Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details
  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details
  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details
  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    How can we improve Azure Networking?

    You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

    There are two ways to get more votes:

    • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
    • You can remove your votes from an open idea you support.
    • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
    (thinking…)

    Enter your idea and we'll search to see if someone has already suggested it.

    If a similar idea already exists, you can support and comment on it.

    If it doesn't exist, you can post your idea so others can support it.

    Enter your idea and we'll search to see if someone has already suggested it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Azure Loadbalancer must delete unhealthy VM of Azure VMSS

      I have create Azure VMSS behind Public Azure Std LB with HTTP based Health Probe. Azure Loadbalancer is working as per expectation. But If VM is unhealthy then it must be deleted or re-provisioned. So that machine can attain healthy state again.

      98 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      7 comments  ·  Load Balancing  ·  Flag idea as inappropriate…  ·  Admin →
    2. allow custom host header for azure load balancer health probes

      HTTP health probes for Azure load balancer are hard-coded to use the IP of backend as their host headers. This forces the backend hosts have to be configured to allow its IP as one of its allowed domain. It's very surprising that Azure doesn't custom host header for HTTP(s) health probes. Please add custom headers for HTTP(s) heath probes; at least, host header support should be there.

      38 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Load Balancing  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    3. TLS termination of TCP/TLS traffic

      It would be useful for Azure Load Balancer to support TLS termination / offloading when using TCP/TLS traffic.
      Application Gateway can do it for HTTPs traffic but there is no way to do it for other protocols based on TLS.
      AWS can do it with the Network Load Balancer tier of AWS Elastic Load Balancing.

      25 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Load Balancing  ·  Flag idea as inappropriate…  ·  Admin →
    4. Allow ESP traffic through Azure Loadbalancer

      Azure Load Balancer, for external connections, can support only TCP (Protocol ID “6”) or UDP (Protocol ID “17”).

      It cannot support protocols like ICMP (Protocol ID “1”). As an example, also IPSec (and VPN using it) is not supported since you should open UDP port 500 (that is fine) and permit IP protocol numbers 50 and 51. UDP Port 500 should be opened to allow Internet Security Association and Key Management Protocol (ISAKMP) traffic to be forwarded through Azure Load Balancer. IP protocol ID 50 should be set to allow IPSec Encapsulating Security Protocol (ESP) traffic to be forwarded. Finally,…

      15 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Load Balancing  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    5. Allow Internal Load Balancer Internet Access

      In an Internal Azure Load Balancer {Standard SKU}, VMs within the Load Balancer do not have internet access except:
      1) If they have a public IP address
      2) If they are part of a public Load Balancer
      3) If they have load balancer rules statically configured.

      There are instances that VMs may need access to the internet as 'internal' servers may need internet access.

      I think there should be an option for "Allow VMs in this Internal LB to access the internet" on the internal load balancer. This would allow security checks for public certificate validation or other tests that…

      12 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Load Balancing  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    6. VM scale set does not work with internal standard sku Azure load balancer backend pool

      It would be great if allowing Selection of VMs within scale set for standard SKU Load balancer backend pool.

      the feature does exist in Basic only , yet in Standard not. even though it is mentioned in the documentation it supports it. https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-standard-overview#why-use-standard-load-balancer

      Currently, we can associate a public facing load balancer with VM scale set when creating a scale set on the Azure portal. But if we create an internal standard load balancer and a scale set separately. We could not select this scale set as backend pool.

      23 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Load Balancing  ·  Flag idea as inappropriate…  ·  Admin →
    7. Azure standard loadbalancer - force all UDP traffic bidirectionally back over the LB

      Currently a single specific session with the same source and destination port on UDP will be routed correctly. But when the system behind the loadbalancer stars creating multiple sessions with the same destination port but different source ports (Random) it will be routed directly back bypassing the loadbalancer fully. This breaks functionality for certain UDP based designs....

      Please make it possible to route the traffic always via the loadbalancer

      6 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Load Balancing  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    8. Ping should be Enabled in Load Balancers

      Ping should be enabled in Load balancer. There should be option to enable/Disable ping Via Load Balancer. If someone don't want ping then keep disable this option.

      7 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      3 comments  ·  Load Balancing  ·  Flag idea as inappropriate…  ·  Admin →
    9. Add the option of outbound rule on Azure portal

      When we want to set the outbound rule for Azure load balancer, there are just two methods to configure that : One is Resource Explore; Another is Azure CLI. The configuration methods recorded in below document:
      https://docs.microsoft.com/en-au/azure/load-balancer/load-balancer-outbound-rules-overview
      But neither good enough for deployment . Please kindly add this function on portal.

      10 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Load Balancing  ·  Flag idea as inappropriate…  ·  Admin →
    10. standard internal loadbalancer

      Access to public address does not work for standard internal loadbalancer (according to MS by design). In order to be able to access public resources a public IP need to be assigned.
      However there are cases where public IP should not be assigned to allow only private traffic. There are two services which however require (via UDR) access to public.
      Reaching the KMS license server (Windows) and Redhat repositories (for both the recommendation is to use UDR).
      So access to those services is not possible once you do a standard internal loadbalancer and your policy prohibits use of public IP. …

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Load Balancing  ·  Flag idea as inappropriate…  ·  Admin →
    11. Provide rapid failover away from unhealth and/or removed VMs from the Load Balancer backend pool

      Presently, the Standard SKU Load Balancer takes up to several minutes to stop sending traffic to backend VMs which have been identified as unhealthy by Health probes and/or have been manually removed from a backend pool through a configuration change.

      This delay prevents using the Load Balancer as an SLA/availability solution and is counter-intuitive. A preferable design would be to immediately cease sending any additional traffic to an unhealthy VM once it has been marked as unhealthy (unless it is the only VM in the backend pool.)

      6 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Load Balancing  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    12. Azure SLB: suggestion for display of frontend ip addresses

      On the portal, we can see public IP address which is assigned to each VM in "overview" of VM resource.
      If VM is bound to loadbalancing rule or inbound NAT rule of SLB, SLB's frontend IP address is displayed in "Public IP address" field.

      However, even if SLB has multiple frontend addresses, not all public addresses are not displayed, but only a single public address is displayed in this field. Sometimes it confuses operators. Please consider to modify this like below:

      - not to display any frontend IP address of SLB in "Public IP address" field
      or
      - display all…

      0 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Load Balancing  ·  Flag idea as inappropriate…  ·  Admin →
    13. Load Balancer and Public IP SKU.

      There must be an option of Upgrading Public IP SKU from Basic to Standard without losing Static PIP as it is a creating a big road block when we do any planning like moving existing PIP behind any NVA Standard Load balancer.
      If any existing Production Server are already running on Basic PIP then it is very tough to make any decisions to upgrade SKU or move it behind any Standard ELB.

      Need suggestion here how and till what time we can overcome here.

      4 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Load Balancing  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    14. Support for ping/UDP probe for ALB

      Hello Team,

      I add this idea on behalf of my customer, who has this user scenario as below:

      Based on the current design, https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-custom-probe-overview#types, Azure Load balancer does not support UDP health probes (only HTTP, HTTPs & TCP are supported).
      Hence to load balance a UDP service, a dummy application needs to be created on the Virtual machine to mark the backend service as Healthy

      Please advise if it's feasible to add one of the following options:
      1) ICMP health probe
      2) An option to mark the service ‘always up’ (let the user decide how to check whether the…

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Load Balancing  ·  Flag idea as inappropriate…  ·  Admin →
    15. Active/Standby mode for a Backend Pool on a Load Balancer

      You select one device to be active in the backend pool and another to be standby. If the primary fails then the secondary becomes active. This would work great with other vendors Firewall NVA appliances running in Active/Standby scenario.

      40 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Load Balancing  ·  Flag idea as inappropriate…  ·  Admin →
    16. HA Port feature should support stateless load balancing.

      The objective is to support two types of scenarios
      1. Active-Passive firewalls.
      Currently if the active firewall fails the LB keeps sending the data to dead firewall and the existing TCP sessions times out causing the disruption/outage to the user traffic. However, if the LB simply diverts the traffic to the newly Active firewall without worrying about state, the disruption or outage to the user will not have to experience any termination, because normally most Active-Passive firewall implementation session states are shared between the pair. This will mean that there is no outage during Azure maintenance windows. This means no…

      45 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      3 comments  ·  Load Balancing  ·  Flag idea as inappropriate…  ·  Admin →
    17. Global Anycast Load Balancer

      Enable Load Balancer to serve multiple regions via a single global IP using anycast. GCP does this today. In Azure, you must use Traffic Manager and manually configure for the same effect. Also TM doesn't validate HTTPS while LB can.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Load Balancing  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    18. add support for internal loadbalancers on vm scalesets

      We don't want to use the external loadbalancer in a scaleset, we've got our own firewall setup in Azure and want the scaleset behind it, but with an azure internal loadbalancer.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Load Balancing  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    19. Allow Basic Port Forwarding With Network Load Balancer for all Services

      Azure Network Load Balancer should support basic port forwarding, many customers have firewall rules that block PaaS Services. Today you can create a port forwarder with NLB, but only to its supported endpoints. Ideally you could forward to any Azure hostname or IP address.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Load Balancing  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    20. Paas service: How to check on portal if instance is active in load balancer or not

      Is there is any Azure Metric that is emitted whenever a resource is taken out of load-Balancer ? I am looking for a better method than IIS logs for this as going to IIS logs every time is quite slow and not very practical as we go to do testing on various resources.

      I understand if there is current limitation to not expose this via Portal (which I think should be exposed : a future feature request), However I would appreciate if there is any metric that we can sign up to know this detail.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Load Balancing  ·  Flag idea as inappropriate…  ·  Admin →
    ← Previous 1 3
    • Don't see your idea?

    Feedback and Knowledge Base