Networking
The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.
Virtual Network:
Traffic Manager:
Network Watcher:
If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.
-
Provide explicit drain stop capabilities for Load Balancing.
Many on-prem systems rely on an ability to gracefully drain traffic from a node before removing it from load balancing for updates or maintenance. While there are workarounds today for the Azure Load Balancing infrastructure (http://serverfault.com/questions/686095/gracefully-take-a-server-out-of-azure-load-balancer-drain-stop) it's not as flexible as existing on-prem services. Please add this feature.
483 votesThank you for suggesting this. This is in feature backlog and we’re looking at this again now.
-
Support SNAT on internal Azure load Balancer
Currently it seems Azure Internal Load Balancer does not support Source NAT.
this mean that if 2 different services hosted on 2 different VM and the VM are on the same vnet the traffic is not load balanced if the ILB route the traffic to the same VM that start the request.
example:
Service A (exposed on port x) and B (exposed on port y) are hosted on VM 1 and VM2 on the same vnet.
Service A has VIP z and Service B has VIP m.
if service A is recalled via VIP z from VM 1 and ILB…235 votesThank you for the submission. We’re looking at supporting this as an option to enable.
-
HA Ports for Standard load balancers with Public IP
Current review of HA ports only supports Internal LB without any public IP attached. The majority of NVA deployments are with Public IP attached to the LB.
183 votesSupporting HA Ports for public Standard LB is planned. Will update with more info in the near future.
-
Increase Idle Timeout on Internal Load Balancers to 120 Mins
We use Azure Internal Load Balancers to front services which make use of direct port mappings for backend connections that are longer than the 30 min upper limit on the ILB. That is, our ILBs accept port connections on a nominated set of ports and pass those connections to the backend services running on the same ports.
We are experiencing dropped TCP connections from clients connecting to the backend services via the ILB. After investigating the issue in collaboration with the Azure Networking Team it was verified that altering the default OS TCP keep alive duration to below 30mins would…126 votes -
Azure Loadbalancer must delete unhealthy VM of Azure VMSS
I have create Azure VMSS behind Public Azure Std LB with HTTP based Health Probe. Azure Loadbalancer is working as per expectation. But If VM is unhealthy then it must be deleted or re-provisioned. So that machine can attain healthy state again.
98 votesSuggestion is valid and subject to upvote
-
Internal load balancer Log Analytics
Log analytics currently works only for Internet facing load balancers.
We need this very urgent for our Internal facing load balancers!87 votes -
Allow ICMP ping to VIP (Allow Ping inbound)
Vote for allowing UDP through the firewall. Such as ping inbound, because the ping are the minimal required for so much app.
46 votesThank you for suggesting this. This is in feature backlog and we’re looking at this again now for supporting ICMP ping to VIP.
-
HA Port feature should support stateless load balancing.
The objective is to support two types of scenarios
1. Active-Passive firewalls.
Currently if the active firewall fails the LB keeps sending the data to dead firewall and the existing TCP sessions times out causing the disruption/outage to the user traffic. However, if the LB simply diverts the traffic to the newly Active firewall without worrying about state, the disruption or outage to the user will not have to experience any termination, because normally most Active-Passive firewall implementation session states are shared between the pair. This will mean that there is no outage during Azure maintenance windows. This means no…45 votesthank you for the feedback. i’ve merged two separate suggestions under this one.
-
Standard Load Balancer should support using an "internal" IP address for probing the ports.
The Standard Load Balancer and HA ports are are recommended for load balancing firewall appliances. However, the Load Balancer probe uses a common IP address for internal and external load balancers. This means that only the internal or external ports can be load balanced, which means that a messy Zookeeper alternative must be built to monitor the firewall availability.
43 votesplease reach out to us to discuss further.
-
Allow Upgrade or Swap VIP also when number of endpoints has been changed
Or allow the external IP address to be fixed/allocated to the Hosted Service.
The scenario is that during the lifetime of the application you may need to modify the number of endpoints, and re-deploy the solution BUT KEEP PUBLIC IP.
The best would be if Swap VIP could handle this - to avoid downtime, but I am willing to have some downtime as long as Upgrade is supported. This is to avoid service unavailable during the time DNS CNAME records are updated.
41 votesThank you for suggesting this. This is in feature backlog and we’re looking at this again now for ARM IaaS VMs.
-
Active/Standby mode for a Backend Pool on a Load Balancer
You select one device to be active in the backend pool and another to be standby. If the primary fails then the secondary becomes active. This would work great with other vendors Firewall NVA appliances running in Active/Standby scenario.
40 votes -
Support for Sticky IP Load Balancing
Many applications still use non-persisted session-cookies to track user sessions -- default behavior in most web application servers. So it is not possible to use DNS round-robin load balancing without changing the application session management logic. This makes it more difficult to migrate to Azure.
Can you enable sticky IP load balancing for Azure VMs? You may get more application migrate to a azure without much re-engineering effort.
40 votesGood feedback. Something we are looking at.
-
allow custom host header for azure load balancer health probes
HTTP health probes for Azure load balancer are hard-coded to use the IP of backend as their host headers. This forces the backend hosts have to be configured to allow its IP as one of its allowed domain. It's very surprising that Azure doesn't custom host header for HTTP(s) health probes. Please add custom headers for HTTP(s) heath probes; at least, host header support should be there.
38 votesThanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature
-
Custom Destination on load balancer failure
It would be good if when the loadbalancer probe fails (It can't reach any page in a timely fashion) it could redirect to a failureURL. This way in the event that something is going wrong customers could still be given a brandend friendly error message or be assured we are working on it.
37 votesThank you for suggesting this. This is in feature backlog and we’re looking at this again now for Application Gateway. Not in the near term for Load Balancer.
-
Zero Downtime Deploys with Azure Load Balancer
Currently, Azure Load Balancer does not support any way to programatically mark a node unhealthy or otherwise remove it from the pool temporarily during maintenance. Meaning you have to accept errors to your end users while deploying. It'd be great to either allow a request from the node, or a secondary health check to mark a node as unhealthy without it actually sending errors back to the user.
26 votes -
VM scale set does not work with internal standard sku Azure load balancer backend pool
It would be great if allowing Selection of VMs within scale set for standard SKU Load balancer backend pool.
the feature does exist in Basic only , yet in Standard not. even though it is mentioned in the documentation it supports it. https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-standard-overview#why-use-standard-load-balancer
Currently, we can associate a public facing load balancer with VM scale set when creating a scale set on the Azure portal. But if we create an internal standard load balancer and a scale set separately. We could not select this scale set as backend pool.
26 votes -
TLS termination of TCP/TLS traffic
It would be useful for Azure Load Balancer to support TLS termination / offloading when using TCP/TLS traffic.
Application Gateway can do it for HTTPs traffic but there is no way to do it for other protocols based on TLS.
AWS can do it with the Network Load Balancer tier of AWS Elastic Load Balancing.25 votes -
Load Balancing on Linux servers - net.ipv4.tcp_tw_recycle & reuse settings
Currently you don't allow net.ipv4.tcp_tw_recycle, net.ipv4.tcp_tw_reuse and net.ipv4.tcp_tw_timestamps to be set to 1. You require them to be set to default 0. For our MapR performance improvements, we are required to set them to 1 - which prevents the wait time for the socket to become available and reuses existing.
It will be nice if you could allow us to use the Load Balancer even when we set the reuse and recycle flag to 1.
20 votesThank you for suggesting this. I have added this is to feature backlog and we need to investigate further if this can be addressed or how. Please follow current support guidance for now to set these kernel variables as follows:
net.ipv4.tcp_tw_recycle = 0
net.ipv4.tcp_tw_reuse = 0
net.ipv4.tcp_timestamps = 0 -
Active / passive load balancing without the dependency of the cluster service.
Active / passive load balancing without the dependency of the cluster service.
16 votesPlease describe in more detail what you are looking for and what the scenario is.
-
16 votes
thank you. this is already underway.
- Don't see your idea?