Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details

  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details

  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details

  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. ARM Template support for NSG Flow logs

      Add support to configure NSG Flow logs using Azure Resource Manager template.

      The goal is to have Azure Policy to deploy NSG Flow Log configuration.

      Reference to Docs:
      https://docs.microsoft.com/en-us/azure/network-watcher/traffic-analytics-faq#can-i-configure-traffic-analytics-using-powershell-or-an-azure-resource-manager-template-or-client

      122 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      3 comments  ·  Network Watcher  ·  Flag idea as inappropriate…  ·  Admin →

      Great news! ARM Template support for NSG Flow Logs and Traffic Analytics is now available in all regions.

      Useful links:
      1. Documentation: https://docs.microsoft.com/azure/network-watcher/network-watcher-nsg-flow-logging-azure-resource-manager
      2. Template Reference: https://docs.microsoft.com/azure/templates/microsoft.network/2019-11-01/networkwatchers/flowlogs
      3. Quickstart Template: https://azure.microsoft.com/en-in/resources/templates/101-networkwatcher-flowlogs-create/

      We will soon be releasing a QuickStart template to make using this feature easier. Stay tuned.

      Thanks for your patience and keep your feedback on the forums coming.

    2. Configurable back-end health check aggressiveness

      Related thread:
      https://social.msdn.microsoft.com/Forums/en-US/75cfb536-71f6-4c88-ac80-ec693f3e6229/azure-front-door-healthcheck-frequency?forum=WAVirtualMachinesVirtualNetwork

      Behind my frontdoor are two "back-ends", each consists of a single web app.

      For each back-end I have configured a health check with interval of 120 seconds. My expectation was that this leads to roughly 30 requests per hour.

      In reality, my application insights shows 64000 requests in the past 24 hours, that's more than 40 requests per minute! A live traffic log confirms this: I see health check requests come in almost every second...

      With the current behavior there is hardly any correlation with the configured "Interval" setting.

      It would be great if there was an…

      165 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      9 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    3. Allow configurable timeout period for Front Door

      Currently Front Door forces a 30 second timeout for backend requests. This can severely restrict the usefulness of the service in production systems. It would be great to have the timeout period configurable to allow for a longer period of time. My understanding is that the Azure Load Balancer, which sits in a similar space as Front Door, defaults to a 4 minute timeout period.

      269 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      21 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    4. Allow SSL/TLS configuration on Azure Frontdoor

      Allow option to configure SSL protocols and best practices, same as an application gateway on Azure front door service.
      Currently, Azure Frontdoor supports TLS 1.0 as well, there should be an option to select protocols as well as the cipher suite.

      58 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    5. Increase limit of custom domains per front door

      There is a limit of 100 custom domains per front door.
      This works well for apps that only require only a handful of domains, but SaaS applications often require it's customers to be on their own domain. This limitation currently prevents SaaS platforms using Azure FrontDoor.

      Alternative platforms such as Cloudflare or AWS Cloudfront already support a very large number of custom domains.

      68 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    6. Support wildcard hosts in custom hostnames

      Many of current SaaS applications enable customers to select it`s own subdomain in order do have a personalized url.

      So let's say I own contoso.com and I let my customers select any subdomain (*.contoso.com) like:

      foo.contoso.com
      bar.contoso.com

      That's cool with a couple customers but when you have a large system it's not doable setup one by one, even that you can automate that.

      The ideal solution would be allowing custom hostname field to bind a wildcard domain, in this example *.contoso.com

      There's a similar idea for Application Gateway that has been for a while (https://feedback.azure.com/forums/217313-networking/suggestions/19527121-application-gateway-support-wildcard-hosts-in-lis)

      Similar products on…

      353 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      14 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    7. Support to disable health check of Frond Door

      The health check of Frond Door is too frequent, which leads some negative impact. For example:
      1. More user pages, consume a lot of computing resources.
      2. If we use Azure DNS zone, DNS query will take extra charge.

      Sometimes we only have one backend VM as backend pool, which health check is not required.

      It would be highly suggested to have a feature like users can disable health check manually in case it's not needed.

      Thanks!

      17 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    8. Allow an HTTP to HTTPS redirect on Azure Front Door

      Allow an HTTP to HTTPS redirect on Azure Front Door.

      183 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      7 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    9. Add Custom Apex (Naked) Domains as front end hosts for Azure Front Door Service

      Azure Front Door Service is currently missing the ability to onboard Apex (Naked) Domains e.g. https://contoso.com https://example.com

      It runs on Anycast IP addresses that seem globally consistent for the Frontend host (something.azurefd,net)

      So why not allow me to onboard an Apex domain to the service by creating DNS A and / or AAAA records at the custom zone apex that point to the allocated Anycast IPs? (CNAMEs are not supported at the Zone Apex)

      If the answer is that the Anycast IPs aren't allocated in perpetuity please fix that first then add this feature!

      192 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      16 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    10. Provide option to change which TLS versions are supported

      Provide option to change which TLS versions are supported - similar to the Azure App Service. This will allow for use of Front Door with PCI compliant apps.

      123 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      7 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    11. Azure Application Gateway CPU Utilization Metric

      The Application Gateway offering provides quite a few useful metrics, but lacks some core performance metrics. Please, at a minimum, provide a metric and alert for CPU utilization of the instances behind an Application Gateway. When CPU utilization is not monitored at this level, it can affect the performance of dependent applications.

      19 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    12. Allow front door service URL Rewrite to file instead of path

      Allow URL Rewrite to rewrite a path to a file. This would enable users to host single page applications using front door.

      38 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      11 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    13. Internal Load Balancer support for multiple availability sets

      It would be great if the internal load balancer supports multiple availability sets. Each backend pool allowing to target a different availability set.


      We host a HA multi-tiered solution with VMs for each tier in their own availability set. Clients connect to these servers via internal load balancers.

      Each tier now has its own ILB and subsequently its own IP and FQDN to have clients connect to (app.domain.local, instead of app.domain.local, app-web.domain.local, app-mgmt.domain.local, ...)

      This will allow for
      - 1 ILB per solution
      - a single endpoint and FQDN to access the various tiers in the app (app.domain.local, instead of…

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
    14. Updating portal when Health probes and LB rules are added in VMSS.

      From many weeks, I have observed that portal shows as updating status even though health probes and LB rules are added in VMSS.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
    15. Create private dns zone in virtual network which already has VMs

      Create private dns zone in virtual network which already has VMs. Currently, it's giving below error:

      Virtual networks that are non-empty (have Virtual Machines or other resources) are not allowed during association with a private zone.

      76 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      7 comments  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →
    16. Azure ApplicationGateways needs to log effective TLS-protocol-version of each call

      As Cloud Solution provider we need to know
      - which customers and
      - how many customers
      would be hit by an change of tlsMinProtocolVersion from
      TLSv10 to TLSv12
      Currently we are not aware of any possibility to get hold of
      effective TLS-version (with TLS-offloading within AppGateway)

      14 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      In Application Gateway V2, you can view SSL/TLS protocol used for each request in the Access logs (sslProtocol) – https://docs.microsoft.com/en-us/azure/application-gateway/application-gateway-diagnostics#access-log

      Also, you can use the new metric which will give you the SSL/TLS protocol distribution (Client TLS Protocol) – https://docs.microsoft.com/en-us/azure/application-gateway/application-gateway-metrics#application-gateway-metrics

    17. Support HSTS (HTTP Strict Transport Security) on Application Gateway

      There are no support concerning HSTS today, this is requested by many customers and they have to use 3rd party for accomplish it.

      101 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      5 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      This can now be accomplished using the new Header Rewrite capability in the V2 SKU. Please see the documentation here https://docs.microsoft.com/en-us/azure/application-gateway/rewrite-http-headers#implement-security-http-headers-to-prevent-vulnerabilities
      Additionally, if you would like to get in touch with us to discuss your specific scenarios, please fill this form: https://aka.ms/ApplicationGatewayCohort

    18. Add the option of outbound rule on Azure portal

      When we want to set the outbound rule for Azure load balancer, there are just two methods to configure that : One is Resource Explore; Another is Azure CLI. The configuration methods recorded in below document:
      https://docs.microsoft.com/en-au/azure/load-balancer/load-balancer-outbound-rules-overview
      But neither good enough for deployment . Please kindly add this function on portal.

      14 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
    19. Internal load balancer vnet peering

      Currently when you connect 2 VNETS using a global vnet peer you cannot access internal load balancer between the networks. E.g if you have a resource behind a load balancer in vnet1 and you try to connect to the load balancer from vnet2 then you cannot connect.

      This causes problems for SQL Server Availability groups running over 2 regions meaning you need an internal load balancer in each region. If you then have a web farm spread over the 2 regions only web servers within the region hosting the listener address can connect to the listener. This basically removes one…

      122 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      7 comments  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
    20. Enable Accelerated Networking from the Portal

      Currently Accelerated Networking can only be enabled or disabled from the command line. It would be nice to have this available as a Portal switch in the NIC or VM menu.

      9 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  Flag idea as inappropriate…  ·  Admin →
    ← Previous 1 3 4 5 16 17
    • Don't see your idea?

    Feedback and Knowledge Base