Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details

  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details

  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details

  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Support for drainstop in Azure App Gateway

      Traditional loadbalancers support the following states, to facilitate performing maintenance on a system of multiple nodes gracefully:
      Enabled (All traffic allowed)
      Disabled (Only persistant or active connections allowed)
      Force Offline (only active connections allowed)

      When a application gateway node is "unhealthy" it only allows active connections. We are looking for a way to force a node into an "unhealthy" state.

      The currently supported method is to use a custom probe that checks a file/path. I would like a solution that doesn't involve making changes on the server going into maintenance mode.

      37 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      3 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    2. Need a function to URL path rewriting in Application Gateway

      Currently, I know Azure Application Gateway has a function for redirection of URL path based.

      Now, I need a function for rewriting URL path during redirecting a request to backend server.

      For example, When Application Gateway received a HTTP request to http://www.contoso.com/test/, it redirects the request as /images/ to backend server.

      In other words, I want to set a URL path for backend server in PathRuleConfig in Application Gateway.

      79 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    3. traffic manager api

      I would like an API call that can be made to get the list of traffic manager IP addresses. (this list https://docs.microsoft.com/en-us/azure/traffic-manager/traffic-manager-faqs#what-are-the-ip-addresses-from-which-the-health-checks-originate.)

      That way we can automate the checking of this list and alert if it is amended, and also automate updating our azure services. Just having a website to check is too manual.

      4 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      started  ·  0 comments  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →
    4. Tell the user which objects prevent an object from being deleted

      I wanted to delete a Virtual Network and it kept telling me that it was in use and that I should come back later if I just deleted an object that used this Network.
      However, the actual reason was that the Virtual Network still had a Gateway configured. As this gateway only shows up inside the Virtual Network and not on "All Resources", I wasted hours to figure out why I couldn't delete the network.

      Suggestion:
      If I can't delete an object because it is in use or has children, give me a list of those objects that prevent the…

      6 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →

      Hi Daniel, we’ve made some updates here, our error messages tell you what resources are preventing delete VNet.

      Further, we created a diagnostic in the support work flow (Azure Portal, support ticket creation: Virtual Network > Management > Cannot delete VNet) to tell you exactly what resources are preventing delete, too!

      Hope this helps, let us know your feedback

      https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-troubleshoot-cannot-delete-vnet

      - Anavi N [MSFT]

    5. To improve portal user experience for Application Gateway configuration

      Application Gateway is a combination of backend pool, backend HTTP settings, listeners, custom probes and rules. Most of the time, to make changes, it is necessary to update more than one of the above mentioned settings (pool, HTTP setting, listeners, rules). Each settings are placed on different UI blades and takes nearly 3 - 10 mins to make single setting change getting reflected.

      Feedback: Make a Wizard kind of interaction that will enable to specify all desired setting changes at once, then let apply these changes in a single shot behind the scenes.

      12 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    6. Allow multiple hostnames in the same Listener Application Gateway

      Sometimes we share differents hostnames with the same web site.
      Currently, this means that we have to deploy differents listeners in order to provide access to the same backend pool.

      With a 20 listeners limit this solution is a bit expensive...

      Would it be possible to add multiple hostnames/sitenames to listener?

      Thanks in advance

      79 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      6 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    7. On Azure portal,under Load balancer the statement of floating IP should be updated.

      Recently i took a case ,customer complained this .On Azure portal,under Load balancer the statement of floating IP "says 'We recommend using this feature only when configuring a SQL Always" needs to be updated.
      The statement needs to be updated as follows :
      We recommend using this feature only when configuring a SQL AlwaysOn Availability Group Listener and SQL Failover Clustered Instance (FCI) IP Address.

      The current statement appears to be old and was true before we started supporting SQL FCI on Azure. You can see the details here
      https://docs.microsoft.com/en-us/azure/virtual-machines/windows/sql/virtual-machines-windows-portal-sql-create-failover-cluster

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
    8. Microsoft maintained UDR for MS services

      MS maintained UDR or firewall rule that enables traffic for MS services to allow outbound traffic from a host in a DMZ. Outbound traffic to all of 443 from a DMZ host to enable backups is a bad design - and using the MS provided IP List includes ALL services including other customers IAS servers - as an attacker all they would need to do to exfil data is to setup an azure host to send it to. It would be better enable outbound traffic for specific services such as backup and have MS maintain a list of that IPs…

      6 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  Network Security Groups  ·  Flag idea as inappropriate…  ·  Admin →
    9. Ability to limit access only to the specific storage account

      VNet Service Endpoint achieves secure access to storage from virtual network, but there is still a risk that someone might leak our sensitive data to his/her own storage account.
      To make sure our data is stored in our storage account, we really need the ability to limit access to the specific approved storage account.

      19 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    10. Add more metrics to better analyse capacity, firewall violations, etc

      Analysis via Log Analytics is useful, but it'd be nice to have some predefined reports or "blades" in Azure Portal to analyse events, throughput, capacity/utilization.

      18 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      started  ·  0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    11. implement Service tags for UDR/Route

      Can be good when we create a Route/UDR to have the possibility to select in "Next Hop Type" a service Tag, or Azure Region IP range.

      249 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      14 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    12. Please give feature SSL certificate setup in Azure Load balancer and/or static public IP in application Gateway instead dynamic IP.

      Please give feature SSL certificate setup in Azure Load balancer and/or static public IP in application Gateway instead dynamic IP.

      41 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      4 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    13. Increase listener limit for Application Gateway

      Application gateway has a very low listener limit (20 listeners / certificates). This severely limits it's usefulness for multi-tenant/domain applications where a web farm / service hosts many endpoints. IIS itself has no such small limit, but due to constraints on certificate deployment in cloud services, Application Gateway is the only clear path to wide scale SNI based SSL hosting. With it's low limit, it does not come close to meeting our use case. I would suggest the limit be removed or set to a very high limit like 10k+ so many certificates could be bound to host many different…

      426 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      24 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    14. Provide API to access CDN Supplemental Management Portal

      API is needed to add new rules (e.g. Country Filtering, Token Auth, etc.) for newly added content.

      Use case: User adds new video content in CMS where he is able to block this video in some regions.

      60 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      7 comments  ·  Content Delivery Network  ·  Flag idea as inappropriate…  ·  Admin →
      started  ·  Anton Kucer [MSFT] responded

      Work has started on both moving capabilities that are only available in the CDN Supplemental Portal (e.g. rules engine) into the Azure Portal and also providing API’s to support all of these features. This work will be done in multiple phases over the next several months.

    15. Network Watcher Topology should get information for resources in different resource group than VNET

      The preview of Network Watcher has a Topology feature which draws objects connected to a specific VNET, which is great. But, I noted that for a full topology, ALL resources need to be on the same Resource Group than the VNET chosen. That doesn't make sense, because is pretty common to have VMs and NICs on different RGs. Would be great if you choose a RG and a VNET as a starting point, and Topology feature gather all other resources interconnected independently of their RGs.

      108 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      11 comments  ·  Network Watcher  ·  Flag idea as inappropriate…  ·  Admin →
    16. Monitoring of ExpressRoute

      I want to be alerted, when my metered ExpressRoute is reaching a certain limit (that it is cheaper for me to go with unlimited model).
      Overall no monitoring supported to verify if peering is up, how much inbound and outbound traffic is going through the ExpressRoute/Virtual Network Gateway.
      The ExpressRoute is critical and therefore its state needs to be monitored.

      80 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      started  ·  7 comments  ·  ExpressRoute  ·  Flag idea as inappropriate…  ·  Admin →
    17. Point-to-site VPN authentication support for Azure AD

      Instead of only requiring on a certificate for authentication in Azure VPN Point-to-site solutions, it would be nice if the Azure networking team would consider adding support for username (UPN) and password that is authenticated against either Azure AD or ADFS.

      290 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      12 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    18. Support CIDR in Point to Site Networking (RFC1918 bug)

      Azure forces clients to have a class A default route when using 10.x.x.x as their internal network. This should reflect the subnet mask illustrated in the portal

      More information:

      http://serverfault.com/q/818383/51457

      7 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    19. Azure Secure DNS for protection against malware and other unwanted content

      Create a Secure DNS service that can be used by Enterprise DNS servers and report and block suspect activity from clients. The solution should be based in Microsoft Azure, but should also be integrated with either Microsoft OMS og Windows ATP service.

      All log files collected from Enterprise DNS servers should be forwarded to the Azure Secure DNS service (https://blogs.technet.microsoft.com/teamdhcp/2015/11/23/network-forensics-with-windows-dns-analytical-logging/)

      Examples:
      http://www.computerworld.com/article/2872700/6-dns-services-protect-against-malware-and-other-unwanted-content.html

      17 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →
    20. Insight in Azure application gateway performance

      Currently there is no way to view usage statistics of the Azure application gateway. Information I would like to see:


      • Per hour performance statistics (e.g. nr of connections, bandwith, CPU usage, etc.)

      • Advice on number of required instances based on metrics from last few days with recommendations to increase or decrease the number of instances

      Regards,

      Jan-Willem

      185 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      4 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    • Don't see your idea?

    Feedback and Knowledge Base