Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details

  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details

  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details

  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Allow country specific characters in Azure DNS

      It seems that is is not possible to register domainnames within Azure DNS with sepecific country allowed characters, like ë of ü in Germany.

      2 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      under review  ·  1 comment  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →
    2. network security group

      the portal saying NSG updated succeed. But usually it may 1-2 mins until rule taking effect

      it will be better if the status are synchronized between NSG portal and VM VFP applying

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Network Security Groups  ·  Flag idea as inappropriate…  ·  Admin →
    3. Name display for next hop types

      "The name displayed and referenced for next hop types is different between the Azure portal and command-line tools, and the Azure Resource Manager and classic deployment models."

      This should be changed for intuition. I should be forced to remember multiple names for identical configurations. Azure already has unnecessarily given proprietary names for industry standards.

      Stop making your product unnecessarily difficult to use.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    4. CDN Forward HTTP Proxy

      Currently we are only serving static content through CDN, it would be nice to serve dynamic content with cookies etc, where CDN kind of acts as a Forward HTTP Proxy instead of CDN. Benefit will be of multiplexing HTTP traffic to single host.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  Content Delivery Network  ·  Flag idea as inappropriate…  ·  Admin →

      We need more details on what you are looking for regarding “multiplexing HTTP traffic to a single host” The CDN is built as a reverse proxy and can be used for both static and dynamic content. For dynamic content that you don’t want to be cached by the CDN you can either set the appropriate cache control header (e.g. max-age) or use the bypass cache capability in the rules engine in the Azure CDN Premium to control this for specific content. Long term we are working on enabling this capability also in Azure CDN Standard.

    5. add support of '--idle-timeout' for "az network lb rule update -g lwm2m6 --lb-name lblwm2m6 --idle-timeout 30 -n IPv6Tcp80_8080"

      Want to configure '--idle-timeout':

      az network lb rule update -g lwm2m6 --lb-name lblwm2m6 --idle-timeout 30 -n IPv6Tcp80_8080

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  IPv6  ·  Flag idea as inappropriate…  ·  Admin →
    6. Support OWASP Core Rule Set for Azure CDN

      Ability to use WAF with OWASP CRS, and turn on/off specific rules

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      under review  ·  0 comments  ·  Content Delivery Network  ·  Flag idea as inappropriate…  ·  Admin →
    7. Predefined Access Rules for Every Region

      Microsoft Azure should have predefined access rules for every region.
      For example, if someone wants to block traffic for every region except only one, should choose to allow for the specific one and add block rule for every other region.
      That would be good for DDos attacks.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Network Security Groups  ·  Flag idea as inappropriate…  ·  Admin →
    8. A ready for use CDN

      Give free a CDN that is ready for use, except for some parameters to be specified and the necessary files to be uploaded. Something like a template.
      The videos where experts give lectures are only for other experts to applaud. The majority of your prospective clients are businessmen, educators, etc., who do not want to become experts in IT and do not have the time.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Content Delivery Network  ·  Flag idea as inappropriate…  ·  Admin →

      What specific use case scenarios are you looking for this capability? For a # of end-to-end scenarios in Office 365 (e.g. Office 365 Video) we already enable CDN seamlessly without any user interaction needed or additional cost.

    9. NSG flow log in classic

      We can not use flow log in classic portal.
      I hope we will be able to use this feature in classic too.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      under review  ·  0 comments  ·  Network Security Groups  ·  Flag idea as inappropriate…  ·  Admin →
    10. Internal vNet endpoints for SQL Databases and Storage Devices to allow private accessible only via Expressroute Gateway

      To justify using Expressroute to "securely" extend the corporate LAN/WAN infrastructure to the cloud.

      Create Internal vNet Endpoints for SQL Databases and Storage Devices to allow private accessible only via Expressroute Gateway.

      Needed to secure sensitive PII, HIPAA, and Company Confidential Databases and storage devices

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    11. Need a 1 to 1 mapping between data centers and the IP range list

      Trying to use Azure Backup to German Northeast and North Central US.

      Would be nice if there was a one to one mapping between the regions displayed here: https://azure.microsoft.com/en-ca/global-infrastructure/regions/

      and what is listed here: https://www.microsoft.com/en-us/download/details.aspx?id=41653

      Having problems guessing which region to use for the for following locations:

      German Northeast - options:

                  <Region Name="europeeast">

      <Region Name="europenorth2">

      <Region Name="europenorth">

      North Central US: options:

                  <Region Name="uscentraleuap">

      <Region Name="uscentral">

      <Region Name="usnorth">

      <Region Name="uswestcentral">

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  IP addresses  ·  Flag idea as inappropriate…  ·  Admin →
    12. Why Can't Azure Manage my Wireless Network?

      As more and more applications and services make the migration from the desktop to the web, two issues are become important as ever. That is the content that we connect to and how we connect to this content.
      Microsoft has been an earlier adapter in identifying software as a service and migrating users from Microsoft Office to Office 365.
      However how users connect and how securely users connect is probably even more important.
      So my suggestion would be a additional service in Azure that would ensure that a users Internet connection is secure with Microsoft servers before a network administrator…

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      under review  ·  1 comment  ·  Flag idea as inappropriate…  ·  Admin →
    13. Classic to ARM VNet Migration - Recreate Site-to-Site connections

      I have recently migrated a classic virtual network with a Site-to-Site VPN connection to an ARM VNet using platform-supported migration.

      When the connection between the 2 networks was recreated under the ARM platform it defaulted to a VNet-to-VNet connection which meant a loss of connectivity between the 2 networks. I had to add create another LNG and recreate the connection as a Site-to-Site.

      Now I understand the benefits of VNet-to-VNet connections but I would like the platform-supported migration to respect the existing connection type and recreate this correctly.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      under review  ·  1 comment  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    14. Load balancer Probe Latest Status in Portal

      Is it too much to ask for a simple red/green light in the portal that has the latest status for the last probe attempt for each load balancer rule?

      This would save countless hours of debugging and it is a basic tool available from all firewall vendors.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
    15. Azure GUI BUG Network Security Group for Gateway

      Portal allowing to associating an NSG to a gateway subnet

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Network Security Groups  ·  Flag idea as inappropriate…  ·  Admin →
    16. Monitor container network traffic within a node

      I would like to see a solution for monitoring traffic between containers on the same node. I'm not sure if the Network Watcher product already does this or not - it wasn't specified.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  Network Watcher  ·  Flag idea as inappropriate…  ·  Admin →
    17. Let security group view show the order in which rules are processed

      The current security group view allows multiple ways to sort the security rules that show up. It would be most useful if there would be a way to sort the security rules in the effective way they would be processed, meaning:
      1. customer defined rules on the subnet
      2. default rules on the subnet
      3. customer defined rules on the NIC
      4. default rules on the NIC.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Network Watcher  ·  Flag idea as inappropriate…  ·  Admin →

      Thank you for the suggestion, we’ll consider adding this sort option. The current UI in Portal provides you with tabs to see the security rules applied on the Subnet and the NIC, as well as the default rules.

      Note, the rule processing order you provided only applies for inbound traffic. From https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-nsg :

      Inbound traffic

      1. NSG applied to subnet: If a subnet NSG has a matching rule to deny traffic, the packet will be dropped.

      2. NSG applied to NIC (Resource Manager) or VM (classic): If VM\NIC NSG has a matching rule to deny traffic, packet will be dropped at VM\NIC, although subnet NSG has a matching rule to allow traffic.

      Outbound traffic

      1. NSG applied to NIC (Resource Manager) or VM (classic): If VM\NIC NSG has a matching rule to deny traffic, the packet will be dropped.

      2. NSG applied to subnet: If…

    18. Add Standard set of Network Security Group Rules for Inbound and outbound traffic when creating new rules.

      I would like to see standard set of NSG rules for each new subscription that gets created for securing environment. for example SQL, SCCM, DMZ, App servers(Web servers), RDP etc. where we have ability to change the names according to our naming conventions and populate or have options to choose subnets, single VM.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Network Security Groups  ·  Flag idea as inappropriate…  ·  Admin →
    19. Add a column to list CIDR ranges currently in use.

      Add a column to list CIDR blocks assigned to each VNET in the Virtual Network Blade. This would provide a quick reference to not overlap CIDR ranges when using multiple VNETS.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    20. express route

      Not sure if this is possible today, but I would like to see an option for public peering to have more granularity on the list of BGP communities so we only advertise services that a customer owns. As far as I can see today, through Microsoft peering we will see all public IP in the selected Azure region including those belonging to Microsoft Azure public services, a customer public IP address and any other customer public IP in that region. That means that lot of traffic is routed through public peering. Wouldn't be better to route traffic through Internet to…

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  ExpressRoute  ·  Flag idea as inappropriate…  ·  Admin →
    • Don't see your idea?

    Feedback and Knowledge Base