Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details
  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details
  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details
  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Internal Load Balancer support for multiple availability sets

      It would be great if the internal load balancer supports multiple availability sets. Each backend pool allowing to target a different availability set.

      ---

      We host a HA multi-tiered solution with VMs for each tier in their own availability set. Clients connect to these servers via internal load balancers.

      Each tier now has its own ILB and subsequently its own IP and FQDN to have clients connect to (app.domain.local, instead of app.domain.local, app-web.domain.local, app-mgmt.domain.local, ...)

      This will allow for
      - 1 ILB per solution
      - a single endpoint and FQDN to access the various tiers in the app (app.domain.local, instead…

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
    2. Azure load balancer currently doesn't report the status of backend pool VMs based on health probes.

      Azure load balancer should report the status of backend pool VMs based on the health probes we have created and not just report if the VM is running or not. Recently one of my backend pool VM went into high load and it took me minutes to identify the problematic one. LB was not sending any traffic to this VM however the portal was still showing it 'Running' instead of "Unhealthy" or "Failed". This would save a lot of time and will be easy to see health of backend pool vms.

      6 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  1 comment  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
    3. Load balancer probes health status via the api

      The back end pool health status, per VM, using the configured health probe should be available via the API.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
    4. Load Balancer - HA ports stateful failover

      Currently, when a node (NVA) becomes unavailable, active sessions are not moved over to another healthy node in the pool, only new sessions get directed to healthy node. It would be nice to add support for the stateful failover of the active sessions.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
    5. Allow to change ILB App Service Environment domain afer creation

      Allow to change ILB App Service Environment domain afer creation

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
    6. Add Outbound internet traffic routing capability for Azure Internal Load balancer

      The Azure Internal load balancer - standard Tier have limitation on Outbound connectivity for Azure VM that does not have Public IP associated with them.
      https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-outbound-connections

      We have Azure Microsoft SQL Virtual Machine that should not have any Public IP associated with them for security reason . We had to use Azure ILB for MS SQL Always ON Configuration. We had to use some of the standard Tier features. We are having issues with Outbound connectivity for the configuration. It would be ideal if Microsoft can also add to Standard SKU the outbound connectivity feature available in Basic SKU

      22 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
    7. Could we add VMs in Load balancer backend pool even they are in the different peered Vnets in the future?

      Could we add VMs in Load balancer backend pool even they are in the different peered VNets in the future?

      4 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
    8. Could be possible LB TCP and UDP flows on all ports simultaneously when you're using an Public load balancer

      Unfortunately, HA ports configuration is available only for internal load balancers. It is not available for public load balancers.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
    9. Allow moving a Standard SKU Load balancer between Resource Groups like possible with the basic one

      Allow moving a Standard SKU Load balancer between Resource Groups like possible with the basic one.
      while in place upgrade from basic to standard is not an option, this might help with the manual upgrade or even general maintenance of the service.

      7 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
    10. I would like a probe for load balancers that uses the status of a DSC from an automation account

      I would like a probe for load balancers that uses the status of a DSC from an automation account. That way, when a VM is reimaged in a scaleset, it is unavailable to traffic until the DSC shows Compliant.

      4 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
    11. Allow ESP traffic through Azure Loadbalancer

      Azure Load Balancer, for external connections, can support only TCP (Protocol ID “6”) or UDP (Protocol ID “17”).

      It cannot support protocols like ICMP (Protocol ID “1”). As an example, also IPSec (and VPN using it) is not supported since you should open UDP port 500 (that is fine) and permit IP protocol numbers 50 and 51. UDP Port 500 should be opened to allow Internet Security Association and Key Management Protocol (ISAKMP) traffic to be forwarded through Azure Load Balancer. IP protocol ID 50 should be set to allow IPSec Encapsulating Security Protocol (ESP) traffic to be forwarded. Finally,…

      46 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
    12. Global Anycast Load Balancer

      Enable Load Balancer to serve multiple regions via a single global IP using anycast. GCP does this today. In Azure, you must use Traffic Manager and manually configure for the same effect. Also TM doesn't validate HTTPS while LB can.

      16 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      3 comments  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
    13. Load Balancer and Public IP SKU.

      There must be an option of Upgrading Public IP SKU from Basic to Standard without losing Static PIP as it is a creating a big road block when we do any planning like moving existing PIP behind any NVA Standard Load balancer.
      If any existing Production Server are already running on Basic PIP then it is very tough to make any decisions to upgrade SKU or move it behind any Standard ELB.

      Need suggestion here how and till what time we can overcome here.

      854 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      37 comments  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
    14. allow custom host header for azure load balancer health probes

      HTTP health probes for Azure load balancer are hard-coded to use the IP of backend as their host headers. This forces the backend hosts have to be configured to allow its IP as one of its allowed domain. It's very surprising that Azure doesn't custom host header for HTTP(s) health probes. Please add custom headers for HTTP(s) heath probes; at least, host header support should be there.

      41 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
    15. Azure Loadbalancer must delete unhealthy VM of Azure VMSS

      I have create Azure VMSS behind Public Azure Std LB with HTTP based Health Probe. Azure Loadbalancer is working as per expectation. But If VM is unhealthy then it must be deleted or re-provisioned. So that machine can attain healthy state again.

      95 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      9 comments  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →

      I’d like to ask you for more feedback on this request please. Load Balancer doesn’t control the VMSS. I think what you’re looking for is a way for VMSS to replace any instances with a LB health probe status of 0. I’ve reached out to VMSS team to get their input. LB is likely not the right place to do this.
      — Christian

    16. TLS termination of TCP/TLS traffic

      It would be useful for Azure Load Balancer to support TLS termination / offloading when using TCP/TLS traffic.
      Application Gateway can do it for HTTPs traffic but there is no way to do it for other protocols based on TLS.
      AWS can do it with the Network Load Balancer tier of AWS Elastic Load Balancing.

      28 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
    17. Add the option of outbound rule on Azure portal

      When we want to set the outbound rule for Azure load balancer, there are just two methods to configure that : One is Resource Explore; Another is Azure CLI. The configuration methods recorded in below document:
      https://docs.microsoft.com/en-au/azure/load-balancer/load-balancer-outbound-rules-overview
      But neither good enough for deployment . Please kindly add this function on portal.

      10 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
    18. Permit Outbound Rules to reference secondary IPconfigs

      Is there any plan to permit an "Outbound Rule" on an External Standard Load Balancer to reference a backend address pool that is in turn referencing a Secondary IPconfig of a Network Interface?

      Currently when I try this I get the following error:

      OutboundRule <outbound rule name> cannot be used with Backend Address Pool <backend pool name> that contains Secondary IPConfig <ip config name within a NIC>

      I am able to reference the first (primary) IP Configuration of a NIC - but this VM (a Palo Alto firewall) has multiple IP addresses on its external interface which we wish to…

      4 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
    19. Configurable HTTP status code for Load Balancer Probe

      The HTTPS probe considers any HTTP status other than 200 to be a failure. Any response 200-299 should be considered a success. See https://tools.ietf.org/html/rfc7231#section-6.3

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
    20. Delay load balancer rolling health threshold until first pass.

      We would like to implement an application-specific https load balancer probe for rolling upgrades. This always fails initial deployment because none of the VMs in the scale set have the application installed yet. It would be nice if the rolling upgrade threshold could be ignored until it passes for the first time.

      5 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
    ← Previous 1
    • Don't see your idea?

    Feedback and Knowledge Base