Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details

  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details

  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details

  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. LoadBalancer should support more than one IPv6 addresses on the internet frontend.

      At the moment the Azure load balancer supports only 1 IPv6 IP on the internet frontend.
      The IPv4 adresses where sold, the future is the usage of IPv6. But a loadbalancer can only handly one IPv6 Address???
      It minimum we should be able to terminate one IPv6 Präfix. Better that the LB can handle many dedicated IPv6 addresses.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
    2. Introduce managed SSL for Microsoft Azure

      This should be the accepted standard for secure Internet communications. Not sure why Microsoft refuses to commit to this after so many customer requests. Instead, charging customers high prices to communicate securely continues. Google Cloud has already implemented this feature.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Network Security Groups  ·  Flag idea as inappropriate…  ·  Admin →
    3. DNS Zone failed to create with 503 error

      Microsoft Support told me that I should post this here:
      We currently cannot create DNS zones within our Azure subscription.

      When I click the 'Add' button from within the DNS Zones page, one of the following happens:

      If, after refreshing and trying several times, the DNS creation form loads, THEN if…

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →
    4. Public IP Address Lock Period After Deletion

      It would be valuable to have a lock period for a public IP address that has been deleted from Azure. A use case would be if a user accidentally removes a public IP address from the Azure Portal, az cli, terraform, etc., a lock period of ~30 minutes is put in place so that the user is able to recreate the public IP address resource and bind to the previously deleted IP address.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  IP addresses  ·  Flag idea as inappropriate…  ·  Admin →

      Hi Nate,

      Thanks for your feedback. In order to help reduce deleting dynamic Public IPs by accident, we added a feature in the Azure Portal that will prompt to ask customers if they want to reserve the IP address before deleting.

      In the future, we will default to Static Public IPs to prevent users from hitting this issue. However, we will not be building a lock mechanism.

      Hope this helps.

      - Anavi N [MSFT]

    5. Predefined Access Rules for Every Region

      Microsoft Azure should have predefined access rules for every region.
      For example, if someone wants to block traffic for every region except only one, should choose to allow for the specific one and add block rule for every other region.
      That would be good for DDos attacks

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Network Security Groups  ·  Flag idea as inappropriate…  ·  Admin →
    6. Local Network Watcher for End User for their Azure Instance

      Local Network Watcher possibly tied into Internet Connection API. No overhead and only fires when the connection drops or is having issues. Allows the user to input their own instances and is able to visually see where the issue might be and possible solutions. So a mini Network Monitor.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Network Watcher  ·  Flag idea as inappropriate…  ·  Admin →
    7. IP-in-IP

      Provide the ability to unblock IP-in-IP encapsulated packets in a virtual network.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      need-feedback  ·  1 comment  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    8. RST packet is sent from probe of load balancer.

      The probe use RST to disconnect a TCP connection that established 3 way handshake. If I use an software to monitor some paket, the software will detect some errors by RST paket. I hope we can use FIN sequence to close the TCP connection.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      4 comments  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
    9. apply filter ip origen azure in NGS

      apply filter ip origen azure in NGS.
      This option is like "Allow access to Azure services" in "SQL server Azure"

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Network Security Groups  ·  Flag idea as inappropriate…  ·  Admin →
    10. Load balancer probes to determine latency

      In addition to health probes, provide a probe to determine latency when pushing packets to the backend.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
    11. IP report(Risky IP) and User Report(Bad Password Attempts) from the Azure should be merged into one report. Find a user from which IP cannot

      IP report(Risky IP) and User Report(Bad Password Attempts) from the Azure should be merged into one report. Finding a user from which IP cannot directly

      2 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  IP addresses  ·  Flag idea as inappropriate…  ·  Admin →
    12. MS-Azure BGP AS number enable viewing

      How about enabling the view of the MS-Azure AS number on the portal when configuring Private Peering.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  ExpressRoute  ·  Flag idea as inappropriate…  ·  Admin →

      Thank you for the feedback. If I understand correctly, you would like us to display the ExpressRoute ASN on the portal so that you do not have access the documentation when configuring the peer ASN – as an easy reference.

      Look forward to your response!

      Jared
      PM, ExpressRoute

    13. Delete a network security group: this description is insufficient. please make it better

      Delete a network security group: this description is insufficient. please make it better

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    14. Add Ability to create a Dynamic Object "Local Subnet" Route in a Route Table

      We have a configuration where we want VMs on the same subnet to communicate directly through the virtual network, and VMs on different subnets to communicate through a firewall. We have done this by defining a unique route table for for each subnet.

      It would be far more better to have a "Local Subnet" object so that a single route table could be used for all the subnets in a vnet. For example, create a route with Address Prefix as "Local Subnet" with nexthop "Virtual Network".

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    15. Allow VM's to have multiple Public IP's with a single private IP

      We should be able to attach multiple public IP's to a single NIC without having multiple private IP's.

      It is very difficult to configure 3rd party firewalls needing a 1:1 between public IP's and private IP's as far as routing rules go.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    16. Internal Load Balancer support for multiple availability sets

      It would be great if the internal load balancer supports multiple availability sets. Each backend pool allowing to target a different availability set.


      We host a HA multi-tiered solution with VMs for each tier in their own availability set. Clients connect to these servers via internal load balancers.

      Each tier now has its own ILB and subsequently its own IP and FQDN to have clients connect to (app.domain.local, instead of app.domain.local, app-web.domain.local, app-mgmt.domain.local, ...)

      This will allow for
      - 1 ILB per solution
      - a single endpoint and FQDN to access the various tiers in the app (app.domain.local, instead of…

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
    17. Utilization

      I need to get the bandwidth utilized per month with cost only for internet traffic in/out from datacenter (**Excluding the VM to VM traffic in/out). It will be helpful for Firewall,WAF,SIEM kind of implementation analysis (if historic usage available for last (1hr,24,7days,30days,,matrix)

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    18. About VPN gateway DNS

      Can VPN gateway push a new DNS server address to client when the client connected

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      need-feedback  ·  2 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    19. VNet is difficult to manage

      Splitting a resource group for each service makes it hard to connect the service to the network.

      I offer VNet peering free of charge or demand network service globalization

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      need-feedback  ·  0 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    20. Application Gateway needs to be faster and capable of greater transaction throughput

      Currently, Application Gateway is the only service on Azure that supports offloading certificates for SSL, but Application Gateway can take a long time to provision and update with changes, and is unable to handle the high stress levels imposed by some apps. Application Gateway should be quick to provision and update after configuration changes, and it should be able to handle large numbers of requests per minute (e.g., 6,000 per minute).

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      We recently introduced changes which make any updates to Gateway complete in less than a minute. We are also working on reducing provisioning time. Regarding SSL offload performance – you should be able to increase the number of instances to scale out and handle increased load. 6000 new SSL connections per minute is not a lot and should be able to be served by a single Large instance. Please open a support ticket if you are seeing issues with performance at this scale.

    • Don't see your idea?

    Feedback and Knowledge Base