Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details

  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details

  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details

  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. 1 vote
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    2. Internal Server Error when trying to add a locked VNet to a Service bus

      When the VNet has a lock, and is added to a Service Bus, the error is:
      Error: 500
      Internal Server Error. For more information visit
      https://aka.ms/eventhubsarmexceptions. CorrelationId: <Guid>

      It would be better to see that the issue is caused by the lock on the VNet. That way the customers can solve this by themselves.

      3 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    3. vnet-to-vent VPN Gateway with no public IP ?

      Hi,

      Would it be possible to connect two Vnets from the same zone, from two different subscriptions using VPN Tunnel but without involving public IPs ?.

      I noticed that when I created a virtual network gateway it asked to assign a public IP.

      Thanks!

      1 vote
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    4. Can you add the logging for azure log analytics as a service endpoints

      Can you have the azure log analytics be available via Service connections?

      We have observed we are sending 43GB per day over the internet going to Microsoft IP.

      Routing can be optimized by making these Microsoft public IPs be available as a service endpoint

      1 vote
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    5. VNet Integration break down Write Virtual Network Subnet

      Currently, we have a number of Azure DevOps Pipeline Service Principles (SP) belongs to different Squad Team to manage different workloads and avoid any SP can modify the virtual network by default.

      Issue:
      All the App Service connects to a subnet through VNet integration required a permission from the Virtual Network of Write: Create or Update Virtual Network Subnet.

      By just looking at the permission name, this permission can create or update the virtual network subnet. Please create an individual permission to just perform connect to a subnet from App Service/App Service Plan with the least privilege.

      3 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    6. service tag

      Regional Service Tags are not available for every option from the portal (ie. AzureCloud). The documentation and raw json shows these are available:


      1. https://docs.microsoft.com/en-us/azure/virtual-network/service-tags-overview



      2. https://www.microsoft.com/en-us/download/details.aspx?id=56519

        "name": "AzureCloud.centralus",
        "id": "AzureCloud.centralus",



      It would be nice for the UI experience to match the documentation.

      1 vote
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    7. asg

      Update the Subscription Limits Documentation specifically for: "Application security groups that can be specified within all security rules of a network security group"

      This is very misleading. This can be interpreted as all the ASGs combined, since it references them as application security groupS (more than one).

      Suggest to update its plural "groups" reference to a singular “group” to imply a single ASG (in relation to the amount of instances that a single unique ASG can be referenced in the NSG).

      1 vote
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    8. Charging for IPV6 and requiring load balancers is not justifiable

      Eliminate the requirement to use a load balancer and allow IPv6 public addresses to be assigned directly to a VM. IPv6 should be free and not require a load balancer. I understood the requirement to charge for IPv4 addresses due to limited availability. IPv6 does not have this problem and charging for them is not justifiable.

      Along the same lines, allow us to buy our own public address blocks and assign our own subnets to our virtual networks.

      1 vote
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    9. private link for Appservice but public SCM endpoint

      Private link also makes the SCM endpoint private for an app service. This means that we can't use cloud hosted Azure Devops agents to deploy our appservice.

      We should be able to make access to the site use the private link but still be able to use IP whitelisting to allow access to the SCM site

      3 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    10. 2 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    11. Increase VNET Peering Limit of 500

      With new concepts like Global VNet Peerings, Virtual Datacenter and Hub-Spoke Topology - VNET peerings become even more important.

      Please INCREASE the number of 500x allowed Peerings

      Thanks,
      Catalin.Cloud

      7 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    12. Improve Networking API

      https://docs.microsoft.com/en-us/rest/api/virtualnetwork/Subnets/Get

      Add an additional return value field stating remaining Private IP Addresses available for consumption in a VNET\Subnet -

      This response can help monitor Private IP exhaustion from AKS \ DataBricks \ - maybe expand capability to PrivateLink or Service Delegated subnets.

      This could also be delivered as a service in NetworkWatcher.

      3 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    13. Support Global VNet Peering in Azure App Service VNet Integration

      App Service allows integrating to a VNet and it can talk to peered VNets in the same region, but cannot talk to peered VNets in other regions (global peering).

      This would allow us to not have to deploy an App Service in each region or switch to IaaS services.

      36 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    14. Dual Stack Azure VM requires public IPv4 address to work

      An Azure VM configured in a dual-stack IPv6 subnet with two IP configurations (IPv4 and IPv6) by default has IPv4-only connectivity.
      The VM will get IPv6 internet connectivity only if a public IPv6 address is assigned to it. Once a public IPv6 is assigned to the machine, IF the machine does NOT have a public IPv4 assigned to it, the VM will loose IPv4 internet connectivity and will only be able to browse ipv6-only sites.
      When a public IPv4 address is assigned to the VM, VM will be able to browse IPv4 and IPv6 sites.

      Such behavior is unexpected (assigning…

      3 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    15. Error Messages from Azure should be informative enough for the user to take corrective measures

      When a deployment fails, error messages do not explain or let us know what was the issue all about. This needs to be fixed.

      3 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    16. Peering Cost prevents some freedom in design

      Several times when proposing a customer utilize an "empty hub" as a starting point in what will grow over time, the cost affiliated with the peering causes some push back.

      My suggestion is to remove the cost associated with Peering within a region, Global peering I wouldn't expect be free. Typically the hosts in a hub / spoke config communicates within 1 vNet or to a Hybrid endpoint, that already incur egress charges from the GW

      5 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    17. List VM's attached to Application security group

      Please allow to list the number of vm's attached to ASG, it woulb be easy to search and update the rules. currently we are having 30-35 serveres in each environment, it is very difficult to identify the vm's which are using common asg. there is no direct search option to do this.

      only available option is to go to each vm and check nic/asg attached to it.

      1 vote
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    18. Multiple SubnetGateways or Gateway Transit Peerings

      Allow Multiple GatewaySubnets per vNET - or - Allow a vNET to use Multiple Gateway Transit Peerings.

      45 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    19. I want to set using gateways on spoke vnet.

      actually, vnet peering is able to single hub architecture.

      eg;
      Allowed model:
      [ Spoke vnet1 ] ----------- [ Hub vnet1 ] -----<ER/S2S>---
      - spoke to hub use remote gateway
      - hub to spoke allow gateway transit

      Disallowed model:
      ---<ER/S2S>---- [ Spoke vnet1 ] -------- [ Hub vnet1 ] --- <ER/S2S> ---
      - spoke to hub use remote gateway
      - hub to spoke allow gateway transit(both vnets)

      I want to use multi gateway, use scenario is below.
      [Spoke vnet1] is owned by managed service provider. This service has VPN option on VPN gateway. but, cannot deploy VPN of this restriction.

      6 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    20. UDR next hop based on FQDN

      Are there any plan to support next hop address based on FQDN so route table can be failover based on DNS ?

      1 vote
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    ← Previous 1 3 4 5 6
    • Don't see your idea?

    Feedback and Knowledge Base