Networking
The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.
Virtual Network:
Traffic Manager:
Network Watcher:
If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.
-
Setting a probe port other than a service port in Application Gateway.
Currently, Probing port in Application Gateway is the same with a service port.
For example, if it configures HTTP(80) port as backend port, Probing port would be HTTP(80) port.In some application, it could not response correctly to HTTP/HTTPS probing by service port.
So it is better for us to set a probe port other than a service port like a probe port is 80 and service port is 8080.17 votes -
Automatically add Web hosting plan services to virtual network
I pretty much want to keep storage, SQL database, web app, VMs, and any other service I use within a private network to keep granular control of which services can connect to other services. The "open to all" connection strings to all services is a hard sell to any organization used to securing their IT behind firewalls and networks of networks. Where are you on this today? It must be considered a less secure since these connection strings always tend to leak..
10 votesService endpoints for Storage and SQL are available in preview and we have more work in progress for webapps integration.
-
Allow ACL on Application Gateway for IP filtering via X-FORWARDED-FOR header
We have requirements from customers to restrict access via their company subnets. It would be very nice if the App Gateway supported not only the SSL offload but the ability to apply ACLs to allow or deny access via a defined network range using X-FORWARDED-FOR headers.
124 votes -
Azure Internal Endpoints to Vnet
Please provide Azure Services with an Internal Endpoint (a least Azure Storage and Azure Backup) to build up machines without Internet Connection.
47 votesStorage service tags gives this capability and it was Completed. Private IP for storage is under review.
-
Add more endpoints outside of EU
https://azure.microsoft.com/en-us/documentation/articles/cdn-pop-locations/
Open CDN map- and you will find that for MOST geographical regions- CDN is irrelevant. For exUSSR region closest CDN is in Poland but latency just on a few millisecond less than directly from WE region. For MEA region- the same...16 votesWork is ongoing to provide POPs in additional Geographical regions. In November POP’s were added in India and South America. Additional POP’s in South America and in Oman will be added in the next few months. We also announced last year a partnership with Akamai which will allow us later this year to provide access to the entire Akamai network. Akamai has POP’s in over 110 countries. The following link from Akamai will help us see the level of coverage that they have today: http://wwwnui.akamai.com/gnet/globe/index.html
-
Enable Multiple IP addresses for Azure Application Gateway
Azure Application Gateway is a nice Service for Load Balancing Layer 7 HTTP and HTTPS traffic. Today, we can only attribute one IP address (Public or Private) to the Application Gateway Deployment. It is fundamental that a Load Balancer can support multiple IP addresses to provide flexibility (Based on many customers feedback)
372 votesSupport for both public and private IP at the same time is available on both V1 and V2 SKU. Customers can host multiple sites behind the same IP and port using multi-site listener today.
Support for allowing same port on both public and private IP is in the roadmap.
-
Make all services available with IPv6 addresses.
IPv4 addresses are running out and Azure has had a lot of problems with this, resolved by buying IPv4 address pools at a significant cost.
Some users and cloud deployments only require connectivity with on premises networks (either IPv4 or IPv6, not both).
Make IPv6 available for all services and allow the option of choosing what type of addresses are required (IPv4+IPv6 or IPv6 only).
Also, consider:
● Giving each cloud service a /60 (or bigger) instead of a /64;
● Making IPv6 addresses static, since pool depletion is no longer an issue.78 votes -
Provide a rest api to access the list of Azure IP Addresses
Please provide an api that will us to gather the full list of azure ip addresses, the ones added in the last week, and the ones deleted in the last week. This would be used to automate the weekly changes we need to make to accommodate these changes.
45 votesHi Brian, we have this functionality through the Discovery API, you can find more information here: https://azure.microsoft.com/en-us/updates/service-tag-discovery-api-in-preview/
— Anavi N [MSFT]
-
Please add port-mirroring to Azure to enable DLP and logging applications
We would like a virtual span port or port-mirroring ability
381 votes -
Allow custom DNS search domain for virtual networks
Thanks for recently adding the ability to specify custom DNS servers for virtual networks.
I assume this is implemented with DHCP.
We are unfortunately not able to rely on this feature yet because we also set a custom DNS domain search.
This can be done with DHCP option 119, and this is how we have our non-Azure LAN configured.16 votesAzure DNS support for private zones is now in limited preview and custom DNS suffix will be part of that. See http://aka.ms/azureprivatedns for details of the feature.
-
Provide multi-factor authentication capabilities in VPN client
The ask is pretty self-explanatory.
We want to host sensitive data in Azure VMs and enable connectivity only via P2S VPN.
Today, the VPN client only requires having the cert to gain access the Azure Network. As the cert can easily end up in the hands of someone who shouldn't have access to it...it's not very secure.
For MFA, integration with PhoneFactor would be cool. At a minimum, the VPN client should require a username/password in addition to requiring the cert.
306 votesWe are working on giving more control over authentication within Point-to-Site connectivity to Azure.
Thanks,
Bridget [MSFT] -
Allow IPv6 VIPs - Charge for *blocks of* IPv6 addreses
It would be nice if we could purchase elastic IPv6 blocks of IPs, then when setting up an endpoint for a VM we could select the specific IP from the block for the endpoint.
57 votesWe have Public IP Prefix – you can reserve a block of IPv4 addresses.
https://azure.microsoft.com/en-us/updates/public-ip-prefix-general-availability/
- Anavi N [MSFT]
- Don't see your idea?