Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details
  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details
  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details
  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. ACLs for restricting access to ClearDB

      I have a cheap titan cleardb database. I'd like to make it only accessible from within Azure and perhaps from a fixed set of whitelisted IPs.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Network Security Groups  ·  Flag idea as inappropriate…  ·  Admin →
    2. Microsoft.Network/virtualNetworkGateways provision so longgggggggggggggggggggggggggg

      Hi currently in our project we heavily using Azure Resource

      And with current implement we using ARM template and powershell to provisioning all kind of resource. So I notice that with normal resource it only take around few second to 2 or 3 minute to finish except

      Microsoft.Network/virtualNetworkGateways
      It sometime take up to 1 hour to provision and it is like a pain in my *** that I really don't know why. Can someone so me a way to reduce provision time for Microsoft.Network/virtualNetworkGateways or explain for me in detail way why it take so much time to provision?

      6 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    3. Add activity alert feature for DNS record add/delete/modify

      Current activity alert for DNS zones available but not for records. Add activity alert feature for DNS record add/delete/modify also.

      2 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →
    4. GetBestNeigbhors for a given Source Azure Region

      GetBestNeighbors
      Input :
      AzureRegion SourceRegion : Source region , Frame of Reference
      AzureRegion[] Regions : List of regions which needs to be reached from Source Region

      Output : Ordered list of azure regions “best” reachable from SourceRegion

      Alternatively , Simpler version

      GetBestNeighbors
      Input :
      AzureRegion SourceRegion : Source region

      Output : Ordered list of all available azure regions “best” reachable from SourceRegion

      Alternatively ,Even more simpler version

      GetBestNeighbors
      Input :

      Output : Ordered list of all available azure regions “best” reachable from SourceRegion. This must be same as it would have been called from Source region as above.

      2 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Network Watcher  ·  Flag idea as inappropriate…  ·  Admin →
    5. Need ability to update NIC IP configurations for VMs that are stopped but not deallocated

      When attempting to update NIC IP configurations for Azure VMs that are stopped but not deallocated, the update request times out after a long time period and subsequent requests for changes to the VM's NIC configuration fail. Users should be able to make this type of change without a failure or a long time-out period.

      2 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    6. Disable deleting referenced record

      Understanding that this should be limited in scope to the current zone...

      Azure should block an attempt to delete a record (A/AAAA/CN) that is being referenced elsewhere in the zone (by a CNAME).

      for example:
      - A.myzone.com is A record for 1.2.3.4
      - B.myzone.com is CN record for A.myzone.com
      I should not be able to delete A.myzone.com until B no longer references it. (since i'm unsure how CN's work in relation to AAAA's, there may be some other/edge cases to consider as well)

      2 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →
    7. Alteração do DNS

      Sou cliente do Azure no Brasil e temos contrato máquinas virtuais localizadas no Sul do Brasil, porém no Mapa do caminho do DNS está indo para os EUA causando grandes problemas quando as empresas de internet estão com problemas de DNS e grande parte do tempo estão com problemas. Com isso, sugiro que quando contratamos um servidor no Brasil, que o DNS não tenha que sair do país de origem, uma vez que o servidor contratado também está no Brasil.

      2 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →
    8. Allow country specific characters in Azure DNS

      It seems that is is not possible to register domainnames within Azure DNS with sepecific country allowed characters, like ë of ü in Germany.

      2 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      under review  ·  1 comment  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →
    9. network security group

      the portal saying NSG updated succeed. But usually it may 1-2 mins until rule taking effect

      it will be better if the status are synchronized between NSG portal and VM VFP applying

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Network Security Groups  ·  Flag idea as inappropriate…  ·  Admin →
    10. Name display for next hop types

      "The name displayed and referenced for next hop types is different between the Azure portal and command-line tools, and the Azure Resource Manager and classic deployment models."

      This should be changed for intuition. I should be forced to remember multiple names for identical configurations. Azure already has unnecessarily given proprietary names for industry standards.

      Stop making your product unnecessarily difficult to use.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    11. CDN Forward HTTP Proxy

      Currently we are only serving static content through CDN, it would be nice to serve dynamic content with cookies etc, where CDN kind of acts as a Forward HTTP Proxy instead of CDN. Benefit will be of multiplexing HTTP traffic to single host.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  Content Delivery Network  ·  Flag idea as inappropriate…  ·  Admin →

      We need more details on what you are looking for regarding “multiplexing HTTP traffic to a single host” The CDN is built as a reverse proxy and can be used for both static and dynamic content. For dynamic content that you don’t want to be cached by the CDN you can either set the appropriate cache control header (e.g. max-age) or use the bypass cache capability in the rules engine in the Azure CDN Premium to control this for specific content. Long term we are working on enabling this capability also in Azure CDN Standard.

    12. Wildcard mask support for NSG's

      It would be great if NSG's would support Wildcard masks to deny/permit traffic in a more granular way. The way most network vendors do it.
      This would make it much easier to permit and deny traffic based on a subnet scheme

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Network Security Groups  ·  Flag idea as inappropriate…  ·  Admin →
    13. effectiveNetworkSecurityGroups and effectiveRouteTable to have 'read' rather than 'action' t better integrate with Azure RBAC

      The 'Microsoft.Network/networkInterfaces/effectiveRouteTable/action' and 'Microsoft.Network/networkInterfaces/effectiveNetworkSecurityGroups/action' provider actions must rather end with a 'read' to better integrate with Azure RBAC. Customers have to write a new role definition for a reader to just be able to read effective NSG rules (while individual NSGs and NSG rules can be read by a reader). The fact that these two actions end with a 'action' makes a reader not have access to leverage this feature.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    14. add support of '--idle-timeout' for "az network lb rule update -g lwm2m6 --lb-name lblwm2m6 --idle-timeout 30 -n IPv6Tcp80_8080"

      Want to configure '--idle-timeout':

      az network lb rule update -g lwm2m6 --lb-name lblwm2m6 --idle-timeout 30 -n IPv6Tcp80_8080

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  IPv6  ·  Flag idea as inappropriate…  ·  Admin →
    15. Support OWASP Core Rule Set for Azure CDN

      Ability to use WAF with OWASP CRS, and turn on/off specific rules

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      under review  ·  0 comments  ·  Content Delivery Network  ·  Flag idea as inappropriate…  ·  Admin →
    16. Predefined Access Rules for Every Region

      Microsoft Azure should have predefined access rules for every region.
      For example, if someone wants to block traffic for every region except only one, should choose to allow for the specific one and add block rule for every other region.
      That would be good for DDos attacks.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Network Security Groups  ·  Flag idea as inappropriate…  ·  Admin →
    17. A ready for use CDN

      Give free a CDN that is ready for use, except for some parameters to be specified and the necessary files to be uploaded. Something like a template.
      The videos where experts give lectures are only for other experts to applaud. The majority of your prospective clients are businessmen, educators, etc., who do not want to become experts in IT and do not have the time.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Content Delivery Network  ·  Flag idea as inappropriate…  ·  Admin →

      What specific use case scenarios are you looking for this capability? For a # of end-to-end scenarios in Office 365 (e.g. Office 365 Video) we already enable CDN seamlessly without any user interaction needed or additional cost.

    18. NSG flow log in classic

      We can not use flow log in classic portal.
      I hope we will be able to use this feature in classic too.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      under review  ·  0 comments  ·  Network Security Groups  ·  Flag idea as inappropriate…  ·  Admin →
    19. Internal vNet endpoints for SQL Databases and Storage Devices to allow private accessible only via Expressroute Gateway

      To justify using Expressroute to "securely" extend the corporate LAN/WAN infrastructure to the cloud.

      Create Internal vNet Endpoints for SQL Databases and Storage Devices to allow private accessible only via Expressroute Gateway.

      Needed to secure sensitive PII, HIPAA, and Company Confidential Databases and storage devices

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    20. Need a 1 to 1 mapping between data centers and the IP range list

      Trying to use Azure Backup to German Northeast and North Central US.

      Would be nice if there was a one to one mapping between the regions displayed here: https://azure.microsoft.com/en-ca/global-infrastructure/regions/

      and what is listed here: https://www.microsoft.com/en-us/download/details.aspx?id=41653

      Having problems guessing which region to use for the for following locations:

      German Northeast - options:

      <Region Name="europeeast">

      <Region Name="europenorth2">

      <Region Name="europenorth">

      North Central US: options:

      <Region Name="uscentraleuap">

      <Region Name="uscentral">

      <Region Name="usnorth">

      <Region Name="uswestcentral">

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  IP addresses  ·  Flag idea as inappropriate…  ·  Admin →
    • Don't see your idea?

    Feedback and Knowledge Base