Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details
  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details
  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details
  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Application Gateway Performance

      We have two large instances of Application gateway on our application which is a connected client application using long polling. When we did load testing, gateway starts to give 503 with just 10k connections whereas our back-end application just works with just 7 % CPU. When we raised ticket we got a response saying it is as per design. We did not expect this from Application gateway.
      Can you please let us know what is performance metrics of Application Gateway.

      13 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    2. provide diagnostic ability in Azure Resource Manager VPN tunnels

      The PowerShell command that is used in the classic "ASM" VPN troubleshooting is not compatible with the new Azure Resource Manager VPN tunnels. This makes it very difficult to troubleshoot VPN problems.

      The newest Azure PowerShell doesn't provide any start-azureRMvirtualnetworkgatewaydiagnostics like the old azure services manager did.

      13 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    3. Add the option of outbound rule on Azure portal

      When we want to set the outbound rule for Azure load balancer, there are just two methods to configure that : One is Resource Explore; Another is Azure CLI. The configuration methods recorded in below document:
      https://docs.microsoft.com/en-au/azure/load-balancer/load-balancer-outbound-rules-overview
      But neither good enough for deployment . Please kindly add this function on portal.

      13 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
    4. Add ability to use a Network Security Group (NSG) as a rule source/target

      Currently NSG rules have the concept of the source or target being a Tag, and there are a couple predefined tags (Internet, VirtualNetwork, and AzureLoadBalancer). It would be nice if there was a similar feature where you could select the source or target being another network security group. Resources would be considered part of a NSG if they have their network interface associated with that NSG, they are in a subnet associated with that NSG, or they are in a VNET associated with that NSG. This essentially creates a subnet that has a dynamic address space.

      13 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Network Security Groups  ·  Flag idea as inappropriate…  ·  Admin →
    5. Direct Traffic to External web page when all nodes in a pool are down

      Ability to redirect incoming request to external webpage when all nodes in the backends pool are shutdown. Users will get this information information during maintenance/outage.

      12 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    6. Gateway upgrade notification

      As per my understanding Azure does notify the customer on few of the events like a storage maintenance or a VM maintenance, etc but the gateway is not in the list as of now.

      It would have been nice if Azure notified the stakeholders before such a gateway upgrade was due to occur in advance. Alternatively if that wasn’t possible, then at the very least the stakeholders should be notified that their Site2Site VPN tunnel is down post upgrade.

      12 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      Thank you for your feedback. Alerting for gateway connectivity is a common ask, so it is on our roadmap.
      As of now, you can check connection status of your tunnel via the PowerShell cmdlet Get-AzureRmVirtualNetworkGatewayConnection.

      Thanks,
      Bridget [MSFT]

    7. Support compression directly from IIS Origin

      Azure CDN adds the Via header when it communicates with origin servers as this is required by HTTP/1.1 - (http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html). IIS by default does not apply HTTP compression to requests that have the "Via" header. This prevents gzip compression from working by default with Azure CDN as IIS by default will not compress content when it receives a request with a Via header. This default setting for IIS can be changed by setting the noCompressionForProxies to false.

      This is not intuitive and should "just work". The whole point of having combined services in Azure is that we shouldn't…

      11 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Content Delivery Network  ·  Flag idea as inappropriate…  ·  Admin →
      planned  ·  Anton Kucer [MSFT] responded

      I significantly updated the title and contents of this request to accurately reflect why compression from an IIS origin does not work with Azure CDN. The CDN does support HTTP/1.1 when communicating with origin servers. We are planning on adding support in the future that will allow one to prevent the Via header from being sent to IIS.

      In the next month we are also targeting to enable one to have the CDN compress files directly – see http://feedback.azure.com/forums/169397-cdn/suggestions/1074433-automatic-http-compression-on-azure-blob-cdn-gzip.

    8. Request filtering like AWS WAF

      Add request filtering ability like in AWS WAF

      11 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      planned  ·  0 comments  ·  Content Delivery Network  ·  Flag idea as inappropriate…  ·  Admin →
    9. Add App Service Virtual IP (VIP) as Traffic Manager endpoints

      When using the Alias Record Set of Azure DNS, it becomes an error if it is a domain name.

      App Service has a VIP, I would like an option to add IP instead of domain name.

      10 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →
    10. Allow special chartacters in the pre-shared key for IPSec VPN tunnels

      Allow special chartacters in the pre-shared key for IPSec VPN tunnels

      10 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    11. Allow both ExpressRoute and VPN Virtual Network Gateways on a single VNet

      We have several clients who require both a ExpressRoute Gateway to connect from their on-premises network, AND a VPN connection between the same VNet and another VNet (Either in the same subscription, or in a different subscription.

      An example is a client who wishes to use their subscription to host database servers that can then replicate certain data sets across to an other companies subscription via a VPN connection.

      9 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      planned  ·  0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    12. Monitoring BGP Routes Updates - Routes addition or deletion

      We are looking for option to monitor BGP Routes which are propagated to Azure Virtual network through ExpressRoute established and managed by network provider, BT . This is to notify network admins when new network is added as BGP Routes in Azure Virtual Network.
      It would be good if this can be monitored using OMS log analytics. As an alternative option, if route addition is logged as activity log, then it can be used for alerting and notification.

      9 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      planned  ·  1 comment  ·  ExpressRoute  ·  Flag idea as inappropriate…  ·  Admin →
    13. CDN should support ETAGS just like they support last modification date

      When performing a request with 'If-Modified-Since' header, CDN correctly respond 304 if data is not modified. But they ignore equivalent ETAGS directive: IF-None-Match and always return OK 200. They should consider it. Just as described in RFC 7234.

      9 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Content Delivery Network  ·  Flag idea as inappropriate…  ·  Admin →
      planned  ·  Anton Kucer [MSFT] responded

      This is a limitation just with Azure CDN from Akamai. With Azure CDN from Verizon ETag support is enabled by default. Supporting ETags is an optional and not a mandatory header per HTTP RFC. We are working long term to mitigate / remove differences in caching behavior between Verizon and Akamai.

    14. Provide Feedback as to if CDN can reach origin url.

      Right now you need to wait 90 minutes or so (potentially) if you are getting 404 errors on content. It would be nice to have some kind of visual feedback on the endpoint configuration page if the origin url was reachable from Azure.

      9 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Content Delivery Network  ·  Flag idea as inappropriate…  ·  Admin →
      planned  ·  Anton Kucer [MSFT] responded

      With Azure CDN from Verizon it takes up to 90 minutes for configuration for a new CDN endpoint to propagate to all worldwide CDN POPs. For a new endpoint you will get back 404 errors until the configuration has propagated to the CDN POP that you are making requests to. We are working with Verizon to reduce this propagation time and also working with them so that we can deterministically provide feedback via API and UI when this propagation has completed.
      With Azure CDN from Akamai CDN endpoints are typically created in under a minute and the status of via API and UI accurately reflects when endpoint configuration has completed.

    15. provide troubleshooting features to VPN gateways

      Until Microsoft improves the Azure VPN technology, it would be good and sometimes necessary to provide some VPN troubleshooting tools on the Azure side. The local side logs sometimes are not enough and it gets very difficult to understand the reason of tunnel outages. This feature will also be definitely useful once the Azure VPN technology will be completely stable and reliable, in order to analyse traffic and build monitoring based on it.

      8 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    16. Auto-scale for Application Gateway

      I hope Application Gateway instance can increase with auto-scale.

      If it has this feature, we dose't need to add instance for many web access.

      8 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      planned  ·  0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    17. Is there any plan to implement how to operate Azure CDN by JAVA SDK?

      We are now using JAVA SDK to access Azure service but it seems no api to operate CDN service. We need to use the "query string" function of azure cdn with java, i would like how to define the file name pattern of resource like css or javascript.

             So, we would like to know is there any schedule of this request will be planned? Thanks.
      

      7 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Content Delivery Network  ·  Flag idea as inappropriate…  ·  Admin →
      planned  ·  Anton Kucer [MSFT] responded

      Yes support for Java SDK is planned. Initial API support for Azure CDN is targeted to be available in December. Java SDK support will follow after this is released.

    18. 7 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      planned  ·  0 comments  ·  Content Delivery Network  ·  Flag idea as inappropriate…  ·  Admin →
    19. Application Gateway support for multiple IPs on backend DNS name

      We are using Docker on Azure. Therefore we have a single DNS name for all containers. It would be great to have support for this. Having a backend pool with a single DNS name like 'myservice.domain' having multiple A records (each one resulting in a separate backend server entry).

      6 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      planned  ·  0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    20. Azure Networking Traffic Simulator

      You should consider adding a Azure Networking Traffic Simulator somewhere in Azure to provide better tooling for troubleshooting and configuring NSG firewall rules.

      5 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      planned  ·  2 comments  ·  Network Watcher  ·  Flag idea as inappropriate…  ·  Admin →
    • Don't see your idea?

    Feedback and Knowledge Base