Networking
The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.
Virtual Network:
Traffic Manager:
Network Watcher:
If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.
-
Route table associated to a Virtual Network
It would be great if a route table can be assigned to Virtual Network level and added to the priority sequence like System Routes -> BGP Routes -> UDR at Virtual Network -> UDR at subnet level
This will allow to move all common routes to be placed at virtual network level and then subnet specific to subnet level.
Or allow nesting of UDR where two route tables can be assigned to one subnet which may be a cummulative routes of combined both.
20 votesHello,
We are not planning on supporting UDR at the VNet level as this introduces additional security concerns. You can currently assign a route table to multiple subnets on a VNet to achieve this affect.
-Allegra [MSFT]
-
Allow to assign custom routes on the VNET level (instead of only subnets)
We configured a custom gateway on Azure. Unfortunately it's not possible to add routes on a VNET level so these routes get applied to all existing and future subnets automatically.
Basically it would be sufficient to be able to assign UDRs to VNETs.
9 votesHi Thomas,
This is not something we’re currently planning due to security concerns it raises.
- Allegra [MSFT]
-
After I configured a Point-to-Site connection to a VNet using native Azure certificate authentication. I can't ping from Client to Azure VM.
After I configured a Point-to-Site connection to a VNet using native Azure certificate authentication. I can't ping from Client to Azure VM.
Help me!1 voteIn order to provide assistance, we need additional information. Please open a support ticket through the Azure Support Portal.
Regards,
Ali Zaman -
Accelerated networking for all SKUs in a SKU family
Accelerated networking, and more generically: all features of a SKU family, should be supported across all SKUs in a SKU family. With the current limitations based on the number of cores of a SKU in supported SKU families, we have to develop lgoic in a wrapper around Terraform to see when we can just resize a SKU and when we need to recreate it.
1 voteHi Steven,
Although this would be convenient, it is difficult to enforce uniformity across SKU families without further restricting the use of accelerated networking to only SKU families where all SKU’s can use accelerated networking.
-Allegra [MSFT]
-
Create peering to a VNET before the VNET exists
An example:
Terraform script that creates a complete test environment.
As part of that creation, it needs to access to another vnet that acts as a gateway via peering otherwise the deployment will fail.
The peering from the remote vnet can't be configured until the new vnet exists.That means either breaking the Terraform script into multiple parts, watching the deployment and adding the peering once the new vnet exists or giving the script the ability to create the remote peering which breaks the permissions model.
The ability to create a peering to a VNET before it is created in…
4 votesHi Gary,
VNet Peering is a property of the VNet. It cannot exist until the VNet exists.
Apologies for the inconvenience as we are not planning to change this design.
-Anavi N [MSFT]
-
Allow basic port forwarding in Network Security Groups
It'd be really nice if Network Security Groups allowed basic port forwarding without the use of Azure Load Balancers. Being able to use an alternate public port for RDP, for example 23456, and directing the traffic to the native port (3389) in the Azure environment via the network group would make things simpler than having to create a load balancer to sit in front of the NSG and VM.
107 votesHi Will,
Thanks for sharing this idea – right now we’re not planning on adding this feature since the role of the NSG is exclusively to filter traffic.
-Allegra [MSFT]
-
Azure VM NIC in Promiscuous Mode
Some of the legacy system virtualization software require VM NICs to be configured in "Promiscuous Mode" to operate correctly.
https://stromasys.atlassian.net/wiki/display/DocCHAXPv47W/Networking
This feature would help us run those platforms on Azure. Can Azure VMs enable this feature? There is very little documentation on this aspect - Is promiscuous mode available and supported?
1 vote -
Rename VNET
Be able to rename a VNET (changing name only) without having to suppress all VM's and recreate them after...
114 votesName is a unique identifier, hence not allowed to be modified, this is true for all top level resources not just VNet.
— Narayan [MSFT]
-
Virtual Network Gateway Hours - Pay only for what you use
I just notice, Virtual network gateway hours is not pay when use. Once you create the gateway and extend the Azure virtual network to your premise, it starts to charge no matter what it's connect or disconnect.
From pricing detail, $0.05 per connection-hour (~$38/month).
So, even I shutdown my premise router overnight, I still need to spend min $38 monthly. It is not really "Pay only for what you use".
1 voteHi, Alex,
There are two charges related to the Azure VPN service: the compute resource charge at $0.05/hour, and the egress data volume charge. Both are based on resource consumption, Unfortunately, even if the VPN tunnels are not connected, the gateway compute resource is still being consumed.
The charge is based on business review and common industry practice. We will consider providing the functionality to “STOP” a gateway if the customer is certain that the gateway will not be in use. If this is the request, please open another item and we will track that feature ask accordingly.
Thanks,
Yushun [MSFT] -
ICMP Support for Azure Websites, Roles, Cloud Services
Need support for ICMP features like Ping in Azure Websites, Azure Mobile Services thru node.js, Web/Worker Roles/Cloud Services.
874 votesUnfortunately ICMP presents risks and problems for our underlying network infrastructure. However, we do understand the utility of being able to ping and we ourselves use TCP level applications to ping between services or the Internet, such as TCPING.
-
Support Multicast within Virtual Networks
Allow Multicast operations within the virtual networks for IaaS
139 votes -
Allow multiple routes with weighting for the same address prefix
I'd like to be able to add the same address prefix multiple times in a route table with weighting differing next hops for DR reasons.
3 votesThanks for sharing your feedback
For Highly Available configuration, we recommnend using Standard Load Balancer with HA ports configuration.
UDR with same prefix would require an orchestration to swich the preference in order to change the routing behavior, this might give you un-expected downtimes.
-
enable secondary private ip access internet
programs using second ip cannot access internet
please allow second ip have same nat rule like primary ip1 voteWe will not be adding this functionality for secondary private IPs. To have internet connectivity, we reccomend adding a public IP address or using a Load balancer: https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-multiple-ip-addresses-powershell#add
-
Add information covering scaling.
How much throughput can a VNET handle? How do you monitor that? Guidance on this topic would be helpful.
1 voteHi Zack, VNet doesn’t impose any throughput limitations. VNet is simply a logical boundary to isolate your environment in the cloud. Throughput restrictions would come into play with other resources such as VMs. You can find those here: https://docs.microsoft.com/en-us/azure/virtual-network/virtual-machine-network-throughput
-
New Small size template with multiple NICs
It is not allowed to have more than 2 NIC for small size VM. Create new VM template group with NICs as central resource or add Small size templates to existing groups with more NICs.
3 votes -
Decouple vNIC count from VM Size
For people wanting to use Virtual Firewall Appliances, the amount of vNICs a Virtual Server type offers is the key consideration for how many backend subnets one can place behind the firewall.
The existing Azure practice of scaling of a VM type/size to get additional vNICs is therefore problematic for the following reasons.We have to oversize our VM to get the amount of vNICs required. We pay for more CPU and RAM resources than we actually require.
Firewall vendors often license the appliances based on CPU Count. Because we had to oversize our VM, we now have to purchase…
19 votes -
Affinity Group Missing
Hi Gents,
The Affinity Group - or my vnet is missing when creating a cloud service. How do you expect me to assign my cloud services to my vnet (Affinity Group) if it is missing from the Azure Portal?
I had to use power shell and am now running into address issues.
1 voteVNet is scoped to a region. It accepts deployments that are tied to an affinity group, as long the affinity group is in the same region as the VNet. The new Ibiza portal does not support cloud services concept.
-
Virtual Network Gateway
I believe that route based Virtual Network Gateways are created as GatewaySKU = Basic by the new Azure Portal but billed as GatewaySKU = Standard.
I created a new Virtual Network Gateway through the new Azure Portal and then checked the GatewaySKU via Azure PowerShell. It showed the SKU being Basic but according to the Portal I was being billed the Standard GatewaySKU rate.
I was able to fix the billing by first changing the GatewaySKU via PowerShell to Standard and then immediately back to Basic.
1 voteYou should not be seeing this behavior. If it happens again, please open a support ticket through the Azure Portal so that we may investigate why this is happening.
Thanks,
Bridget [MSFT] -
Move Azure Network to Resources Groups or Subscription
Would be great if we can move networks to new Resources Groups or move networks to another subscription. We have 4 subscriptions to organize the costs, but now we can't move the Networks.
64 votes -
Allow Subnet and VNETs to reside in different resource groups
In our design, we are attempting to share a single vnet to be used by each department/tenant. In this model, each tenant gets a small subnet provisioned from the overall vnet address space. Unfortunately, we must create the subnet separately since it is owned by the vnet which belongs to another resource group.
Alternatively, you could allow subnets to have their own resource group similar to nics.
24 votes
- Don't see your idea?