Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details

  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details

  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details

  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Simplify creation and visualization of Azure VNET's

      Creating a virtual network that spans an on-premise deployment and more than 1 Azure datacenter is a pain and not easy to "see" if all thing are lined up correctly. Building a network like this shouldn't require importing or exporting files and running powershell commands if you don't want to. Would be great it was like using Visio (Drag, Drop, Pipe). Then use that same view to see the overall health, speed, and usage in real time on that network.

      190 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →

      Hey Conrad,

      This is an amazing idea! For now, this tool can help you view and interact with your network: https://marketplace.visualstudio.com/items?itemName=bencoleman.armview.

      Additionally, documentation for Network Watcher topology view can be found here: https://docs.microsoft.com/en-us/azure/network-watcher/view-network-topology. I will forward your suggestion that this be made more interactive.

      Best,
      Allegra [MSFT]

    2. Allow us to view the effective route for an Subnet without requiring an Interface inside of the subnet.

      Currently in order to view the effective routes for a subnet you need to have some kind of network interface inside of the subnet. I find that sometimes I need to view the routing table for a subnet, but it doesn't contain any VMs. Could you add functionality to allow us to view the effective routes without having to provision anything inside of it?
      My use case is that I host ILB ASEs in dedicated subnets, but I can't view the routing table because there are no VMs inside of it.

      185 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      11 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    3. BGP Filters on Private Peering

      Can we expand BGP filtering into Private peering? That will enable us filtering unnecessary traffic and also filter incoming onPrem networks into Azure VNET. Furthermore , that will provide summarisation of on Prem routes into VNETs thus less UDRs if you wanted to route all traffic via NVA

      184 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      under review  ·  10 comments  ·  ExpressRoute  ·  Flag idea as inappropriate…  ·  Admin →
    4. update DNS settings for VNET without restart of the VMs to take effect

      Current when we try to update the DNS settings in the VNET or NIC, it required the VMs to be restarted to take effect. But when there are a large amount of VMs under the VNET, it would be a hard work to do so.
      If this process could be simplify so that the restarted of VM will be no longer required, it would be a good news.

      183 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      12 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    5. subdomain cloudapp.net (etc.) rather than having a global namespace

      It would be nice to be able to not have to use globally unique server / service / website names. It would be cool to have the ability to tie an extra level of subdomain to each of the various parts of Azure. This would mean I could do: web01.foocorp.cloudapp.net etc.

      172 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      9 comments  ·  Flag idea as inappropriate…  ·  Admin →
    6. Allow transitive network flow between peered VNET's

      if we assume Three networks.

      VNET1 <> VNET2 <>VNET3

      <> denotes vnet peering

      A machine on VNET1 cannot directly see a machine in VNET3

      We would like this facility to enable us to build a network design without having to use vitual network appliances to make this happen.

      177 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      12 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    7. Support server-sent events

      Azure Application Gateway apparently does not support server-sent events. This surprised me, since SSE really is just http. However after quite a bit of testing, and asking on the forum, I can confirm it does not.

      SSE is an arguably better way of doing server push than websockets, which is a lot more complex. We rely heavily on it, so hope it will be prioritized.

      Best regards,
      Alf

      167 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      under review  ·  9 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    8. wildcard ssl / domain / url support for Azure CDN

      Allow a wildcard domain like *.mydomain.com and wildcard SSL for such a domain as well. This will allow support for dynamic domain creating like multi tenant systems which might use that

      167 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      under review  ·  6 comments  ·  Content Delivery Network  ·  Flag idea as inappropriate…  ·  Admin →
    9. 165 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      under review  ·  13 comments  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
    10. Use P2S VPN connection as default gateway (like standard VPN)

      P2S connection is working fine and I can access VMs on VNET.

      It would good to have feature if you enable [Use default gateway on remote network] that you can browse internet and it looks like you are coming from Azure network if you visit some site.
      Something like proxpn, purevpn and similar services.

      158 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      5 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      Hi,

      This suggestion has two parts:

      1. Use default route or forced tunneling on P2S client rather than split tunneling
      2. Enable Azure VPN gateway as an forward proxy to the Internet

      At this point, these will be considered as long term roadmap items.

      Thanks,
      Yushun [MSFT]

    11. WAF file size limit to be increased

      Currently as the WAF limit is set to 100mb, we cannot process our large files which could hit 500mb for example.

      Can you please increase the WAF file silze limit? To possibly 1GB / 2GB

      156 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      6 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    12. CDN image auto image crop and resizer functionality for images

      It would be really good, if the CDN could handle query strings and for the file format of images, handle resizing and cropping parameters automatically to resize our content needs... This done by the Azure CDN by its own.

      146 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      under review  ·  11 comments  ·  Content Delivery Network  ·  Flag idea as inappropriate…  ·  Admin →
    13. Allow changing Billing Model for ExpressRoute from Unlimited to Metered with no downtime

      Currently you can change an ExpressRoute from Metered to Unlimited at any time without any disruption.

      You should also have the ability to go from Unlimited to Metered at any time without any disruption.

      134 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      9 comments  ·  ExpressRoute  ·  Flag idea as inappropriate…  ·  Admin →
    14. Fallback to custom URL when content not found

      Would be good if MS could provide fallback to custom URLs when content is not found on CDN

      134 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      under review  ·  2 comments  ·  Content Delivery Network  ·  Flag idea as inappropriate…  ·  Admin →
    15. Allow native VPN S2S from Azure to AWS

      Azure coexistence with AWS (and even GCP) is a very common scenario. Currently the only way to connect Azure and AWS is using a combination of Azure Virtual Network Gateway with a VM (Strongswan, OpenVPN, RRAS) deployed in AWS. We have no documentation around it, while Google provides VPN interoperability guidelines (here: https://cloud.google.com/compute/docs/vpn/interop-guides).

      This is complicated to manage when you add things such as High Availability and all the required configuration. Also, these manual configurations are never the most optmized.

      I understand we have a few different parameters vs. AWS and that's why Azure can't set up this S2S…

      133 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the suggestion – this will require the new Azure VPN gateway SKUs to add IKEv1 support. It’s under review but will be in the longer term roadmap. For the short term, please leverage virtual appliances from Azure Marketplace to facilitate this connectivity.

      Thanks,
      Yushun [MSFT]

    16. Support chunked file transfers through Azure Application Gateway + WAF

      This is an issue with the WAF's configuration of OWASP.

      When the WAF is in protection mode, it is currently not possible to use the js File API to upload files in a chunked manner to an application behind the Application Gateway. Some of the "chunks" get blocked by the firewall (see attached). This doesn't happen to all chunks but it is common enough that a 100mb file will probably encounter the issue.

      I have created a barebones test website which reproduces the issue here: https://github.com/elexisvenator/AzureWAF-chunked-upload-test

      I have contacted the OWASP ModSecurity project, who have responded that the Firewall rule…

      128 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      under review  ·  2 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    17. Prevent Azure CDN Bandwidth abuse

      Hello,
      I have already made a couple of posts in regards to this issue on StackOverflow: http://stackoverflow.com/questions/35488753/how-to-prevent-azure-cdn-bandwidth-abuse-by-malicious-bandwidth-vampire-requests and on MSDN CDN forum: https://social.msdn.microsoft.com/Forums/azure/en-US/9e37ca24-b38d-4193-847b-f679eab76aa5/azure-cdn-bandwidth-abuse-by-malicious-bandwidth-vampire-requests?forum=azurecdn but so far, unfortunately, no good solutions to the problem were offered. So I thought it would be a good idea to post this idea here as well, and get a little more into detail on how to solve the issue since this little fix can easily be integrated into the upcoming WAF offering with the Premium SKU.

      Problem:
      To summarize, the problem can simply be stated as follows: Any large multimedia content file such as an…

      112 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      under review  ·  2 comments  ·  Content Delivery Network  ·  Flag idea as inappropriate…  ·  Admin →
    18. VPN Connection Status Alert

      It would be nice to have built in alerting for when VPN connections are dropped/connecting. We've had to setup an hourly runbook to call a PowerShell command that pushes data to OMS and then create an alert. All of the data is available in resource health so it shouldn't be a difficult enhancement, we just have no native way to pull/alert the data.

      111 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      8 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    19. Event Hubs support in NSG Flow logs

      Currently NSG Flow Logs are do not have the ability to publish to Azure Event Hub as other logs do.

      It would be invaluable for this facility to be made available to allow onward transformation of log data (via Azure Functions) prior to ingest into products such as Splunk.

      103 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      5 comments  ·  Network Watcher  ·  Flag idea as inappropriate…  ·  Admin →

      Thank you for your feedback. Today publishing NSG Flow Logs to an Event Hub is not currently supported natively. We will continue to evaluate this suggestion and update the status accordingly.

      Today, if you are interested in transforming and streaming NSG Flow Logs to a 3rd party endpoint, we have published a sample here that leverages an Azure function: https://github.com/Microsoft/AzureNetworkWatcherNSGFlowLogsConnector

      Splunk has also published a blog with guidance on integrating NSG Flow Logging data here: https://www.splunk.com/blog/2017/02/20/splunking-microsoft-azure-network-watcher-data.html

    20. Copy NSG

      I want to copy new NSG from the existing NSG's similar policy.
      I don't want to keep making the same or similar to the NSG policy.
      The NSG copy function is required.

      101 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      4 comments  ·  Network Security Groups  ·  Flag idea as inappropriate…  ·  Admin →
    • Don't see your idea?

    Feedback and Knowledge Base