Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details
  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details
  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details
  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Enable spdy/3 or greater support on Application Gateway

      Enablement of the spdy/3 protocol on Application Gateways to help support AKS and Container Clusters within Azure.

      7 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    2. Provide a non-redundant ExpressRoute connection offer

      Microsoft should consider providing a cheap ExpressRoute connection with non-redundant connection to Microsoft Azure and Service Providers.

      Customers can than choice to upgrade to redundant connection and get the 99.9% SLA for connection or as an alternative choice to add a Site-to-Site VPN connection as a failover connection

      This offer is only attended to target customers with the need to access to Azure VNets.

      7 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      declined  ·  1 comment  ·  ExpressRoute  ·  Flag idea as inappropriate…  ·  Admin →
    3. Allow other VPN protocol

      The point-to-site VPN protocol is not natively compatible with Windows 10 and Linux machine. It will be great if it was possible to use another protocol (openvpn, pptp) easily as SSTP.

      7 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    4. Provide rapid failover away from unhealth and/or removed VMs from the Load Balancer backend pool

      Presently, the Standard SKU Load Balancer takes up to several minutes to stop sending traffic to backend VMs which have been identified as unhealthy by Health probes and/or have been manually removed from a backend pool through a configuration change.

      This delay prevents using the Load Balancer as an SLA/availability solution and is counter-intuitive. A preferable design would be to immediately cease sending any additional traffic to an unhealthy VM once it has been marked as unhealthy (unless it is the only VM in the backend pool.)

      6 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
    5. Azure standard loadbalancer - force all UDP traffic bidirectionally back over the LB

      Currently a single specific session with the same source and destination port on UDP will be routed correctly. But when the system behind the loadbalancer stars creating multiple sessions with the same destination port but different source ports (Random) it will be routed directly back bypassing the loadbalancer fully. This breaks functionality for certain UDP based designs....

      Please make it possible to route the traffic always via the loadbalancer

      6 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
    6. Add Load Balancer backend IP

      Load balancers should have a backend IP so traffic can be sent to it to initiate a flow from the other side.

      The reason this feature is very helpful is when you're using a Virtual Network Appliance ( VNA ) in HA. HA requires we use load balancers on each side of the VNA ( firewall in this case ). The problem with not having a backend IP the flow from inbound and outbound originated traffic doesn't follow the same path in and out bound.

      This leads to some creative solutions that aren't ideal. Really, Azure should be working more…

      6 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
    7. Load balancing with sticky sessions (source IP distribution mode for load balancing) in Cloud Services

      When a load-balanced set changes (removing or adding an instance), the distribution of client requests is recomputed. Cannot depend on new connections from existing clients ending up at the same server. Whenever a new vm is added to the pool make it ready to accept only requests from new clients rather than having requests from existing clients end up on the different server. Make the load balancer to route the same client to the same application server while scaling up/down

      6 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →

      Thank you for the feedback. What you’re suggesting is not possible in today’s platform and cannot be implemented at this time. Longer term, we may make enhancements to make this possible and I appreciate this feedback for planning purposes. I would like to encourage you to take a look a the other load balancing options in Azure, which include Application Gateway as a fully managed product or any of the 3rd party offers.

    8. Increase the maximum number of Site-to-Site (S2S) connections of the VPN Gateway

      We host many different customers. We want to put every customer in their own subscription (mostly) so we can bill them separatly, as there seems to be no other way of doing this easily. Also having every customer in their own subscription has other benefits. To connect their networks to our own "Hosting" subscription containing our active directory servers , we wanted to use site-to-site VPN's between the subscriptions VNET's. Currently the limits are 10 vpn's for "Dynamic Routing VPN gateway" and 30 for "High Performance VPN gateway" (which is too expensive for this purpose). Please increase those considerably or…

      6 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      4 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    9. Managing allowed IP-adress possible with a time-out.

      Adding an IP-adress to allow connections, which will be removed after 24hrs for instance.

      6 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Network Security Groups  ·  Flag idea as inappropriate…  ·  Admin →
    10. Tcpdump and TCP session stats on Azure Standard LB

      Currently, there are bare minimum stats available for TCP sessions on Azure Standard LB. Can you add more traffic flow stats showing the client IP address hitting Azur LB?
      Secondly, tcpdump is the basic tool for operational troubleshooting.

      6 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →

      Thank you for the feedback. Load Balancer is a pass through network load balancer and does not terminate connections. The handshake is directly between the client and the application on a VM.

      You can use Network Watcher to initate packet captures.
      — Christian

    11. Load Balancer support for on-premise VMs

      When on-premise is connected to Azure, I would like to use the Azure Load Balancer to direct traffic to on-premise VMs and replace my on-premise load balancer which is near end of life. Next step would be to migrate on-premise VM to Azure, but that requires much more work in my IaaS scenario.

      5 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
    12. Setting a probe port other than a service port in Application Gateway.

      Currently, Probing port in Application Gateway is the same with a service port.
      For example, if it configures HTTP(80) port as backend port, Probing port would be HTTP(80) port.

      In some application, it could not response correctly to HTTP/HTTPS probing by service port.
      So it is better for us to set a probe port other than a service port like a probe port is 80 and service port is 8080.

      5 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      3 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    13. PIP address to CLoudservices

      Its should be a great feature to reserve an PIP address to the Cloudservice, or a option to make an ReversenDNS of the PIP to the Cloudservice

      4 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
    14. Expose list of POP locations involved into Azure DNS

      AWS has a detailed list of edge locations in addition to regions on their website. Can Azure have such list as well?

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →

      We are continually adding new POPs for Azure DNS. We monitor both global and regional performance and continually strive to improve. At times we may also remove a location if we feel newer locations are providing better service. For this reason, we do not encourage customers to take a dependency on the POP locations.

    15. manually add route to expressroute

      It would be great if you could manually add routes through the Azure portal for ranges that our ExpressRoute ISP doesn't know dynamically. That way we don't need to contact them to add a new subnet.

      4 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  ExpressRoute  ·  Flag idea as inappropriate…  ·  Admin →
    16. Provide real-life price comparisons of ExpressRoute vs. AWS Direct Connect

      During numerous conversations with customers, it has surfaced that ExpressRoute seems to be at least 10x the cost of AWS' Direct Connect. However, my understanding is that the real difference is much more negligible, but I can't find any true price comparisons anywhere. This has been a point of contention repeatedly, and it would be great to direct customers to a real-life cost comparison.

      4 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  ExpressRoute  ·  Flag idea as inappropriate…  ·  Admin →
    17. possibility to create DIP reservation for Cloudservice ->Workerrole

      Possibility to create a DIP reservation for Cloudservice -->Workerrole.
      At this moment it is not possible to create a DIP reservations.

      4 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  IP addresses  ·  Flag idea as inappropriate…  ·  Admin →
    18. Create peering to a VNET before the VNET exists

      An example:

      Terraform script that creates a complete test environment.
      As part of that creation, it needs to access to another vnet that acts as a gateway via peering otherwise the deployment will fail.
      The peering from the remote vnet can't be configured until the new vnet exists.

      That means either breaking the Terraform script into multiple parts, watching the deployment and adding the peering once the new vnet exists or giving the script the ability to create the remote peering which breaks the permissions model.

      The ability to create a peering to a VNET before it is created in…

      4 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    19. IP to Country or IP Geolocation Service

      If Azure Data Service or any other Web API to fetch country or geo location of user based on IP will be helpful.

      It will also be helpful to create allow rules for certain country/ips only. Please integrate this with Azure Firewall as well.

      4 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      7 comments  ·  Flag idea as inappropriate…  ·  Admin →
    20. IP filtering for Traffic Manager

      Other in-market solutions such as Akamai handle have Dynamic IP filtering to handle DDOS attacks as the first line of defensive for your site/app.

      It would be great it TM supported this as well.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →

      Traffic Manager works at the DNS level. It uses DNS to direct traffic to your service endpoints. Clients then connect to those endpoints directly. Thus Traffic Manager cannot provide IP-level features.

      If you require IP level filtering, you might like to look at Azure Application Gateway.

    • Don't see your idea?

    Feedback and Knowledge Base