Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details
  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details
  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details
  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Set up a VPN device script Link as present in the Classic Portal

      I was setting up the Site to Site in New portal and found the link to download the VPN script wasn't present as in Classic portal. It would be good we have that link in new portal so that we can share that Network admins to setup site-site Connection with on-premise and Azure Vnet

      29 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      planned  ·  1 comment  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    2. Allow User-Defined Routes (UDR) to work across ExpressRoute.

      Currently, UDRs are limited to IP addresses which appear in a single peer group of VNETs (i.e., in the same Azure data center location). I would like to have a NextHop to a firewall that can serve multiple regions. The traffic would flow across the ExpressRoute (MPLS-style).

      While most deployments are in a few Azure data centers, there are some which are elsewhere. It is less economical to have a separate firewall instance for each region. With UDR across ExpressRoute (or VPNs), that would be a money saver.

      29 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  ExpressRoute  ·  Flag idea as inappropriate…  ·  Admin →
    3. Support CAA record in Azure DNS web portal

      Thank you for supporting CAA records via CLI/PowerShell/API - but for the majority of people, this isn't easy. Please add support for these records in the DNS zone management blade.

      28 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →
    4. Support for temporary removing nodes through REST API

      It would be great if there was a REST API or something similar we could use to take a node out of rotation without being dependent on the probe detecting it.

      Usecase: We run SF behind the Application Gateway. When we update our front-end service, we would like to take it out of rotation before the service is updated. This does not seem possible today, since we have to rely on the probe detecting that a node has gone down. Since the probes have a lag (it probes on a given interval), some users will have a bad experience when…

      27 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    5. Network Monitor Dashboard

      Provide a dashboard to help understand the Azure network topology and to visualise the NSG rules

      26 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Network Watcher  ·  Flag idea as inappropriate…  ·  Admin →
    6. Wants to add CORS headers in HTTP response sending through Azure Akamai CDN

      Wants to add CORS headers in HTTP response sending through Azure Akamai CDN

      25 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      planned  ·  0 comments  ·  Content Delivery Network  ·  Flag idea as inappropriate…  ·  Admin →
    7. Provide API to access CDN analytic data

      API is needed to access analytic data (e.g. hits, cache/hit ratio, GB usage, bandwidth, etc.)

      24 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      planned  ·  0 comments  ·  Content Delivery Network  ·  Flag idea as inappropriate…  ·  Admin →
    8. Enable a VM to move between cloud service and VMNet AFTER VM creation

      At present, if you create a VM and THEN want to put it into a vmnet, you must destroy the VM then recreate it (keeping the same disk). This is quite wasteful and slow. Please provide the feature to 'move' a vm between a cloud service and a vmnet with minimal downtime.

      24 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    9. Support edns-client-subnet extension in Traffic Manager

      I'm surprised to learn the Traffic Manager does not support the client-subnet feature. Most major CDNs & DNS providers seem to support it.

      19 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      planned  ·  1 comment  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →
    10. wants to make my custom service tags for network security group

      Is it possible to create and add our own service tag mapping to multiple ip address ranges? These days, we need to have our own service tag for outside cloud vendor's service such as payment or customer review.

      19 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    11. 16 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    12. Allow different CDN cache and client cache times for Azure CDN Standard

      Currently the only option is to set the Max-Age header on the content which sets the TTL on the CDN endpoints AND on the clients.

      If we use the Purge API to refresh the CDN content, the clients still have the cached version.

      Akamai has a "downstream-ttl" attribute on the Edge-control header that allows for client expiration customization while letting the "max-age" header set the CDN expiration.

      This way you can set the downstream-ttl to 0 (client always requests to CDN) while CDN can cache the original content until Purged.

      Without this, the Purge command is not entirely useful.

      16 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Content Delivery Network  ·  Flag idea as inappropriate…  ·  Admin →
      planned  ·  Anton Kucer [MSFT] responded

      I’ve updated the title to reflect this is a request for Azure CDN Standard as this is supported via the rules engine in Azure CDN Premium from Verizon. Suppport for this is targeted for availability later this year in CDN Standard from Akamai and Verizon.

    13. Allow network security to allow or deny other network security groups

      Amazon Web Services allows a security group to allow or deny other security groups (including itself). This allows you to easily group NICs (VMs) into the same "VLAN", or to allow one "server role" to access another "server role" (for example allow the WAP security group to access the ADFS security group)

      16 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      planned  ·  1 comment  ·  Network Security Groups  ·  Flag idea as inappropriate…  ·  Admin →
    14. Provide NSG Tags for PaaS Services

      Provide a way to TAG resoures in NSG - such as Azure Storage, Azure SQL and other PaaS Services or let user define his own custom tags.

      15 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Network Security Groups  ·  Flag idea as inappropriate…  ·  Admin →
    15. Make another POP location in Moscow, Russia

      Make another POP location in Moscow, Russia

      15 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      planned  ·  2 comments  ·  Content Delivery Network  ·  Flag idea as inappropriate…  ·  Admin →
    16. cmdlet / API for updating 'Custom caching rules'

      It looks like the only way to update caching rules is via the WebUI, it would be nice if there was a programmatic way of updating custom caching rules, you know devops and all that. cmdlets / api / **** even ARM options

      14 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      planned  ·  1 comment  ·  Content Delivery Network  ·  Flag idea as inappropriate…  ·  Admin →
    17. Provide the ability to prevent hotlinking in Azure CDN Standard

      The ability to deny content or serve alternate content when hotlinking is detected, via whitelist / blacklisting referrers.

      This would help us protect our CDN from third-party usage and is something AWS provides already.

      14 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Content Delivery Network  ·  Flag idea as inappropriate…  ·  Admin →
      planned  ·  Anton Kucer [MSFT] responded

      I’ve update the title to indicate that this is a request for Azure CDN Standard. This capability is available to today with Azure CDN from Verizon Premium via the rules engine. Via the rules engine you can match on a specific referer and deny a request or redirect / rewrite the request to a different location.

    18. Application Gateway Performance

      We have two large instances of Application gateway on our application which is a connected client application using long polling. When we did load testing, gateway starts to give 503 with just 10k connections whereas our back-end application just works with just 7 % CPU. When we raised ticket we got a response saying it is as per design. We did not expect this from Application gateway.
      Can you please let us know what is performance metrics of Application Gateway.

      13 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    19. Allow us to access bastion via Peers/VPN

      Allow us to deploy Bastion Service to a central vnet and consume it over Peering or vNet to vNet VPNs. Lot's businesses are setting up Hub/Spoke models in Azure for Network segmentation and having to deploy a Bastion Service to each is cost prohibitive.

      13 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Bastion  ·  Flag idea as inappropriate…  ·  Admin →
    20. provide diagnostic ability in Azure Resource Manager VPN tunnels

      The PowerShell command that is used in the classic "ASM" VPN troubleshooting is not compatible with the new Azure Resource Manager VPN tunnels. This makes it very difficult to troubleshoot VPN problems.

      The newest Azure PowerShell doesn't provide any start-azureRMvirtualnetworkgatewaydiagnostics like the old azure services manager did.

      13 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    • Don't see your idea?

    Feedback and Knowledge Base