Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details
  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details
  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details
  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Azure Security Group

      Azure Security Group (ASG) should have the option to show all the NICs associated with it.

      62 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      6 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    2. Route table associated to a Virtual Network

      It would be great if a route table can be assigned to Virtual Network level and added to the priority sequence like System Routes -> BGP Routes -> UDR at Virtual Network -> UDR at subnet level

      This will allow to move all common routes to be placed at virtual network level and then subnet specific to subnet level.

      Or allow nesting of UDR where two route tables can be assigned to one subnet which may be a cummulative routes of combined both.

      20 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    3. Integrating App service on the exsiting VNET that already has static (or dynamic) IP.

      I want to integrating App service on the exsiting VNET that already has static (or dynamic) IP.

      31 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  1 comment  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    4. Multi Tenant, Service Endpoint, vNet Peering, Subnet Whitlisting

      We have had a use case that could not be implemented due to the functionality not being available, We have a Multi-Tenant Alliance of Companies that require interoperability in regards to network access,

      Use Case:
      Tenant 1 :-
      Subscription,
      CosmosDB with Vnet with CosmosDB Service Endpoint

      Tenant 2 :-
      Subscription,
      VPN vNet with CosmosDB Service Endpoint

      We have managed to get both virtual network Globally vNet Peered via resourceID, however, cannot get the external tenant vnet subnet whitelisted within the cosmosdb due to it not being implemented yet.

      Confirmed with MS support to raise a Azure Network Improvement

      44 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    5. 54 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    6. Cross-subscription VNet (Shared VNet)

      A virtual network that spans subscriptions. Multiple different subscriptions can deploy to the same virtual network in a region.

      If you are interested in this feature, please up-vote and add details about your company/scenario.

      We appreciate the feedback.

      - VNet Team [MSFT]

      28 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      need-feedback  ·  1 comment  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    7. KMS / RHUI service endpoint

      Could you kindly add service endpoint for KMS and RHUI.
      It will really helpful for managing VMs without SNAT Public IP.

      57 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    8. Network Security Group Rules Export button to CSV in portal

      I would like to have a button in the Portal on the NSG blade to Export all inbound and outbound rules to CSV.

      36 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    9. wants to make my custom service tags for network security group

      Is it possible to create and add our own service tag mapping to multiple ip address ranges? These days, we need to have our own service tag for outside cloud vendor's service such as payment or customer review.

      10 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    10. Enable "vNet peering" as UDR next hop

      Enable "vNet peering" as UDR next hop. Currently if you have a large range, a /16 for example, set in a UDR with a next hop of an NVA it is not possible to override or point a single subnet, for example a /24, in the /16 at the vNet Peering. This would be useful to bypass an NVA for certain subnets or IPs.

      6 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    11. Add Service Tags to Route Tables/UDR

      Include the ability to add Service Tags to UDRs. We have experienced that while many times services require NSGs to be open for a Service, many users have a default route in the Route Tables to push traffic through network virtual appliances. To circumvent having to put an entire datacenter range IP on UDRs to get services to work, there should be Service Tags in the UDR destination field in order to be able to add specific services the ability to talk to VNET-joined services. A good example of this is API Management. While the team does not support a…

      18 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    12. Allow NVAs etc... to establish BGP session directly with VNETs

      To make HA scenarios a lot simpler with NVAs that support BGP (which most of them do nowadays) each VNET should allow you to establish a BGP session directly with it so you can advertise and learn routes dynamically straight to the VNET.

      This would help so many HA scenarios and also making sure traffic flows are symmetric a lot simpler by using BGP local preference, AS Path and Weight attributes.

      Perhaps this could be enabled via a VNET service endpoint on your VNET as required?

      5 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    13. NSG service tag for AzureBastionSubnet

      When implementing complicated access controls inside a virtual network, we always need to allow connections from AzureBastionSubnet of the virtual network.

      It would be nice we have AzureBastionSubnet service tag which automatically describes a specific Azure Bastion subnet for each virtual network where resources NSG attached reside in.

      6 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    14. Allow us to view the effective route for an Subnet without requiring an Interface inside of the subnet.

      Currently in order to view the effective routes for a subnet you need to have some kind of network interface inside of the subnet. I find that sometimes I need to view the routing table for a subnet, but it doesn't contain any VMs. Could you add functionality to allow us to view the effective routes without having to provision anything inside of it?
      My use case is that I host ILB ASEs in dedicated subnets, but I can't view the routing table because there are no VMs inside of it.

      63 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      7 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    15. Support Longest Prefix Match in VNet Peering

      Allow VNet Peering between two VNets that may have overlapped IPs by supporting Longest Prefix Match in routing.

      4 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    16. Disable BGP Route Propagation for Peered VNETs

      Currently, the BGP Route Propagation for Peered VNETs only affects Routes learned from the Gateway Subnet. For Customer scenarios where all straffic should be forwarded over NVAs, i twould be good if a option to disable propagation from Peered VNETs will be available. Otherwise, multiple static routes are required.

      23 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      4 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    17. Add a preference route or cost when exist two or more route for the same destinations

      The client does not always have BGP options on their local firewall and traffic can go through one tunnel or the other. With the option of setting the priority helps and solve the problem.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    18. ASGs for UDRs

      ASGs are wonderful. They decouple ACLs from subnets, and so allow me to segment my application tiers without having to create separate subnets for each tier.

      However, the moment I need to use UDRs, I'm back to using subnets for each tier. It would be great to be able to define UDRs for an ASG, so I can decouple routing from subnets just as I can currently decouple ACLs from subnets.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    19. allow a user defined route (UDR) to catch smaller routes in one user defined route.

      In a hub / spoke model in which many spokes are created with smaller ip spaces with multiple subnet(s) that need to forward traffic to the hub in exact the same way independent of the spoke, you would have to create specific return udr's to match the size of the subnet else the rule won't work in the hub. (and a 0.0.0.0/0 and a 10.0.0.0/8 wouldn't work / do)

      It would be nice if you could set a flag on a UDR for instance to act as a catch al for multiple spokes. so if I had for instance a…

      18 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    20. Built-in policy to audit VNet rules / usage of service endpoints

      Built-in policy to audit VNet rules / usage of service endpoints

      More and more services in Azure have the ability to use service endpoints (e.g. Azure SQL Database, Azure Storage Account, Azure Data Lake, ...)

      This is necessary to fulfill IT-Security requirements and helps to restrict the access to critical Azure service resources from only specific virtual networks.

      At the moment there is no built-in policy / initiative to audit the usage of these service endpoints.

      Would be possible provide a built-in policy / initiative for this case?

      10 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    ← Previous 1 3 4 5
    • Don't see your idea?

    Feedback and Knowledge Base