Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details

  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details

  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details

  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Cross-subscription VNet (Shared VNet)

      A virtual network that spans subscriptions. Multiple different subscriptions can deploy to the same virtual network in a region.

      If you are interested in this feature, please up-vote and add details about your company/scenario.

      We appreciate the feedback.


      • VNet Team [MSFT]

      121 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      need-feedback  ·  4 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    2. Azure Loadbalancer must delete unhealthy VM of Azure VMSS

      I have create Azure VMSS behind Public Azure Std LB with HTTP based Health Probe. Azure Loadbalancer is working as per expectation. But If VM is unhealthy then it must be deleted or re-provisioned. So that machine can attain healthy state again.

      149 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      12 comments  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →

      I’d like to ask you for more feedback on this request please. Load Balancer doesn’t control the VMSS. I think what you’re looking for is a way for VMSS to replace any instances with a LB health probe status of 0. I’ve reached out to VMSS team to get their input. LB is likely not the right place to do this.
      — Christian

    3. LoadBalancer should support more than one IPv6 addresses on the internet frontend.

      At the moment the Azure load balancer supports only 1 IPv6 IP on the internet frontend.
      The IPv4 adresses where sold, the future is the usage of IPv6. But a loadbalancer can only handly one IPv6 Address???
      It minimum we should be able to terminate one IPv6 Präfix. Better that the LB can handle many dedicated IPv6 addresses.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
    4. Global Anycast Load Balancer

      Enable Load Balancer to serve multiple regions via a single global IP using anycast. GCP does this today. In Azure, you must use Traffic Manager and manually configure for the same effect. Also TM doesn't validate HTTPS while LB can.

      29 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      3 comments  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
    5. Load balancer probes to determine latency

      In addition to health probes, provide a probe to determine latency when pushing packets to the backend.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
    6. Internal Load Balancer support for multiple availability sets

      It would be great if the internal load balancer supports multiple availability sets. Each backend pool allowing to target a different availability set.


      We host a HA multi-tiered solution with VMs for each tier in their own availability set. Clients connect to these servers via internal load balancers.

      Each tier now has its own ILB and subsequently its own IP and FQDN to have clients connect to (app.domain.local, instead of app.domain.local, app-web.domain.local, app-mgmt.domain.local, ...)

      This will allow for
      - 1 ILB per solution
      - a single endpoint and FQDN to access the various tiers in the app (app.domain.local, instead of…

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
    7. Monitor Application Gateway Load

      Provide a way to monitor Application Gateway CPU/Memory in order to track load. It's hard to know only based on current access/http errors when the WAF is under heavy preasure and we need to scale it up.

      150 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      There is no plan currently to offer these system level metrics for Application Gateway Standard (V1). However, we are planning to offer more observability with our new Autoscaling version (V2) of Application Gateway/WAF. We already offer Capacity Units as a metric which gives you a sense of the traffic load on your Application Gateway. More are planned for V2. Please send in your specific feedback via https://aka.ms/ApplicationGatewayCohort

    8. Is it possible to expose Azure blob storage via Application Gateway

      Expose Azure blob storage via Application Gateway.

      I would like to remove public access for Azure Blob and only make it accessible via virtual network. The Azure Application Gateway will be public facing which does the SSL termination and forwards the request to blob.

      This would allow scanning for malicious content via virtual appliances before content is stored in blob.

      155 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      6 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    9. Built-in policy to audit VNet rules / usage of service endpoints

      Built-in policy to audit VNet rules / usage of service endpoints

      More and more services in Azure have the ability to use service endpoints (e.g. Azure SQL Database, Azure Storage Account, Azure Data Lake, ...)

      This is necessary to fulfill IT-Security requirements and helps to restrict the access to critical Azure service resources from only specific virtual networks.

      At the moment there is no built-in policy / initiative to audit the usage of these service endpoints.

      Would be possible provide a built-in policy / initiative for this case?

      10 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    10. Could be possible LB TCP and UDP flows on all ports simultaneously when you're using an Public load balancer

      Unfortunately, HA ports configuration is available only for internal load balancers. It is not available for public load balancers.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
    11. Public IP Address Lock Period After Deletion

      It would be valuable to have a lock period for a public IP address that has been deleted from Azure. A use case would be if a user accidentally removes a public IP address from the Azure Portal, az cli, terraform, etc., a lock period of ~30 minutes is put in place so that the user is able to recreate the public IP address resource and bind to the previously deleted IP address.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  IP addresses  ·  Flag idea as inappropriate…  ·  Admin →

      Hi Nate,

      Thanks for your feedback. In order to help reduce deleting dynamic Public IPs by accident, we added a feature in the Azure Portal that will prompt to ask customers if they want to reserve the IP address before deleting.

      In the future, we will default to Static Public IPs to prevent users from hitting this issue. However, we will not be building a lock mechanism.

      Hope this helps.

      - Anavi N [MSFT]

    12. DNS Zone failed to create with 503 error

      Microsoft Support told me that I should post this here:
      We currently cannot create DNS zones within our Azure subscription.

      When I click the 'Add' button from within the DNS Zones page, one of the following happens:

      If, after refreshing and trying several times, the DNS creation form loads, THEN if…

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →
    13. vnet peering too expensive

      Best practices are to create a subscription for ExpressRoute and then peer VNets for different subscriptions. This doubles the cost of traffic to and from Azure making it a non start for most. It is understandable to have costs between regions, but for networking that would be no cost if in the same subscription, why is there then a cost for my networks in my two subscriptions in the same region? These cost make it impossible to follow best practices for security, design, partner management, etc.

      85 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      6 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    14. IP report(Risky IP) and User Report(Bad Password Attempts) from the Azure should be merged into one report. Find a user from which IP cannot

      IP report(Risky IP) and User Report(Bad Password Attempts) from the Azure should be merged into one report. Finding a user from which IP cannot directly

      2 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  IP addresses  ·  Flag idea as inappropriate…  ·  Admin →
    15. Allow VM's to have multiple Public IP's with a single private IP

      We should be able to attach multiple public IP's to a single NIC without having multiple private IP's.

      It is very difficult to configure 3rd party firewalls needing a 1:1 between public IP's and private IP's as far as routing rules go.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    16. RST packet is sent from probe of load balancer.

      The probe use RST to disconnect a TCP connection that established 3 way handshake. If I use an software to monitor some paket, the software will detect some errors by RST paket. I hope we can use FIN sequence to close the TCP connection.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      4 comments  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
    17. Utilization

      I need to get the bandwidth utilized per month with cost only for internet traffic in/out from datacenter (**Excluding the VM to VM traffic in/out). It will be helpful for Firewall,WAF,SIEM kind of implementation analysis (if historic usage available for last (1hr,24,7days,30days,,matrix)

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    18. About VPN gateway DNS

      Can VPN gateway push a new DNS server address to client when the client connected

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      need-feedback  ·  2 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    19. List the private IP address of a virtual network gateway

      Show the private IP address of a virtual network gateway in the "Connected devices" blade.

      18 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      4 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      Hi,

      Currently, the gateway private IP addresses are not required for configurations or operations, other than the GatewaySubnet range. They should have been hidden from users. The gateway resource model does not have a field for those either.

      There may be use cases for new features down the road. We will update the gateway resource model accordingly and expose those properly.

      Thanks,
      Yushun [MSFT]

    20. Authentication support for application gateway

      For lift & shift of legacy systems, application gateway is very useful as we have different kinds of backends (VMs, service fabric, other PaaS services, etc.). The only missing capability is authentication, so we have to implement and configure authentication in various services, which is a big overhead. Otherwise, we have to give up application gateway but set up Nginx VMs instead.

      I have also looked at Azure API Gateway, but it seems to be too specialized for public APIs but our services also service static contents and ever-changing private APIs without swagger definition.

      236 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      4 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    ← Previous 1 3
    • Don't see your idea?

    Feedback and Knowledge Base