Networking
The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.
Virtual Network:
Traffic Manager:
Network Watcher:
If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.
-
Azure Secure DNS for protection against malware and other unwanted content
Create a Secure DNS service that can be used by Enterprise DNS servers and report and block suspect activity from clients. The solution should be based in Microsoft Azure, but should also be integrated with either Microsoft OMS og Windows ATP service.
All log files collected from Enterprise DNS servers should be forwarded to the Azure Secure DNS service (https://blogs.technet.microsoft.com/teamdhcp/2015/11/23/network-forensics-with-windows-dns-analytical-logging/)
16 votesWe’re working with a number of leading DNS firewall providers to provide this functionality. We have two in the marketplace now, ThreatSTOP and InfoBLOX.
-
Insight in Azure application gateway performance
Currently there is no way to view usage statistics of the Azure application gateway. Information I would like to see:
* Per hour performance statistics (e.g. nr of connections, bandwith, CPU usage, etc.)
* Advice on number of required instances based on metrics from last few days with recommendations to increase or decrease the number of instancesRegards,
Jan-Willem
166 votesThank you for all the votes and feedback. We have started work on this and the capability will be supported soon. If you would like to get in touch with us to discuss your scenarios, please fill this form: https://aka.ms/ApplicationGatewayCohort
-
Automatically add Web hosting plan services to virtual network
I pretty much want to keep storage, SQL database, web app, VMs, and any other service I use within a private network to keep granular control of which services can connect to other services. The "open to all" connection strings to all services is a hard sell to any organization used to securing their IT behind firewalls and networks of networks. Where are you on this today? It must be considered a less secure since these connection strings always tend to leak..
10 votesService endpoints for Storage and SQL are available in preview and we have more work in progress for webapps integration.
-
Allow ACL on Application Gateway for IP filtering via X-FORWARDED-FOR header
We have requirements from customers to restrict access via their company subnets. It would be very nice if the App Gateway supported not only the SSL offload but the ability to apply ACLs to allow or deny access via a defined network range using X-FORWARDED-FOR headers.
101 votes -
Support URL rewriting with Application Gateway
PathBasedRouting is nice, but not super great without the ability to rewrite paths. I am trying to front a Service Fabric cluster, where multiple HTTP services live on http://+:80, at different path prefixes. Would be nice to use Application Gateway to direct https://api.company.com to http://cluster/api, and https://www.company.com to http://cluster/www
1,121 votesThank you for all the votes and feedback. We have started work on this and the capability will be supported soon. If you would like to get in touch with us to discuss your scenarios, please fill this form: https://aka.ms/ApplicationGatewayCohort
-
Azure Internal Endpoints to Vnet
Please provide Azure Services with an Internal Endpoint (a least Azure Storage and Azure Backup) to build up machines without Internet Connection.
47 votesStorage service tags gives this capability and it was Completed. Private IP for storage is under review.
-
Add more endpoints outside of EU
https://azure.microsoft.com/en-us/documentation/articles/cdn-pop-locations/
Open CDN map- and you will find that for MOST geographical regions- CDN is irrelevant. For exUSSR region closest CDN is in Poland but latency just on a few millisecond less than directly from WE region. For MEA region- the same...13 votesWork is ongoing to provide POPs in additional Geographical regions. In November POP’s were added in India and South America. Additional POP’s in South America and in Oman will be added in the next few months. We also announced last year a partnership with Akamai which will allow us later this year to provide access to the entire Akamai network. Akamai has POP’s in over 110 countries. The following link from Akamai will help us see the level of coverage that they have today: http://wwwnui.akamai.com/gnet/globe/index.html
-
Enable Multiple IP addresses for Azure Application Gateway
Azure Application Gateway is a nice Service for Load Balancing Layer 7 HTTP and HTTPS traffic. Today, we can only attribute one IP address (Public or Private) to the Application Gateway Deployment. It is fundamental that a Load Balancer can support multiple IP addresses to provide flexibility (Based on many customers feedback)
310 votesSupport for both public and private IP at the same time is available on both V1 and V2 SKU. Customers can host multiple sites behind the same IP and port using multi-site listener today.
Support for allowing same port on both public and private IP is in the roadmap.
-
Make all services available with IPv6 addresses.
IPv4 addresses are running out and Azure has had a lot of problems with this, resolved by buying IPv4 address pools at a significant cost.
Some users and cloud deployments only require connectivity with on premises networks (either IPv4 or IPv6, not both).
Make IPv6 available for all services and allow the option of choosing what type of addresses are required (IPv4+IPv6 or IPv6 only).
Also, consider:
● Giving each cloud service a /60 (or bigger) instead of a /64;
● Making IPv6 addresses static, since pool depletion is no longer an issue.49 votes -
Provide a rest api to access the list of Azure IP Addresses
Please provide an api that will us to gather the full list of azure ip addresses, the ones added in the last week, and the ones deleted in the last week. This would be used to automate the weekly changes we need to make to accommodate these changes.
41 votesHi Brian, we have this functionality through the Discovery API, you can find more information here: https://azure.microsoft.com/en-us/updates/service-tag-discovery-api-in-preview/
— Anavi N [MSFT]
-
Please add port-mirroring to Azure to enable DLP and logging applications
We would like a virtual span port or port-mirroring ability
368 votes -
Allow custom DNS search domain for virtual networks
Thanks for recently adding the ability to specify custom DNS servers for virtual networks.
I assume this is implemented with DHCP.
We are unfortunately not able to rely on this feature yet because we also set a custom DNS domain search.
This can be done with DHCP option 119, and this is how we have our non-Azure LAN configured.13 votesAzure DNS support for private zones is now in limited preview and custom DNS suffix will be part of that. See http://aka.ms/azureprivatedns for details of the feature.
-
Provide multi-factor authentication capabilities in VPN client
The ask is pretty self-explanatory.
We want to host sensitive data in Azure VMs and enable connectivity only via P2S VPN.
Today, the VPN client only requires having the cert to gain access the Azure Network. As the cert can easily end up in the hands of someone who shouldn't have access to it...it's not very secure.
For MFA, integration with PhoneFactor would be cool. At a minimum, the VPN client should require a username/password in addition to requiring the cert.
260 votesWe are working on giving more control over authentication within Point-to-Site connectivity to Azure.
Thanks,
Bridget [MSFT] -
Support IPv6 Throughout the Azure Platform
IPv6 has been a standard for years and ISPs are starting to roll out native IPv6 stacks to consumers. The time is now to support IPv6.
1,583 votesIPv6 in Azure VNET is currently previewing globally- in ALL Azure Public cloud regions.
Announcement (Service Update): https://azure.microsoft.com/en-us/updates/public-preview-microsoft-adds-full-ipv6-support-for-azure-vnets/
Links to Documentation & Samples
Full documentation including sample scripts is available here: https://aka.ms/IPv6ForAzureVNETdocA sample JSON template is posted in the quickstart repository: https://azure.microsoft.com/en-us/resources/templates/ipv6-in-vnet/
-
Allow IPv6 VIPs - Charge for *blocks of* IPv6 addreses
It would be nice if we could purchase elastic IPv6 blocks of IPs, then when setting up an endpoint for a VM we could select the specific IP from the block for the endpoint.
50 votesWe have Public IP Prefix – you can reserve a block of IPv4 addresses.
https://azure.microsoft.com/en-us/updates/public-ip-prefix-general-availability/
- Anavi N [MSFT]
- Don't see your idea?