When attempting to update NIC IP configurations for Azure VMs that are stopped but not deallocated, the update request times out after a long time period and subsequent requests for changes to the VM's NIC configuration fail. Users should be able to make this type of change without a failure or a long time-out period.
2 votesWould you like to create a support ticket related to this? Might be a good option to ensure appropriate checks and balances. We will also look into this in parallel.
-
virtual network integration panel is broken (August 2017)
Hi,
The section "IP ADDRESSES ROUTED TO VNET" in the App Service Plan/Networking/Virtual Network Integration panel is no longer working.
This looks like a GUI error. The section is empty - does not show the actual configured routes, and does not provide an input box to add additional routes.
This affects classic VNets - I do not know about RM Vnets.
Regards,
Ben2 votes -
Create VNETs in their own, dedicated resource group.
A lot of folks report problems deleting a VNET. One thing I found which works is to create the VNET in a dedicated resource group, and then, if you need to delete the VNET, delete the entire resource group. This seems to work. Of course, there are authorization implications, but those should be manageable by assigning rights with service principals at the subscription or individual resource level.
1 vote -
Name display for next hop types
"The name displayed and referenced for next hop types is different between the Azure portal and command-line tools, and the Azure Resource Manager and classic deployment models."
This should be changed for intuition. I should be forced to remember multiple names for identical configurations. Azure already has unnecessarily given proprietary names for industry standards.
Stop making your product unnecessarily difficult to use.
1 voteThanks for sharing the feedback, we’ll review the consistency on the names across all clients to improve on a future iteration.
-
Make sure no new network adapters are created or the new one inherites the values of the pre existing NIC.
We use DSC to monitor for compliancy. When someone switches the subnet in Azure a new NIC is created in Windows. The networkingDSC resource enables you to rename a NIC so you can monitor it based on a predictable name for monitoring / orchestration purposes. But when a VM is moved to a new Network subnet it creates a new nic and hides the old one in system devices. DSC is then unable to rename the NIC to the same name as it's config due to the old name being in use.... This behavior breaks the goal of eliminating configuration…
1 vote -
effectiveNetworkSecurityGroups and effectiveRouteTable to have 'read' rather than 'action' t better integrate with Azure RBAC
The 'Microsoft.Network/networkInterfaces/effectiveRouteTable/action' and 'Microsoft.Network/networkInterfaces/effectiveNetworkSecurityGroups/action' provider actions must rather end with a 'read' to better integrate with Azure RBAC. Customers have to write a new role definition for a reader to just be able to read effective NSG rules (while individual NSGs and NSG rules can be read by a reader). The fact that these two actions end with a 'action' makes a reader not have access to leverage this feature.
1 voteThanks for the feedback, we’ll evaluate the improvement and how to incorporate on a future iteration.
-
Service tag for Azure alert webhooks
We would like to have a way to whitelist webhook calls from Azure alerts on the NSGs. I have tried using the 'Azure Monitor' service tag, however, it looks like the calls are getting blocked (testing using the Internet service tag which works).
Could you please let me know if there is a tag for Azure alerts?
1 vote -
Delete a network security group: this description is insufficient. please make it better
Delete a network security group: this description is insufficient. please make it better
1 voteHi Willem,
Do you mean in the Azure Portal?
Let us know and we will update.
- Anavi N [MSFT]
-
There is a bug in firewall settings
in this page:
https://portal.azure.com/#@XXXX/providers/Microsoft.Network/networkSecurityGroups/xxxx/overviewWhere I try to change the ip for more that one inbound rule, there is a validation message says that the port is duplicated (although it is not)
Excepted not to see this message
1 vote -
make SNAT Flows graph tool available to customers
give customers access to the virtual network SNAT Flows graph tool/data, so that a customer can self determine if a Azure VM using default Internet access is actually successfully communicating outbound to the internet. This is impossible to discern from other Azure tools or conclusively know by running packet captures locally on the VM. Support has access to this tool and data, and was able to confirm for me which ruled that out as a problem, and resulted in correct resolution of the root problem.
1 voteThanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature
-
Add Ability to create a Dynamic Object "Local Subnet" Route in a Route Table
We have a configuration where we want VMs on the same subnet to communicate directly through the virtual network, and VMs on different subnets to communicate through a firewall. We have done this by defining a unique route table for for each subnet.
It would be far more better to have a "Local Subnet" object so that a single route table could be used for all the subnets in a vnet. For example, create a route with Address Prefix as "Local Subnet" with nexthop "Virtual Network".
1 voteVMs in the same subnet already connect directly through the virtual network. Subnets are part of the virtual network. Not sure your ask is clear. Please elaborate on the overall scenario that requires such configuration.
- Don't see your idea?