Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details
  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details
  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details
  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Provide option to change which TLS versions are supported

      Provide option to change which TLS versions are supported - similar to the Azure App Service. This will allow for use of Front Door with PCI compliant apps.

      54 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      started  ·  2 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    2. Provide API to access CDN Supplemental Management Portal

      API is needed to add new rules (e.g. Country Filtering, Token Auth, etc.) for newly added content.

      Use case: User adds new video content in CMS where he is able to block this video in some regions.

      51 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      6 comments  ·  Content Delivery Network  ·  Flag idea as inappropriate…  ·  Admin →
      started  ·  Anton Kucer [MSFT] responded

      Work has started on both moving capabilities that are only available in the CDN Supplemental Portal (e.g. rules engine) into the Azure Portal and also providing API’s to support all of these features. This work will be done in multiple phases over the next several months.

    3. Allow IPv6 VIPs - Charge for *blocks of* IPv6 addreses

      It would be nice if we could purchase elastic IPv6 blocks of IPs, then when setting up an endpoint for a VM we could select the specific IP from the block for the endpoint.

      50 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  IPv6  ·  Flag idea as inappropriate…  ·  Admin →
    4. Make all services available with IPv6 addresses.

      IPv4 addresses are running out and Azure has had a lot of problems with this, resolved by buying IPv4 address pools at a significant cost.
      Some users and cloud deployments only require connectivity with on premises networks (either IPv4 or IPv6, not both).
      Make IPv6 available for all services and allow the option of choosing what type of addresses are required (IPv4+IPv6 or IPv6 only).
      Also, consider:
      ● Giving each cloud service a /60 (or bigger) instead of a /64;
      ● Making IPv6 addresses static, since pool depletion is no longer an issue.

      49 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  IPv6  ·  Flag idea as inappropriate…  ·  Admin →
    5. Allow multiple hostnames in the same Listener Application Gateway

      Sometimes we share differents hostnames with the same web site.
      Currently, this means that we have to deploy differents listeners in order to provide access to the same backend pool.

      With a 20 listeners limit this solution is a bit expensive...

      Would it be possible to add multiple hostnames/sitenames to listener?

      Thanks in advance

      48 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      3 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    6. Azure Internal Endpoints to Vnet

      Please provide Azure Services with an Internal Endpoint (a least Azure Storage and Azure Backup) to build up machines without Internet Connection.

      47 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      3 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    7. Add additional IP Protocols ls for NSG Rules

      Add the ability to add additional IP Protocols (i.e. ICMP, EIGRP, so forth) to an NSG rule. The only option today is TCP, UDP, or "*". Currently to allow ICMP you have to allow any protocol "*" and any port "*" in the rule instead of simply adding a rule for ICMP specifically. This inhibits the ability to meet security controls for isolation required in NIST SP800-53.

      42 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      4 comments  ·  Network Security Groups  ·  Flag idea as inappropriate…  ·  Admin →
    8. Please give feature SSL certificate setup in Azure Load balancer and/or static public IP in application Gateway instead dynamic IP.

      Please give feature SSL certificate setup in Azure Load balancer and/or static public IP in application Gateway instead dynamic IP.

      41 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      4 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    9. application gateway monitor

      Application Gateways need more troubleshooting tools. The healthy/unhealthy logging is almost useless. We need to be able to initiate a ping/netcat from the AppGw to a host to verify connectivity. We also need to be able to see the DNS cache or see a log correlating incoming requests with outgoing requests by hostnames and IP addresses,

      29 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    10. Make P2S (Point-To-Site) VPN work with Active-Active GW

      For running Production workloads in Azure we find that having a HA solution is important, and therefore using an Active-Active VPN GW is a must for us. Though we would also like to still use App Services linked to our custom vNet. At the moment this seems to not be possible as P2S VPN is not supported with a Active-Active GW.

      Therefore please make it compatible so we can connect App Services to our custom vNet and be able to communicate with onprem resources.

      21 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      started  ·  2 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    11. VNET Gateway VPN Client should have easy way to refresh routes

      I noticed that you need to download the VPN client again if the peering changes on the VNETs associated with the gateway. Once the client has the routes you can tear down and recreate VNET peerings as often as you like. It would be nice to have an easy way to refresh the routes for your installed VPN client because I see customers wasting a lot of time trying to figure out why they can’t connect to vms. At least to have some warning to customers would be good when they configure vnet peering that they might have to reinstall…

      20 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      4 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      Hi Matt,

      Thanks for the feedback. The status of this ask is a bit complicated – it’s partially working, but partially in progress:

      1. For existing SSTP P2S VPN, there is no solution but to download the VPN client package again.

      2. For IKEv2 P2S VPN, it works by P2S client reconnecting to the Azure VPN gateway. Once they connect again, they will get the new routes. This will apply to changes in VNet address spaces (including VNet peering), newly added S2S/VNet-to-VNet connections, or new routes learned via BGP.

      3. The caveat for (2) is that it currently works on Mac and Linux, but Windows require a KB/Update that will be released shortly.

      We will provide an update to this item once the Windows update is available.

      Thanks,
      Yushun [MSFT]

    12. Ability to limit access only to the specific storage account

      VNet Service Endpoint achieves secure access to storage from virtual network, but there is still a risk that someone might leak our sensitive data to his/her own storage account.
      To make sure our data is stored in our storage account, we really need the ability to limit access to the specific approved storage account.

      19 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    13. Support for drainstop in Azure App Gateway

      Traditional loadbalancers support the following states, to facilitate performing maintenance on a system of multiple nodes gracefully:
      Enabled (All traffic allowed)
      Disabled (Only persistant or active connections allowed)
      Force Offline (only active connections allowed)

      When a application gateway node is "unhealthy" it only allows active connections. We are looking for a way to force a node into an "unhealthy" state.

      The currently supported method is to use a custom probe that checks a file/path. I would like a solution that doesn't involve making changes on the server going into maintenance mode.

      18 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    14. Azure Secure DNS for protection against malware and other unwanted content

      Create a Secure DNS service that can be used by Enterprise DNS servers and report and block suspect activity from clients. The solution should be based in Microsoft Azure, but should also be integrated with either Microsoft OMS og Windows ATP service.

      All log files collected from Enterprise DNS servers should be forwarded to the Azure Secure DNS service (https://blogs.technet.microsoft.com/teamdhcp/2015/11/23/network-forensics-with-windows-dns-analytical-logging/)

      Examples:
      http://www.computerworld.com/article/2872700/6-dns-services-protect-against-malware-and-other-unwanted-content.html

      16 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →
    15. Add more metrics to better analyse capacity, firewall violations, etc

      Analysis via Log Analytics is useful, but it'd be nice to have some predefined reports or "blades" in Azure Portal to analyse events, throughput, capacity/utilization.

      15 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      started  ·  0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    16. Add more endpoints outside of EU

      https://azure.microsoft.com/en-us/documentation/articles/cdn-pop-locations/
      Open CDN map- and you will find that for MOST geographical regions- CDN is irrelevant. For exUSSR region closest CDN is in Poland but latency just on a few millisecond less than directly from WE region. For MEA region- the same...

      13 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Content Delivery Network  ·  Flag idea as inappropriate…  ·  Admin →
      started  ·  Anton Kucer [MSFT] responded

      Work is ongoing to provide POPs in additional Geographical regions. In November POP’s were added in India and South America. Additional POP’s in South America and in Oman will be added in the next few months. We also announced last year a partnership with Akamai which will allow us later this year to provide access to the entire Akamai network. Akamai has POP’s in over 110 countries. The following link from Akamai will help us see the level of coverage that they have today: http://wwwnui.akamai.com/gnet/globe/index.html

    17. Allow custom DNS search domain for virtual networks

      Thanks for recently adding the ability to specify custom DNS servers for virtual networks.
      I assume this is implemented with DHCP.
      We are unfortunately not able to rely on this feature yet because we also set a custom DNS domain search.
      This can be done with DHCP option 119, and this is how we have our non-Azure LAN configured.

      13 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    18. Automatically add Web hosting plan services to virtual network

      I pretty much want to keep storage, SQL database, web app, VMs, and any other service I use within a private network to keep granular control of which services can connect to other services. The "open to all" connection strings to all services is a hard sell to any organization used to securing their IT behind firewalls and networks of networks. Where are you on this today? It must be considered a less secure since these connection strings always tend to leak..

      10 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    19. To improve portal user experience for Application Gateway configuration

      Application Gateway is a combination of backend pool, backend HTTP settings, listeners, custom probes and rules. Most of the time, to make changes, it is necessary to update more than one of the above mentioned settings (pool, HTTP setting, listeners, rules). Each settings are placed on different UI blades and takes nearly 3 - 10 mins to make single setting change getting reflected.

      Feedback: Make a Wizard kind of interaction that will enable to specify all desired setting changes at once, then let apply these changes in a single shot behind the scenes.

      9 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    20. Expand vendor support for Azure virtual network TAP

      Allow Azure virtual network TAP to send collected data to a VM running Suricata, Snort, riverbed etc, not only the current list of vendors.

      9 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      started  ·  1 comment  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    • Don't see your idea?

    Feedback and Knowledge Base