Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details
  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details
  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details
  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Simplify

      Do any of you developers at Microsoft actually talk to end users before you implement this stuff? The first thing you should do after getting the flow logging working is to provide an EASY and SIMPLE way for end users to view the flow logs through the portal without having to have a Computer Science Masters degree to write friggin Powershell scripts or other programs to view this data that you are collecting

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Network Watcher  ·  Flag idea as inappropriate…  ·  Admin →
    2. Traffic Analytics in DoD regions

      Traffic Analytics in DoD regions

      9 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Network Watcher  ·  Flag idea as inappropriate…  ·  Admin →
    3. Traffic Analytics in DoD regions

      Needed in USDoDEast

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Network Watcher  ·  Flag idea as inappropriate…  ·  Admin →
    4. Traffic Analytics in DoD regions

      Needed in USDoDEast

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Network Watcher  ·  Flag idea as inappropriate…  ·  Admin →
    5. ARM Template support for NSG Flow logs

      Add support to configure NSG Flow logs using Azure Resource Manager template.

      The goal is to have Azure Policy to deploy NSG Flow Log configuration.

      Reference to Docs:
      https://docs.microsoft.com/en-us/azure/network-watcher/traffic-analytics-faq#can-i-configure-traffic-analytics-using-powershell-or-an-azure-resource-manager-template-or-client

      85 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Network Watcher  ·  Flag idea as inappropriate…  ·  Admin →
    6. STOP creating random Resource Groups!

      Honestly, what are we going to do with you MSFT when it comes to RBAC?

      When MSFT puts services into Preview and often months or years after they are so-called GA they still fail to recognize that they are violating Governance, RBAC, rules allowing Azure Services to randomly create Resource Groups in any given Azure Subscription.

      The two biggest violators of this right now are Databricks and Network Watcher.

      In most cases our clients should be refusing to use these services until they are capable of adhering to Governance and Security rules being enforce by InfoSec and others.

      Resource Groups are sacred beasts…

      11 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Network Watcher  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.

    7. Alerting for Next-Hop in Network Watcher

      Create an activity log or alert with the Next Hop feature. This would allow real time monitoring and notification if a VM was to get internet access by accident. Currently I do not see any alerting functionality for route table changes... For example, it would be great if we could create a monitor anytime a route table changed or when the VM routing changed from Next-Hop VPN to Internet and vice versa. There needs to be more visibility and alerting to VM's that have internet access, likely a huge security concern for many organizations.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Network Watcher  ·  Flag idea as inappropriate…  ·  Admin →
    8. Azure Portal Report Settings

      In the Azure Portal, is there a way to change the Portal report settings to display kbps instead of mbps? When we work with the Support Engineers from Microsoft – Azure Rapid Response (ARR), their reports have more granularity than our reports. This sometimes leads to debates as to the data we are seeing and reporting to Microsoft ARR. We have not been able to find a way to make these changes is the settings.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Network Watcher  ·  Flag idea as inappropriate…  ·  Admin →
    9. Can't get NSG Flow Logs to show up in Azure Monitor Logs!

      I can't find corresponding flow logs for the action that I manually triggered. Here is what I am trying to do and I am expecting flow logs to show up after few (4) minutes but they don't!

      1) Call API at the Application Gateway @https://api.aspnet4you.com/api/customer/FindAllCustomers?country=United%20States&state=Washington&city=Seattle

      2) Query to find app gateway access logs and they show up in about 3 minutes:
      AzureDiagnostics
      | where TimeGenerated >= now(-15m)
      | where clientIP_s !=""
      | where Category == "ApplicationGatewayAccessLog"

      3) Query NSG Flow logs but NO Result Found!
      AzureNetworkAnalytics_CL
      | where TimeGenerated >= now(-15m)
      | where SubType_s == "FlowLog"
      | extend dir…

      7 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Network Watcher  ·  Flag idea as inappropriate…  ·  Admin →
    10. Create credit system for NW

      Create a credit system that allows an option for "yes continue to bill me" or "no, turn off services when credits expire" . I want to be ale to use use Network Watcher in its capacity as a "free" service without crossing the threshold that then requires payment - especially for the more complex services. An alternative idea is a "Basic" SKU which enables only limited instances of the network watcher extension. Essentially, customers today are inhibited from using b/c of the fear of having to pay for services. We should enable a warning or auto-disable that would prevent them…

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Network Watcher  ·  Flag idea as inappropriate…  ·  Admin →
    11. NSG Flow logs

      Currently NSG Flow Logs are do not have the ability to publish to Azure Event Hub as other logs do.

      It would be invaluable for this facility to be made available to allow onward transformation of log data (via Azure Functions) prior to ingest into products such as Splunk.

      41 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  Network Watcher  ·  Flag idea as inappropriate…  ·  Admin →

      Thank you for your feedback. Today publishing NSG Flow Logs to an Event Hub is not currently supported natively. We will continue to evaluate this suggestion and update the status accordingly.

      Today, if you are interested in transforming and streaming NSG Flow Logs to a 3rd party endpoint, we have published a sample here that leverages an Azure function: https://github.com/Microsoft/AzureNetworkWatcherNSGFlowLogsConnector

      Splunk has also published a blog with guidance on integrating NSG Flow Logging data here: https://www.splunk.com/blog/2017/02/20/splunking-microsoft-azure-network-watcher-data.html

    12. Add SQL Tests to Service Endpoint Monitor

      Enable testing of database availability - similar to SCOM OLEDB capability (https://technet.microsoft.com/en-us/library/hh457575(v=sc.12).aspx) that can make a test connection and even run a test query to validate functionality.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Network Watcher  ·  Flag idea as inappropriate…  ·  Admin →
    13. Availability Test Integration with Application Insights

      Right now App Insights provides availability tests, but they can only hit external facing sites. The Service Endpoint Monitor fills that gap for any internal sites, but the customer now has to manage 2 separate tool configurations. It would be ideal if App Insights would allow OMS nodes as options on the “Test Locations” list, so all URL testing would be configured in the same place and the respective engines would execute them appropriately

      5 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Network Watcher  ·  Flag idea as inappropriate…  ·  Admin →
    14. Synthetic Transactions for Office 365

      The network reachability tests are a fantastic addition, and taking it even further would be to allow user to specify send/receive account credentials and have the test send actual dummy email, test SPO and OD4B upload/download, Skype check presence, etc. Just a an even deeper test that O365 services are working from one of their nodes

      2 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Network Watcher  ·  Flag idea as inappropriate…  ·  Admin →
    15. Network Flow Logs should show public destination IP

      When looking at the NSG Flow Logs at the moment, all traffic from e.g. my local laptop, seems to be flowing directly to the private IP address of my VM.

      The source IP is the public IP address of my laptop and the destination IP should, in my opinion, be the public IP address of the VM, not the local private subnet IP (10.x.x.x), when traffic is inbound from the internet.

      4 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Network Watcher  ·  Flag idea as inappropriate…  ·  Admin →

      Yes, the NSG Flow Logs will record the private IP address of the Network Interface. There are scenarios where public IP addresses can be shared across resources (e.g. using an Internet Load Balancer or Application Gateway) therefore we display private IP addresses to be most specific.
      The need to preserve Public IPs address traffic flow as part of the flow logs is valued feedback. Thank you for contributing.

    16. More frequent NSG Flow log rollover, and consumption into Traffic Analysis

      It would be useful to have NSG flow logs consumed by Traffic Analysis more frequently than every hour (ever minute would be great!).

      Currently the delay is too long to be useful for real-time troubleshooting, and useful only for analysis retrospectively.

      7 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      started  ·  1 comment  ·  Network Watcher  ·  Flag idea as inappropriate…  ·  Admin →
    17. Enable NSG Flow Logs for secured Storage Accounts

      At the moment, it's apparently not possible to use NSG Flow Logs with secured Storage Accounts, even if the exception "Allow trusted Microsoft services to access this storage account" is enabled on the Storage Account.

      It would be really helpful if you could add the Network Watcher this list of trusted Microsoft servies, so we can use secured Storage Accounts to store our NSG Flow Logs on.

      105 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      4 comments  ·  Network Watcher  ·  Flag idea as inappropriate…  ·  Admin →
    18. ad snmp to service endpoint monitor

      The new service endpoint monitor is a very welcome addition. The only thing now missing from the OMS solution is a user-friendly way to collect SNMP data. Mainly for monitoring bandwidth usage etc on firewalls & routers.The linux snmpd to OMS logs option is to cumbursome because there's no way to centrally configure this.A snap option in the service endpoint monitor would be perfect for this!

      8 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Network Watcher  ·  Flag idea as inappropriate…  ·  Admin →
    19. GetBestNeigbhors for a given Source Azure Region

      GetBestNeighbors
      Input :
      AzureRegion SourceRegion : Source region , Frame of Reference
      AzureRegion[] Regions : List of regions which needs to be reached from Source Region

      Output : Ordered list of azure regions “best” reachable from SourceRegion

      Alternatively , Simpler version

      GetBestNeighbors
      Input :
      AzureRegion SourceRegion : Source region

      Output : Ordered list of all available azure regions “best” reachable from SourceRegion

      Alternatively ,Even more simpler version

      GetBestNeighbors
      Input :

      Output : Ordered list of all available azure regions “best” reachable from SourceRegion. This must be same as it would have been called from Source region as above.

      2 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Network Watcher  ·  Flag idea as inappropriate…  ·  Admin →
    20. Local Network Watcher for End User for their Azure Instance

      Local Network Watcher possibly tied into Internet Connection API. No overhead and only fires when the connection drops or is having issues. Allows the user to input their own instances and is able to visually see where the issue might be and possible solutions. So a mini Network Monitor.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Network Watcher  ·  Flag idea as inappropriate…  ·  Admin →
    ← Previous 1
    • Don't see your idea?

    Feedback and Knowledge Base