Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details

  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details

  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details

  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Site to Site VPN: allow local network range to include Azure VNET range

      I’ve created a virtual network (10.25.0.0/17) that our instances will live in, and created a local network representing CORPNET (10.0.0.0/8). In effect, we’re trying to have the virtual network be a subnet within our larger internal IP block to emulate an internal datacenter. When trying to create the site to site VPN using the local network, I get an error about an address conflict, which seems to be due to the virtual network and local network be overlapping.
      Per MSFT: The local network range cannot include the Azure VNET range. The local network definition(s) are used to establish routes between…

      429 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      3 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    2. OSPF / BGP advertising from Azure to on-premisis network

      In order to ensure full resiliency to the Azure Network, I would like to be able to create two VPNs to two different geographical points on our physical network. Then use BGP to advertise the IP Ranges hosted in Azure, from Azure. This will allow the route to fail over to the second VPN automatically should the first fail for whatever reason

      421 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      6 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    3. Auto-connect for point-to-site VPN.

      When the device is restarted, or internet connectivity is regained, the device automatically connects to the VPN again.

      401 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      25 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    4. Azure DNS user friendly Web Interface

      Add a GUI to Azure DNS.

      That is wonderful, we do not have to use competitors' solutions like Route53 for DNS hosting any more, but please add a user-friendly interface to the new Azure DNS service.

      384 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      19 comments  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →

      The UI for the Azure DNS service is now live.

      You can access the UI via https://portal.azure.com. It’s not yet wired up under New > Networking, instead you can create new DNS zones via ‘New’, then search the marketplace for ‘DNS’ (we’ll fix that soon). You can also browse existing DNS zones under ‘Browse >’.

      Any new feature requests should be filed here. Any other feedback about the new UI can be shared at azurednsfeedback@microsoft.com.

    5. Expressroute with multiple subscriptions

      For EA accounts with multiple subscriptions underneath, we are limited to only a single subscription connected with our expressroute circuit. This creates a tradeoff between billing granularity and expressroute usage since everything has to be in one large subscription to benefit from expressroute. Please make it possible to use our expressroute connection across all of our subscriptions.

      356 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  ExpressRoute  ·  Flag idea as inappropriate…  ·  Admin →
    6. Support wildcard hosts in custom hostnames

      Many of current SaaS applications enable customers to select it`s own subdomain in order do have a personalized url.

      So let's say I own contoso.com and I let my customers select any subdomain (*.contoso.com) like:

      foo.contoso.com
      bar.contoso.com

      That's cool with a couple customers but when you have a large system it's not doable setup one by one, even that you can automate that.

      The ideal solution would be allowing custom hostname field to bind a wildcard domain, in this example *.contoso.com

      There's a similar idea for Application Gateway that has been for a while (https://feedback.azure.com/forums/217313-networking/suggestions/19527121-application-gateway-support-wildcard-hosts-in-lis)

      Similar products on…

      353 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      14 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    7. 346 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      13 comments  ·  Content Delivery Network  ·  Flag idea as inappropriate…  ·  Admin →
    8. Application Gateway Custom Error pages

      When all instances in the backendpool of the Application Gateway are failing health check the default response is a default error 502 page.

      It would be nice if this error is customable so that a page in a cool customer templace can be shown

      342 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      19 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    9. Traffic Manager Failover profile alert

      Can you please add alert rule for Azure traffic manager to update the co-admin by sending mail alert whenever there is a down of primary / secondary and switch over?

      Since our customer wants to create alert for this scenario.

      This will greatly relax the customer to sit in a place to watch service changes through mail.

      328 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      19 comments  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →
    10. Support for HTTP to HTTPS redirection for Application Gateway

      When using an Application Gateway to provide SSL offloading for applications hosted on IIS / IaaS, there is no native option to redirect HTTP requests to HTTPS. Without redirection or a listener on 80 for the host name, users receive a 404 response. This leads to developing a more complex network topology to handle inbound HTTP request to the host name.

      Possibly allow for an additional option on a listener, that will allow for returning a redirect HTTP code with the proper HTTPS URL, creating a clean/seamless experience for the end user.

      316 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      16 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    11. Increase backend http setting limit on Application Gatway

      Application gateway has a backend http setting limit of 20.
      We want to use it in front of Service Fabric and legacy cloud applications.
      Each of our service fabric apps runs on its own port and so requires a probe, http setting and url rule.
      We exceeded the 20 fairly rapidly.

      311 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      25 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    12. Allow configurable timeout period for Front Door

      Currently Front Door forces a 30 second timeout for backend requests. This can severely restrict the usefulness of the service in production systems. It would be great to have the timeout period configurable to allow for a longer period of time. My understanding is that the Azure Load Balancer, which sits in a similar space as Front Door, defaults to a 4 minute timeout period.

      269 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      19 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    13. Want that VNet Peering can be created in another Directory

      Currently, VNet Peering between the different subscription there is a description that can be created. However, I checked , there was a need to be a separate subscription in the same directory.

      The scene in which Vnet Peering is utilized, the situation is considered overwhelming majority (such as the merger of the company, and integration of the system, etc for connection between VNet and VNet).

      254 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      15 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    14. Endpoints can accept a port range instead of entering each open open one at a time

      If I have a port range it is really a pain to add endpoints if I need to add a port range between 20000 and 20010 for TCP and UDP. In this case I have to create 20 endpoints.

      233 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      8 comments  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
    15. Integration with Key Vault Certificates

      It should be possible to select HTTPS certificates from Azure Key Vault. Since Azure Key Vault support auto-renewal of certificates, Application Gateway should also automatically update the certificates.

      231 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      6 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    16. VPN parameter

      IPsec Parameters can be configured.
      my host site uses Diffie-Hellman Group group 5 in Phase 1.

      227 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      17 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    17. VPN failover

      For a VPN site-to-site, configure 2 or more links of Internet. For provide a minimum of High Availability..What you think?

      225 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      24 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    18. Provide Load Balancing for Intra-Role communications

      The fabirc should provide the ability to have load-balanced intra-role communication (i.e. internal cloud VIP's), so instead of asking the RoleEnvironment for the instance IPEndpoint list and choosing manually, there should be a mechanism for simply saying call this other role, and let the fabric decide (based on perf/count/round robin, etc...) to what instance of the role to send the call.

      223 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      10 comments  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
    19. Allow Static Public IP Address

      Hi,
      We currently have VMSS running inside a public Load Balancer, that ensures all the apps have the same Public IP address. This is important for us, as we need to be able to publish our IP Addresses for all clients to whitelist.

      We really want to move to using the Application Gateway, but can't because it doesn't support static Public IP addresses.

      I don't believe there is a work around either?

      199 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      6 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    20. Enabled configurable session affinity at the load balancer.

      I would like each request from a user to go to the same web role instance. The motivation is performance of cached data.

      Configuration based to IP address, form data, and query string data would be useful. I believe this can be configured at the load balancer.

      In my case, this is a Facebook app, so affinity based on the fbsiguser parameter in the POST data would send the same Facebook user to the same VM instance.

      194 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      13 comments  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
    • Don't see your idea?

    Feedback and Knowledge Base