Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details
  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details
  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details
  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    How can we improve Azure Networking?

    You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

    There are two ways to get more votes:

    • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
    • You can remove your votes from an open idea you support.
    • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
    (thinking…)

    Enter your idea and we'll search to see if someone has already suggested it.

    If a similar idea already exists, you can support and comment on it.

    If it doesn't exist, you can post your idea so others can support it.

    Enter your idea and we'll search to see if someone has already suggested it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Don't strip QOS DSCP markings

      Azure vNets with ExpressRoute should support QOS markings. Ideally the Expressroute circuit should honour and prioritise packets with DSCP priorities set.

      If honouring DSCP is not possible then the values should at least be passed along and not be stripped out.

      We have Azure connected to our internal MPLS network via an Expressroute Exchange provider. (Our MPLS provider is not setup as a Network provider in Azure). Some of our remote sites have congested links however with QOS we ensure all business applications perform well.

      We are now moving some business applications into Azure and getting performance problems due to…

      186 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        2 comments  ·  ExpressRoute  ·  Flag idea as inappropriate…  ·  Admin →
      • IPSec tunnel over ExpressRoute

        We require confidentiality and integrity of our network links into Azure, and want to use ExpressRoute. Currently the Azure gateway ExpressRoute SKU does not support IPSec.

        Can you please add IPSec support to ExpressRoute, or to the Azure gateway Expressroute SKU.

        75 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          planned  ·  8 comments  ·  ExpressRoute  ·  Flag idea as inappropriate…  ·  Admin →
        • Add location Specific BGP community for O365 routes

          O365 subnets over microsoft peering has the application specific community, but it is difficult to understand which location the subnet belongs to, so please add the location BGP community also with the Application BGP community

          60 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            under review  ·  0 comments  ·  ExpressRoute  ·  Flag idea as inappropriate…  ·  Admin →
          • Monitoring of ExpressRoute

            I want to be alerted, when my metered ExpressRoute is reaching a certain limit (that it is cheaper for me to go with unlimited model).
            Overall no monitoring supported to verify if peering is up, how much inbound and outbound traffic is going through the ExpressRoute/Virtual Network Gateway.
            The ExpressRoute is critical and therefore its state needs to be monitored.

            52 votes
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              started  ·  4 comments  ·  ExpressRoute  ·  Flag idea as inappropriate…  ·  Admin →
            • Gray out existing connections so they can't be connected with ExpressRoute.

              Gray out existing connections so they can't be connected with ExpressRoute again and cause an outage.

              Failed to create connection 'ExpressRoute-EUS'. Error: The ExpressRoute connection for Nrp Resource Uri: https://eastus.network.azure.com/subscriptions/GUID/resourceGroups/expressroute-rg/providers/Microsoft.Network/connections/ExpressRoute-EUS2 already exists with a different Nrp Resource Uri:https://eastus.network.azure.com/subscriptions/GUID/resourceGroups/expressroute-rg/providers/Microsoft.Network/connections/US-East2

              "Do not allow redundant ER connection deployments to start. There is currently an error message but no block to starting a redundant connection deployment. This operation causes the circuit to lose connectivity."

              15 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                under review  ·  0 comments  ·  ExpressRoute  ·  Flag idea as inappropriate…  ·  Admin →
              • Allow User-Defined Routes (UDR) to work across ExpressRoute.

                Currently, UDRs are limited to IP addresses which appear in a single peer group of VNETs (i.e., in the same Azure data center location). I would like to have a NextHop to a firewall that can serve multiple regions. The traffic would flow across the ExpressRoute (MPLS-style).

                While most deployments are in a few Azure data centers, there are some which are elsewhere. It is less economical to have a separate firewall instance for each region. With UDR across ExpressRoute (or VPNs), that would be a money saver.

                6 votes
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  0 comments  ·  ExpressRoute  ·  Flag idea as inappropriate…  ·  Admin →
                • create a non-disruptive an Azure VNET address space update to ER

                  create a non-disruptive an Azure VNET address space update to advertise prefixes to expressroute. Currently there is no way to do this without knocking down the connection for a period of time - breaking connectivity between the azure data center and on-premise data center.

                  5 votes
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    0 comments  ·  ExpressRoute  ·  Flag idea as inappropriate…  ·  Admin →
                  • stop letting non-Azure Microsoft networks use BGP routes that Azure learns through ExpressRoute. This easily leads to asymmetric routing.

                    stop letting non-Azure Microsoft networks use the BGP routes that Azure learns through ExpressRoute. This leads to asymmetry in many cases.

                    Also, the current behavior lets bandwidth hungry Microsoft services like Windows Update consume the bandwidth and metered data of ExpressRoute.

                    As of today, companies using ExpressRoute need to set up their network in an unnecessary complicated way to avoid this problem.

                    One way to do it is to only announce a small prefix, and use that prefix for NAT'ing all the traffic destined for Azure services over ExpressRoute.
                    Then one has to make sure that all traffic destined for…

                    4 votes
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      need-feedback  ·  1 comment  ·  ExpressRoute  ·  Flag idea as inappropriate…  ·  Admin →
                    • Allow changing Billing Model for ExpressRoute from Unlimited to Metered with no downtime

                      Currently you can change an ExpressRoute from Metered to Unlimited at any time without any disruption.

                      You should also have the ability to go from Unlimited to Metered at any time without any disruption.

                      3 votes
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        2 comments  ·  ExpressRoute  ·  Flag idea as inappropriate…  ·  Admin →
                      • Separate O365 IP addresses from regional Azure IP address ranges

                        I have an ExpressRoute with Public, Private and MS Peering. Currently Office 365 services are routed via the Public peering.

                        When I activate a BGP community via route filter for MS peering (in my case the community 12076:51009 for Azure Central US), any users accessing 365 services from the Azure Central US region lose all connectivity. This is because the O365 services (such as login.microsoftonline.com or portal.office.com) are served out of Azure datacentres and the ranges overlap.

                        Office 365 services must be authorised over MS peering, and the process is unnecessarily complicated and opaque. Until I manage to get this…

                        3 votes
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          0 comments  ·  ExpressRoute  ·  Flag idea as inappropriate…  ·  Admin →
                        • Monitoring BGP Routes Updates - Routes addition or deletion

                          We are looking for option to monitor BGP Routes which are propagated to Azure Virtual network through ExpressRoute established and managed by network provider, BT . This is to notify network admins when new network is added as BGP Routes in Azure Virtual Network.
                          It would be good if this can be monitored using OMS log analytics. As an alternative option, if route addition is logged as activity log, then it can be used for alerting and notification.

                          3 votes
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            planned  ·  1 comment  ·  ExpressRoute  ·  Flag idea as inappropriate…  ·  Admin →
                          • MS-Azure BGP AS number enable viewing

                            How about enabling the view of the MS-Azure AS number on the portal when configuring Private Peering.

                            1 vote
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              0 comments  ·  ExpressRoute  ·  Flag idea as inappropriate…  ·  Admin →

                              Thank you for the feedback. If I understand correctly, you would like us to display the ExpressRoute ASN on the portal so that you do not have access the documentation when configuring the peer ASN – as an easy reference.

                              Look forward to your response!

                              Jared
                              PM, ExpressRoute

                            • Outbound data transfer Zones - Country wise

                              Hello, Please provide which country comes under which Zones for Outbound data transfer. This will help for correct pricing for customers for zone1, zone2 and zone3

                              1 vote
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                0 comments  ·  ExpressRoute  ·  Flag idea as inappropriate…  ·  Admin →
                              • express route

                                Not sure if this is possible today, but I would like to see an option for public peering to have more granularity on the list of BGP communities so we only advertise services that a customer owns. As far as I can see today, through Microsoft peering we will see all public IP in the selected Azure region including those belonging to Microsoft Azure public services, a customer public IP address and any other customer public IP in that region. That means that lot of traffic is routed through public peering. Wouldn't be better to route traffic through Internet to…

                                1 vote
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  0 comments  ·  ExpressRoute  ·  Flag idea as inappropriate…  ·  Admin →
                                • Don't see your idea?

                                Feedback and Knowledge Base