Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details
  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details
  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details
  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Create VNETs in their own, dedicated resource group.

      A lot of folks report problems deleting a VNET. One thing I found which works is to create the VNET in a dedicated resource group, and then, if you need to delete the VNET, delete the entire resource group. This seems to work. Of course, there are authorization implications, but those should be manageable by assigning rights with service principals at the subscription or individual resource level.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    2. Add a preference route or cost when exist two or more route for the same destinations

      The client does not always have BGP options on their local firewall and traffic can go through one tunnel or the other. With the option of setting the priority helps and solve the problem.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    3. ASGs for UDRs

      ASGs are wonderful. They decouple ACLs from subnets, and so allow me to segment my application tiers without having to create separate subnets for each tier.

      However, the moment I need to use UDRs, I'm back to using subnets for each tier. It would be great to be able to define UDRs for an ASG, so I can decouple routing from subnets just as I can currently decouple ACLs from subnets.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    4. Allow NVAs etc... to establish BGP session directly with VNETs

      To make HA scenarios a lot simpler with NVAs that support BGP (which most of them do nowadays) each VNET should allow you to establish a BGP session directly with it so you can advertise and learn routes dynamically straight to the VNET.

      This would help so many HA scenarios and also making sure traffic flows are symmetric a lot simpler by using BGP local preference, AS Path and Weight attributes.

      Perhaps this could be enabled via a VNET service endpoint on your VNET as required?

      5 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    5. Portal - Azure Networking - column heading for vNet and subnet to list address range

      Hi, would be nice to have a column to list the default address ranges for vNet and subnet associated with CIDR eg
      10.252.0.0/18 10.252.0.0-10.252.63.255

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    6. Add metrics for routes in route tables

      Add metrics for routes to provide an easy way to utilize backup routes in Azure.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    7. Integrating App service on the exsiting VNET that already has static (or dynamic) IP.

      I want to integrating App service on the exsiting VNET that already has static (or dynamic) IP.

      31 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  1 comment  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    8. Allow Network Adapter to move to different VNET

      Please allow one to move a VM or VM NIC to a different VNET. Its pretty crazy that one of the suggested options is a backup and restore to change the virtual machines network

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    9. wants to make my custom service tags for network security group

      Is it possible to create and add our own service tag mapping to multiple ip address ranges? These days, we need to have our own service tag for outside cloud vendor's service such as payment or customer review.

      13 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    10. Cross-subscription VNet (Shared VNet)

      A virtual network that spans subscriptions. Multiple different subscriptions can deploy to the same virtual network in a region.

      If you are interested in this feature, please up-vote and add details about your company/scenario.

      We appreciate the feedback.

      - VNet Team [MSFT]

      31 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      need-feedback  ·  1 comment  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    11. Enable "vNet peering" as UDR next hop

      Enable "vNet peering" as UDR next hop. Currently if you have a large range, a /16 for example, set in a UDR with a next hop of an NVA it is not possible to override or point a single subnet, for example a /24, in the /16 at the vNet Peering. This would be useful to bypass an NVA for certain subnets or IPs.

      6 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    12. NSG service tag for AzureBastionSubnet

      When implementing complicated access controls inside a virtual network, we always need to allow connections from AzureBastionSubnet of the virtual network.

      It would be nice we have AzureBastionSubnet service tag which automatically describes a specific Azure Bastion subnet for each virtual network where resources NSG attached reside in.

      6 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    13. Support Longest Prefix Match in VNet Peering

      Allow VNet Peering between two VNets that may have overlapped IPs by supporting Longest Prefix Match in routing.

      4 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    14. Multi Tenant, Service Endpoint, vNet Peering, Subnet Whitlisting

      We have had a use case that could not be implemented due to the functionality not being available, We have a Multi-Tenant Alliance of Companies that require interoperability in regards to network access,

      Use Case:
      Tenant 1 :-
      Subscription,
      CosmosDB with Vnet with CosmosDB Service Endpoint

      Tenant 2 :-
      Subscription,
      VPN vNet with CosmosDB Service Endpoint

      We have managed to get both virtual network Globally vNet Peered via resourceID, however, cannot get the external tenant vnet subnet whitelisted within the cosmosdb due to it not being implemented yet.

      Confirmed with MS support to raise a Azure Network Improvement

      44 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    15. Security Group Name

      To differentiate between Network Security Groups applied on the Network Interface and those applied on Subnets, it would be more descriptive to have the default naming as Interface Security Group and Subnet Security Group

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.

    16. make SNAT Flows graph tool available to customers

      give customers access to the virtual network SNAT Flows graph tool/data, so that a customer can self determine if a Azure VM using default Internet access is actually successfully communicating outbound to the internet. This is impossible to discern from other Azure tools or conclusively know by running packet captures locally on the VM. Support has access to this tool and data, and was able to confirm for me which ruled that out as a problem, and resulted in correct resolution of the root problem.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    17. 54 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    18. Azure Security Group

      Azure Security Group (ASG) should have the option to show all the NICs associated with it.

      62 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      6 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    19. Distribute DNS Suffix through Virtual Nerwork

      Distribute DNS Suffix through Virtual Nerwork for all OS, in most of case, mainly Linux OS, we need to set a dns suffix to resolve internal names.

      6 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    20. Built-in policy to audit VNet rules / usage of service endpoints

      Built-in policy to audit VNet rules / usage of service endpoints

      More and more services in Azure have the ability to use service endpoints (e.g. Azure SQL Database, Azure Storage Account, Azure Data Lake, ...)

      This is necessary to fulfill IT-Security requirements and helps to restrict the access to critical Azure service resources from only specific virtual networks.

      At the moment there is no built-in policy / initiative to audit the usage of these service endpoints.

      Would be possible provide a built-in policy / initiative for this case?

      10 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    ← Previous 1 3 4 5
    • Don't see your idea?

    Feedback and Knowledge Base