Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details
  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details
  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details
  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Support IPv6 Throughout the Azure Platform

      IPv6 has been a standard for years and ISPs are starting to roll out native IPv6 stacks to consumers. The time is now to support IPv6.

      1,573 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      67 comments  ·  IPv6  ·  Flag idea as inappropriate…  ·  Admin →

      IPv6 in Azure VNET is currently previewing globally- in ALL Azure Public cloud regions.

      Announcement (Service Update): https://azure.microsoft.com/en-us/updates/public-preview-microsoft-adds-full-ipv6-support-for-azure-vnets/

      Links to Documentation & Samples
      Full documentation including sample scripts is available here: https://aka.ms/IPv6ForAzureVNETdoc

      A sample JSON template is posted in the quickstart repository: https://azure.microsoft.com/en-us/resources/templates/ipv6-in-vnet/

    2. Support URL rewriting with Application Gateway

      PathBasedRouting is nice, but not super great without the ability to rewrite paths. I am trying to front a Service Fabric cluster, where multiple HTTP services live on http://+:80, at different path prefixes. Would be nice to use Application Gateway to direct https://api.company.com to http://cluster/api, and https://www.company.com to http://cluster/www

      1,090 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      43 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    3. Application Gateway: Support wildcard hosts in listeners

      Our product creates dynamic DNS zones for our customers, e.g. foo.z1.contoso.com, bar.z2.contoso.com, etc. We use Azure DNS for this. (Notice that we stripe our customer's domains across multiple zones (z1, z2), because Azure DNS has a max record count of 5000.)

      So, to support this, we have a wildcard SSL certificate for each zone e.g. *.z1.contoso.com, *.z2.contoso.com.

      In order to have Application Gateway provide SSL termintation for us, we obviously need to create Multi-site listeners for port 443. Unfortuantely, the 'Host' field on the Multi-site listener does not accept wildcard entries. Furthermore, specifying the host name 'z1.contoso.com' does not appear…

      780 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      30 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    4. Redirect to HTTPS

      Allow HTTPS only configuration to responds with 'redirect to HTTPS' when HTTP request is received. This will be very useful for the new static website storage accounts. Especially, when the wider premium 3rd party CDN is not needed.

      450 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      25 comments  ·  Content Delivery Network  ·  Flag idea as inappropriate…  ·  Admin →
    5. Increase listener limit for Application Gateway

      Application gateway has a very low listener limit (20 listeners / certificates). This severely limits it's usefulness for multi-tenant/domain applications where a web farm / service hosts many endpoints. IIS itself has no such small limit, but due to constraints on certificate deployment in cloud services, Application Gateway is the only clear path to wide scale SNI based SSL hosting. With it's low limit, it does not come close to meeting our use case. I would suggest the limit be removed or set to a very high limit like 10k+ so many certificates could be bound to host many different…

      366 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      22 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      We have raised the limit to 100 recently. We are regularly reviewing the limits and will continue to look for opportunities to raise the limits even further. If you have scenarios requiring limits higher than what is supported, please add your scenario details here (if you are comfortable with that) or raise an issue with Azure support and we will get back to you.

    6. Please add port-mirroring to Azure to enable DLP and logging applications

      We would like a virtual span port or port-mirroring ability

      365 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      13 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    7. Enable Multiple IP addresses for Azure Application Gateway

      Azure Application Gateway is a nice Service for Load Balancing Layer 7 HTTP and HTTPS traffic. Today, we can only attribute one IP address (Public or Private) to the Application Gateway Deployment. It is fundamental that a Load Balancer can support multiple IP addresses to provide flexibility (Based on many customers feedback)

      301 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      10 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      Support for both public and private IP at the same time is available on both V1 and V2 SKU. Customers can host multiple sites behind the same IP and port using multi-site listener today.

      Support for allowing same port on both public and private IP is in the roadmap.

    8. Provide multi-factor authentication capabilities in VPN client

      The ask is pretty self-explanatory.

      We want to host sensitive data in Azure VMs and enable connectivity only via P2S VPN.

      Today, the VPN client only requires having the cert to gain access the Azure Network. As the cert can easily end up in the hands of someone who shouldn't have access to it...it's not very secure.

      For MFA, integration with PhoneFactor would be cool. At a minimum, the VPN client should require a username/password in addition to requiring the cert.

      254 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      14 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    9. Point-to-site VPN authentication support for Azure AD

      Instead of only requiring on a certificate for authentication in Azure VPN Point-to-site solutions, it would be nice if the Azure networking team would consider adding support for username (UPN) and password that is authenticated against either Azure AD or ADFS.

      215 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      5 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    10. Support wildcard hosts in custom hostnames

      Many of current SaaS applications enable customers to select it`s own subdomain in order do have a personalized url.

      So let's say I own contoso.com and I let my customers select any subdomain (*.contoso.com) like:

      foo.contoso.com
      bar.contoso.com

      That's cool with a couple customers but when you have a large system it's not doable setup one by one, even that you can automate that.

      The ideal solution would be allowing custom hostname field to bind a wildcard domain, in this example *.contoso.com

      There's a similar idea for Application Gateway that has been for a while (https://feedback.azure.com/forums/217313-networking/suggestions/19527121-application-gateway-support-wildcard-hosts-in-lis)

      Similar products on…

      195 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      started  ·  5 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    11. Allow configurable timeout period for Front Door

      Currently Front Door forces a 30 second timeout for backend requests. This can severely restrict the usefulness of the service in production systems. It would be great to have the timeout period configurable to allow for a longer period of time. My understanding is that the Azure Load Balancer, which sits in a similar space as Front Door, defaults to a 4 minute timeout period.

      173 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      started  ·  13 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    12. Enable OWASP secure headers on Azure FrontDoor service

      Requesting Front Door be supporting OWASP secure headers (https://www.owasp.org/index.php/OWASP_Secure_Headers_Project#tab=Headers)?
      Currently, our POC website using Azure FrontDoor fails many OWASP header tests, especially when Front Door would claim to protect against few OWASP attacks.
      Appreciate that these be on the FrontDoor roadmap in very near future.

      OWASP HTTP Secure Headers
      ------------------------------
      HTTP Strict Transport Security (HSTS)
      Public Key Pinning Extension for HTTP (HPKP)
      X-Frame-Options
      X-XSS-Protection
      X-Content-Type-Options
      Content-Security-Policy
      X-Permitted-Cross-Domain-Policies
      Referrer-Policy
      Expect-CT
      Feature-Policy

      165 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      started  ·  4 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    13. Enable split DNS for providing both public and internal name resolution to VMs in the VNET.

      Amazon Route 53 supports split-view DNS, so you can configure public and "PRIVATE" hosted zones to return different external and internal IP addresses for the same domain names.
      i think a similar capability can be very useful also in Azure

      150 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      5 comments  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →
    14. Insight in Azure application gateway performance

      Currently there is no way to view usage statistics of the Azure application gateway. Information I would like to see:

      * Per hour performance statistics (e.g. nr of connections, bandwith, CPU usage, etc.)
      * Advice on number of required instances based on metrics from last few days with recommendations to increase or decrease the number of instances

      Regards,

      Jan-Willem

      135 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      3 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    15. Allow ACL on Application Gateway for IP filtering via X-FORWARDED-FOR header

      We have requirements from customers to restrict access via their company subnets. It would be very nice if the App Gateway supported not only the SSL offload but the ability to apply ACLs to allow or deny access via a defined network range using X-FORWARDED-FOR headers.

      87 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      started  ·  9 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    16. Create private dns zone in virtual network which already has VMs

      Create private dns zone in virtual network which already has VMs. Currently, it's giving below error:

      `Virtual networks that are non-empty (have Virtual Machines or other resources) are not allowed during association with a private zone.`

      76 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      7 comments  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →
    17. Need a function to URL path rewriting in Application Gateway

      Currently, I know Azure Application Gateway has a function for redirection of URL path based.

      Now, I need a function for rewriting URL path during redirecting a request to backend server.

      For example, When Application Gateway received a HTTP request to http://www.contoso.com/test/*, it redirects the request as /images/* to backend server.

      In other words, I want to set a URL path for backend server in PathRuleConfig in Application Gateway.

      75 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    18. Allow paths in Application Gateway rules to be defined as regular expression

      Currently, Application Gateway rules support only path matches with a wildcard at the end of the string.

      For us it means to rework our routing strategy as the first part of our route is dynamic /<domain>/<controller> (eg. /sales/process). The controllers are shared among domains. Domains can be dynamically created, what disallow us to directly use the current feature to separate only 'process' controller to standalone backend pool.

      We would prefer to be able to define something like '/[a-z]]+/process.*' as a matching criterion.

      67 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      7 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    19. Configurable back-end health check aggressiveness

      Related thread:
      https://social.msdn.microsoft.com/Forums/en-US/75cfb536-71f6-4c88-ac80-ec693f3e6229/azure-front-door-healthcheck-frequency?forum=WAVirtualMachinesVirtualNetwork

      Behind my frontdoor are two "back-ends", each consists of a single web app.

      For each back-end I have configured a health check with interval of 120 seconds. My expectation was that this leads to roughly 30 requests per hour.

      In reality, my application insights shows 64000 requests in the past 24 hours, that's more than 40 requests per minute! A live traffic log confirms this: I see health check requests come in almost every second...

      With the current behavior there is hardly any correlation with the configured "Interval" setting.

      It would be great if there was an…

      66 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      started  ·  6 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    20. Provide option to change which TLS versions are supported

      Provide option to change which TLS versions are supported - similar to the Azure App Service. This will allow for use of Front Door with PCI compliant apps.

      64 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      started  ·  2 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    ← Previous 1 3
    • Don't see your idea?

    Feedback and Knowledge Base