Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more here.

Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details

  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details

  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details

  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Support IP address in Backend Pool (Azure Load Balancer)

      Currently you can only include VMs or VMSS within an Azure Load Balancer Backend Pool.

      If we could choose an IP Address we would be able to load balance other resources hosted in Azure as well.

      Our use case:
      Load balance DNS queries (over udp-53) to Azure Container Groups (private IP).

      40 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      3 comments  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
    2. Global Anycast Load Balancer

      Enable Load Balancer to serve multiple regions via a single global IP using anycast. GCP does this today. In Azure, you must use Traffic Manager and manually configure for the same effect. Also TM doesn't validate HTTPS while LB can.

      44 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      4 comments  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
    3. Load Balancer and Public IP SKU.

      There must be an option of Upgrading Public IP SKU from Basic to Standard without losing Static PIP as it is a creating a big road block when we do any planning like moving existing PIP behind any NVA Standard Load balancer.
      If any existing Production Server are already running on Basic PIP then it is very tough to make any decisions to upgrade SKU or move it behind any Standard ELB.

      Need suggestion here how and till what time we can overcome here.

      1,639 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      81 comments  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
    4. Support for multiple nics with ipv6

      Currently there is no support for ipv6 when the machine has multiple NICs. This blocks the need to have an ipv6 loadbalancer.

      26 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  IPv6  ·  Flag idea as inappropriate…  ·  Admin →
    5. Add Service Tags to Route Tables/UDR

      Include the ability to add Service Tags to UDRs. We have experienced that while many times services require NSGs to be open for a Service, many users have a default route in the Route Tables to push traffic through network virtual appliances. To circumvent having to put an entire datacenter range IP on UDRs to get services to work, there should be Service Tags in the UDR destination field in order to be able to add specific services the ability to talk to VNET-joined services. A good example of this is API Management. While the team does not support a…

      76 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    6. IPv6 should be default

      It's 2019. Globally routable IPv6 should be on by default, not some sort of advanced command-line only kludge requiring twiddling with load balancers and NAT the way it is now on Azure. See linode for simple and effective.

      38 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  IPv6  ·  Flag idea as inappropriate…  ·  Admin →
    7. Provide an IP and URL address service, like Office 365, to replace the XML download process.

      Provide an IP and URL address service like Office 365 to replace the XML download process for Azure Datacenter IP address ranges.

      For example - Office 365 Link: https://docs.microsoft.com/en-us/office365/enterprise/office-365-ip-web-service

      3 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  IP addresses  ·  Flag idea as inappropriate…  ·  Admin →
    8. application gateway monitor

      Application Gateways need more troubleshooting tools. The healthy/unhealthy logging is almost useless. We need to be able to initiate a ping/netcat from the AppGw to a host to verify connectivity. We also need to be able to see the DNS cache or see a log correlating incoming requests with outgoing requests by hostnames and IP addresses,

      37 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      3 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    9. Enable OWASP secure headers on Azure FrontDoor service

      Requesting Front Door be supporting OWASP secure headers (https://www.owasp.org/index.php/OWASP_Secure_Headers_Project#tab=Headers)?
      Currently, our POC website using Azure FrontDoor fails many OWASP header tests, especially when Front Door would claim to protect against few OWASP attacks.
      Appreciate that these be on the FrontDoor roadmap in very near future.

      OWASP HTTP Secure Headers

      HTTP Strict Transport Security (HSTS)
      Public Key Pinning Extension for HTTP (HPKP)
      X-Frame-Options
      X-XSS-Protection
      X-Content-Type-Options
      Content-Security-Policy
      X-Permitted-Cross-Domain-Policies
      Referrer-Policy
      Expect-CT
      Feature-Policy

      286 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      started  ·  7 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    10. Expand vendor support for Azure virtual network TAP

      Allow Azure virtual network TAP to send collected data to a VM running Suricata, Snort, riverbed etc, not only the current list of vendors.

      15 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      started  ·  1 comment  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    11. 1 vote
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    12. Make TrafficManager more robust when there's a major outage

      We configured the TrafficManager to either point to deployement1 or deployment2, which live in different locations, depending on which is in the "prod" role (machines are allocated) or the "backup" role (machines are deallocated). Using the TrafficManager is attractive because the customer doesn't need to make any changes on their end; if we need to revise the TrafficManager to point to the other deployment, it's simple and straightforward to allocate the machines and run a few lines of PS code. However, during the recent extended outage in the South Central US, after allocating the backup machines, when we tried to…

      2 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →
    13. Traffic Manager Probe Success and Failure Logs

      Currently in the metrics for Traffic Manager, you cannot see a history of when probes passed or failed. You can only see an average of the probes over a period of time.

      Seeing the logs of when probes succeeded and failed for each endpoint could be helpful for troubleshooting. Particularly when you think a failover should have occurred, but it did not.

      8 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      started  ·  0 comments  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →
    14. Redirect to HTTPS

      Allow HTTPS only configuration to responds with 'redirect to HTTPS' when HTTP request is received. This will be very useful for the new static website storage accounts. Especially, when the wider premium 3rd party CDN is not needed.

      606 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      26 comments  ·  Content Delivery Network  ·  Flag idea as inappropriate…  ·  Admin →
    15. Add additional IP Protocols ls for NSG Rules

      Add the ability to add additional IP Protocols (i.e. ICMP, EIGRP, so forth) to an NSG rule. The only option today is TCP, UDP, or "". Currently to allow ICMP you have to allow any protocol "" and any port "*" in the rule instead of simply adding a rule for ICMP specifically. This inhibits the ability to meet security controls for isolation required in NIST SP800-53.

      52 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      4 comments  ·  Network Security Groups  ·  Flag idea as inappropriate…  ·  Admin →
    16. standardize azure cdn offerings

      Currently I know that Azure provides CDNs from different vendors on the standard layer. There are three types of CDNs, as follows:

      S1 standard Verizon
      S2 standard Akamai
      S3 Standard Microsoft (Preview)

      Each offers different functions
      Https://docs.microsoft.com/en-us/azure/cdn/cdn-features

      But at the moment, our test has the best effect in the target area of ​​our products with Akamai's CDN effect, but
      Akamai does not support custom domain HTTPS features
      Microsoft does not support cache rules
      Verizon has all the above features, but the CDN effect is the least desirable in the target area of ​​our products.

      I am interested to know if…

      11 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Content Delivery Network  ·  Flag idea as inappropriate…  ·  Admin →
      started  ·  Anton Kucer [MSFT] responded

      We are targeting to have parity across all standard SKU’s. Cache rules for Microsoft and HTTPS Custom Domain support are all targeted to be available later this year.

    17. improve application gateway rule description documentation

      When you will improve the documentation to include better descriptions at the rules? Having a rule with a description Rule 981312 doesn't help to know what it does! Enabling all rules have a huge impact on WAF performance and we need to know what exactly each rule does in order to fine tune it.

      3 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    18. More frequent NSG Flow log rollover, and consumption into Traffic Analysis

      It would be useful to have NSG flow logs consumed by Traffic Analysis more frequently than every hour (ever minute would be great!).

      Currently the delay is too long to be useful for real-time troubleshooting, and useful only for analysis retrospectively.

      13 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      started  ·  1 comment  ·  Network Watcher  ·  Flag idea as inappropriate…  ·  Admin →
    19. Use Public IP address with custom DNS label on existing Application Gateway

      The Application Gateway does not allow to get a public IP address assigned, for which the DNS label has been set.
      Error Message: "You can't choose a public IP address that has a domain name label specified."

      When using certificates that are registered on specific CNAMEs, you should be able to set the DNS label of the public IP address of the Application Gateway to match the CNAME.

      5 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    20. Application gateway should have the capability to store certificate in Azure Key Vault

      Currently Application gateway does not store certificate in Azure Key Vault. We believe that Application gateway should have the capability to do that. This will give customer more control over their certificate than saving it in Microsofts encrypted storage.

      68 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      3 comments  ·  Flag idea as inappropriate…  ·  Admin →
    ← Previous 1 3
    • Don't see your idea?

    Feedback and Knowledge Base