Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details

  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details

  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details

  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Ability to set a TTL value to Automatic

      I've never seen this option in a DNS service but I always thought it would be cool to have an automatic TTL setting that would work like this:

      Whenever I change a record, if I had the TTL on Auto then it would lower the TTL to something like 5 minutes. Then each week after it would double it until it was finally up to some max value (it would be nice also if I could optionally specify the max value).

      The scenario I have for this are cases like domain name transfers, or any time I'm setting up some…

      4 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →
    2. Validate YAMAHA RTX830 and RTX1210 for Azure VPN Gateway

      YAMAHA RTX router series ( https://network.yamaha.com/products/routers )
      are not validated as VPN devices:
      https://docs.microsoft.com/ja-jp/azure/vpn-gateway/vpn-gateway-about-vpn-devices

      Nevertheless I or some Japanese are struggling to connect Azure VPN Gateway with YAMAHA RTX routers.
      we are able to have connection but there are some troubles reported on blogs.
      We need to verification.

      At kakaku.com(the most popular Bestbuy ranking site in Japan),
      YAMAHA RTX830 and RTX1210 are the top 2 selling products nowadays.
      Previous models are also popular for a couple of decades in Japan.
      I think the verification will have huge impact in Japan to support VPN Gateway at SOHO environments.

      4 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      Folks,

      Thanks for reaching out to us regarding the VPN device issues. In general, our team needs to work with the VPN device vendor, in this case, Yamaha, to validate their VPN devices connecting to Azure VPN gateways.

      To get things started, we will need someone from Yamaha to contact us, either via Microsoft Japan if that’s easier, or open an issue on the page directly. Once we establish the contact, we can proceed to work with Yamaha to validate their VPN devices.

      Thanks,
      Yushun [MSFT]

    3. IP and domain restrictions - add posibility to configure it in Portal

      Instead of configuring IP and domain access restrictions in web.config like described here: http://azure.microsoft.com/blog/2013/12/09/ip-and-domain-restrictions-for-windows-azure-web-sites/ , it would be nice to add posibility to set restrictions somewhere in Portal.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    4. Alerts triggered from a URL RegEx

      It would be great if we could register alerts to trigger from a URL hit or number of hits / second.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      under review  ·  1 comment  ·  Content Delivery Network  ·  Flag idea as inappropriate…  ·  Admin →
    5. VNet peering circular dependency reference due to cross 'dependsOn' between the two VNets

      When a peering is set up between two vNets, VNET1 and VNET2, there would be two 'dependsOn' properties in the template generated from the Automation script blade of the resource group. VNET1 would depend on VNET2, and VNET2 would depend on VNET1. This causes a circular dependency error and the deployment of the template would fail. If you manually remove the two 'dependsON' properties, the deployment would succeed with the same result. I think that this should be fixed, I found this suggestion in this post : https://techcommunity.microsoft.com/t5/Azure/Does-vNet-peering-cause-a-circular-dependency-error-in/m-p/369823#M3963

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      under review  ·  0 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    6. Allow to add multiple Service Tags to NSG rule

      Allow to add multiple Service Tags to NSG rule. Right now we can add multiple subnets, ranges, IPs and ports, Great idea would be to add also multiple service tags to source/destination as now we create multiple rules for one host to multiple service tags.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    7. 3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Azure Firewall  ·  Flag idea as inappropriate…  ·  Admin →
    8. Separate O365 IP addresses from regional Azure IP address ranges

      I have an ExpressRoute with Public, Private and MS Peering. Currently Office 365 services are routed via the Public peering.

      When I activate a BGP community via route filter for MS peering (in my case the community 12076:51009 for Azure Central US), any users accessing 365 services from the Azure Central US region lose all connectivity. This is because the O365 services (such as login.microsoftonline.com or portal.office.com) are served out of Azure datacentres and the ranges overlap.

      Office 365 services must be authorised over MS peering, and the process is unnecessarily complicated and opaque. Until I manage to get this…

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  ExpressRoute  ·  Flag idea as inappropriate…  ·  Admin →

      Office 365 utilizes the Microsoft global Azure datacenter presence to provide Office 365 relates services to customers across the world. We are working to ensure long-term that the IP addresses are properly allocated to a given service and will align them to ensure that they do not overlap.

      If there are any issues with the current setup where some traffic does traverse the ExpressRoute public peering path, please raise a support request and one of engineers can review.

      Jared [MSFT]
      PM, ExpressRoute

    9. Improved audit when NSG is removed/added to a subnet

      When an NSG is associated or removed from a subnet I only see "Microsoft.Network/virtualNetworks/subnets/write" in the audit log. It is not clear whether this is a NSG which has been removed or some other activity like additon or removal of a route table on the subnet. It would be useful to see what actually happened for auditing purposes.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Network Security Groups  ·  Flag idea as inappropriate…  ·  Admin →
    10. 3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  IPv6  ·  Flag idea as inappropriate…  ·  Admin →
    11. Dynamic routing within VNET

      I would like to have the option to dynamically route traffic within a subnet in Azure.
      Example: I have a two VMs acting as tunnel endpoints for 4G<->Network devices. These VMs are connecting to the same endpoints over Internet but use different technologies and have different connection availability. One is fast but unreliable, the other one slow but reliable. This setup is exported from my on premise VMware setup. But for this to work I have to be able to dynamically choose which VM I want to route traffic to, be it using Cisco route tracking or OSPF.

      I've set…

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    12. Add my client ip to allowed list in Inbound NSG

      Please, add "add client ip" button for inbound security rules like we have for sql azure

      Example why/when we need it: I'm it admin, all my deployment in azure(no site/point to site vpn). I want to have a full access to my azure resources for a next 1-2h. Now I can manually add this rule, but I will spend some time to clarify my current client ip. With this button it will be faster.

      Maybe it's sound like keys from kingdom and it's not secured, but I can do it manually anyway. Maybe you could create a temporary inbound rule…

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Network Security Groups  ·  Flag idea as inappropriate…  ·  Admin →
    13. Change idle timeout shorter than 4 minutes.

      We can use TCP idle timeout 4 minutes which is minimum value. My App must configure shorter than 4 minutes. E,g 5sec, 10sec. I strong hope we can change its value configure shorter than 4 minutes.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  IP addresses  ·  Flag idea as inappropriate…  ·  Admin →
    14. ACLs for restricting access to ClearDB

      I have a cheap titan cleardb database. I'd like to make it only accessible from within Azure and perhaps from a fixed set of whitelisted IPs.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Network Security Groups  ·  Flag idea as inappropriate…  ·  Admin →
    15. Ability to select multiple protocols for NSGs

      Simplify creating NSG rules by allowing selecting one or multiple protocols for a single rule.

      For instance, 3389 requires both UDP and TCP. Instead of creating two seperate rules, one could simply select both TCP and UDP in a single rule.

      2 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Network Security Groups  ·  Flag idea as inappropriate…  ·  Admin →
    16. Add activity alert feature for DNS record add/delete/modify

      Current activity alert for DNS zones available but not for records. Add activity alert feature for DNS record add/delete/modify also.

      2 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →
    17. GetBestNeigbhors for a given Source Azure Region

      GetBestNeighbors
      Input :

      AzureRegion SourceRegion : Source region , Frame of Reference
      AzureRegion[] Regions : List of regions which needs to be reached from Source Region

      Output : Ordered list of azure regions “best” reachable from SourceRegion

      Alternatively , Simpler version

      GetBestNeighbors
      Input :

      AzureRegion SourceRegion : Source region

      Output : Ordered list of all available azure regions “best” reachable from SourceRegion

      Alternatively ,Even more simpler version

      GetBestNeighbors
      Input :

      Output : Ordered list of all available azure regions “best” reachable from SourceRegion. This must be same as it would have been called from Source region as above.

      2 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Network Watcher  ·  Flag idea as inappropriate…  ·  Admin →
    18. Need ability to update NIC IP configurations for VMs that are stopped but not deallocated

      When attempting to update NIC IP configurations for Azure VMs that are stopped but not deallocated, the update request times out after a long time period and subsequent requests for changes to the VM's NIC configuration fail. Users should be able to make this type of change without a failure or a long time-out period.

      2 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    19. Disable deleting referenced record

      Understanding that this should be limited in scope to the current zone...

      Azure should block an attempt to delete a record (A/AAAA/CN) that is being referenced elsewhere in the zone (by a CNAME).

      for example:
      - A.myzone.com is A record for 1.2.3.4
      - B.myzone.com is CN record for A.myzone.com
      I should not be able to delete A.myzone.com until B no longer references it. (since i'm unsure how CN's work in relation to AAAA's, there may be some other/edge cases to consider as well)

      2 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →
    20. Alteração do DNS

      Sou cliente do Azure no Brasil e temos contrato máquinas virtuais localizadas no Sul do Brasil, porém no Mapa do caminho do DNS está indo para os EUA causando grandes problemas quando as empresas de internet estão com problemas de DNS e grande parte do tempo estão com problemas. Com isso, sugiro que quando contratamos um servidor no Brasil, que o DNS não tenha que sair do país de origem, uma vez que o servidor contratado também está no Brasil.

      2 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →
    • Don't see your idea?

    Feedback and Knowledge Base