Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details
  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details
  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details
  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Offers BGP prefix/route summary at Microsoft Enterprise Edge (MSEE) ExpressRoute routers

      There is an urgent business need to summarize BGP prefix/route at MSEEs before being propagate to its peers at remote sites i.e. Cloud Gateway Access (CGA) routers in relation to Express Route service (as there is vary limit of allowable prefix entry set at remote CGA routers i.e. default 20 in some case).

      This BGP prefix summarization helps reduce the need of large number of prefix entries to be broadcasted from Azure to CGA especially for business case that have large number of spoke VNETs (Hub and Spoke model) leveraging on granular address space of a large prefix.

      For example,…

      230 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  ExpressRoute  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    2. Don't strip QOS DSCP markings

      Azure vNets with ExpressRoute should support QOS markings. Ideally the Expressroute circuit should honour and prioritise packets with DSCP priorities set.

      If honouring DSCP is not possible then the values should at least be passed along and not be stripped out.

      We have Azure connected to our internal MPLS network via an Expressroute Exchange provider. (Our MPLS provider is not setup as a Network provider in Azure). Some of our remote sites have congested links however with QOS we ensure all business applications perform well.

      We are now moving some business applications into Azure and getting performance problems due to…

      221 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  ExpressRoute  ·  Flag idea as inappropriate…  ·  Admin →
    3. IPSec tunnel over ExpressRoute

      We require confidentiality and integrity of our network links into Azure, and want to use ExpressRoute. Currently the Azure gateway ExpressRoute SKU does not support IPSec.

      Can you please add IPSec support to ExpressRoute, or to the Azure gateway Expressroute SKU.

      140 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      planned  ·  11 comments  ·  ExpressRoute  ·  Flag idea as inappropriate…  ·  Admin →
    4. Allow changing Billing Model for ExpressRoute from Unlimited to Metered with no downtime

      Currently you can change an ExpressRoute from Metered to Unlimited at any time without any disruption.

      You should also have the ability to go from Unlimited to Metered at any time without any disruption.

      84 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      7 comments  ·  ExpressRoute  ·  Flag idea as inappropriate…  ·  Admin →
    5. BGP Filters on Private Peering

      Can we expand BGP filtering into Private peering? That will enable us filtering unnecessary traffic and also filter incoming onPrem networks into Azure VNET. Furthermore , that will provide summarisation of on Prem routes into VNETs thus less UDRs if you wanted to route all traffic via NVA

      79 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      under review  ·  7 comments  ·  ExpressRoute  ·  Flag idea as inappropriate…  ·  Admin →
    6. Add location Specific BGP community for O365 routes

      O365 subnets over microsoft peering has the application specific community, but it is difficult to understand which location the subnet belongs to, so please add the location BGP community also with the Application BGP community

      60 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      under review  ·  0 comments  ·  ExpressRoute  ·  Flag idea as inappropriate…  ·  Admin →
    7. Monitoring of ExpressRoute

      I want to be alerted, when my metered ExpressRoute is reaching a certain limit (that it is cheaper for me to go with unlimited model).
      Overall no monitoring supported to verify if peering is up, how much inbound and outbound traffic is going through the ExpressRoute/Virtual Network Gateway.
      The ExpressRoute is critical and therefore its state needs to be monitored.

      58 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      started  ·  4 comments  ·  ExpressRoute  ·  Flag idea as inappropriate…  ·  Admin →
    8. Distribution Percentage by Service of ExpressRoute with Microsoft Peering

      I need the ability to granularly monitor the percentage of total bandwidth used by services on my ExpressRoute links. I have Microsoft Peering with no private \ public peering. I want to know what percentage of the ExpressRoute is consumed by O365 vs. PaaS vs. IaaS and from what I can tell the ability to do that does not exist. I’ve tried NSG flow logs on my edge NVAs to answer the IaaS question but I still need to understand the percentages used by the remaining services for showback \ chargeback.

      NPM bandwidth distribution only works with private peering, not…

      54 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  1 comment  ·  ExpressRoute  ·  Flag idea as inappropriate…  ·  Admin →
    9. BGP - Ability to control the Advertised routes

      Currently in a Hub and Spoke scenario if we pretend to have the Spoke VNET announced in the ER by BGP we need to peer them to the Hub VNET using it as a remote gateway subnet.
      The problem is that from this moment on all network are visible on the routing table and if we pretend to control the traffic with a Routing/Firewall appliance it's very difficult to control the traffic from the subnets allowed to communicate between themselves and On Prem networks.
      With a small scenario is easy to achieve with UDR manipulation but for large scenarios like…

      50 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  ExpressRoute  ·  Flag idea as inappropriate…  ·  Admin →
    10. Allow separate VLAN tags when peering to ExpressRoute circuits

      Currently ExpressRoute requires two client subnets, but restricts these to the same VLAN tag. It would be helpful if each of these VLANs could be tagged individually.
      e.g. currently I can specify "172.16.1.0/30" as the primary and "172.16.2.0/30" as the secondary but they have to have the same ID

      41 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  2 comments  ·  ExpressRoute  ·  Flag idea as inappropriate…  ·  Admin →
    11. Allow User-Defined Routes (UDR) to work across ExpressRoute.

      Currently, UDRs are limited to IP addresses which appear in a single peer group of VNETs (i.e., in the same Azure data center location). I would like to have a NextHop to a firewall that can serve multiple regions. The traffic would flow across the ExpressRoute (MPLS-style).

      While most deployments are in a few Azure data centers, there are some which are elsewhere. It is less economical to have a separate firewall instance for each region. With UDR across ExpressRoute (or VPNs), that would be a money saver.

      29 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  ExpressRoute  ·  Flag idea as inappropriate…  ·  Admin →
    12. Request planned maintenance notification for ExressRoute at least 2 weeks ahead

      Request planned maintenance notification for ExressRoute at least 2 weeks ahead

      18 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  ExpressRoute  ·  Flag idea as inappropriate…  ·  Admin →
    13. Ability to delete a Public IP on ExpressRoute Gateway

      I request for an ability to delete Public IP on ExpressRoute Gateway.
      It would be great if I can delete a Public IP assigned to ExpressRoute Gateway due to enhanced security.
      I understand the VPN Gateway needs public IP to connect with onpremises VPN device, but I think it is unnecessary for the ExpressRoute Gateway since it is a closed network.
      If the ExpressRoute gateway doesn't have a Public IP, we can reduce the risk of unexpected inbound traffic from the Internet.

      17 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  ExpressRoute  ·  Flag idea as inappropriate…  ·  Admin →
    14. Gray out existing connections so they can't be connected with ExpressRoute.

      Gray out existing connections so they can't be connected with ExpressRoute again and cause an outage.

      Failed to create connection 'ExpressRoute-EUS'. Error: The ExpressRoute connection for Nrp Resource Uri: https://eastus.network.azure.com/subscriptions/GUID/resourceGroups/expressroute-rg/providers/Microsoft.Network/connections/ExpressRoute-EUS2 already exists with a different Nrp Resource Uri:https://eastus.network.azure.com/subscriptions/GUID/resourceGroups/expressroute-rg/providers/Microsoft.Network/connections/US-East2

      "Do not allow redundant ER connection deployments to start. There is currently an error message but no block to starting a redundant connection deployment. This operation causes the circuit to lose connectivity."

      15 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      under review  ·  0 comments  ·  ExpressRoute  ·  Flag idea as inappropriate…  ·  Admin →
    15. IPFIX/NetFlow export for traffic visibility

      Give ability for Express Route traffic to be visualized by a IPFIX/Netflow tool. i.e. Solarwinds NetFlow, LiveAction LiveNX etc.

      15 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      under review  ·  1 comment  ·  ExpressRoute  ·  Flag idea as inappropriate…  ·  Admin →
    16. Grant the ability to add and advertise static routes from an Express Route gateway

      We have a scenario where we would like to use an NVA as a gateway in between both our on premise and Express Route connected VNETs and a new VNET that is not directly peered with the Express Route gateway VNET.
      On Premise/Peered VNETS <----> ExprRt VNET<----> NVA VNET<---->NEW VNET
      Since the NEW VNET is not peered with the ExprRT VNET, the address space is not advertised down the express route to the on premise environment. We would like the ability to both add and advertise static routes from the express route gateway or via a UDR attached to the…

      12 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  ExpressRoute  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    17. Microsoft Peering - Route Filter for Azure SQL

      Existing Microsoft peering (ExpressRoute) does not have route-filter for database,. SQL services similar to Microsoft.sql service endpoints.

      This will be needed for corporate/enterprise that want to differentiate ExpressRoute for PaaS and Office365, since there are overlapping routes between these 2 services

      Microsoft O365
      https://support.office.com/en-us/article/office-365-urls-and-ip-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2

      Azure DC public IP
      https://www.microsoft.com/en-sg/download/details.aspx?id=41653

      12 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  ExpressRoute  ·  Flag idea as inappropriate…  ·  Admin →
    18. Allow Bandwidth Traffic restriction (shaping) at VNET and/or VM layers to prevent maxing out Expressroute/MPLS for large data dumps

      We would like to control what VNET or individual VM's have for bandwidth over our Express Route. We have some large data dumps to Azure that overwhelm our ExpressRoute and our MPLS. So if we can pick a VM where it is going and only allow it to use say 30Mbps of bandwidth on the Express Route, it wouldn't use the whole 100Mbps that we have subscribed to for Azure. I would like to see it be a value that you can enter, versus a dropdown because it would be more customizable to certain situations. Same thing with a Vnet,…

      10 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  ExpressRoute  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    19. Monitoring BGP Routes Updates - Routes addition or deletion

      We are looking for option to monitor BGP Routes which are propagated to Azure Virtual network through ExpressRoute established and managed by network provider, BT . This is to notify network admins when new network is added as BGP Routes in Azure Virtual Network.
      It would be good if this can be monitored using OMS log analytics. As an alternative option, if route addition is logged as activity log, then it can be used for alerting and notification.

      9 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      planned  ·  1 comment  ·  ExpressRoute  ·  Flag idea as inappropriate…  ·  Admin →
    20. Please make dev.azure.com (IP I see is 13.107.6.183) to be accessible via Microsoft peering over an ExpressRoute connection.

      Would help make the case to move away from TFS if the path to get to the website is via a low latency, more predictable network path away from the (sometimes variable) internet connection many organisations have.

      7 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  ExpressRoute  ·  Flag idea as inappropriate…  ·  Admin →
    ← Previous 1 3
    • Don't see your idea?

    Feedback and Knowledge Base