Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details

  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details

  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details

  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. API for Real-Time Stats of CDN

      Provide API to get live CDN metrics (number of requests, different cache statuses, different HTTP response codes, response time, origin time etc) from CDN. The same metrics is available now only via HTML dashboard in CDN manager as "Real-Time Stats", but enterprise setups need the data to our dashboard systems, not as yet another separate website.

      5 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      planned  ·  0 comments  ·  Content Delivery Network  ·  Flag idea as inappropriate…  ·  Admin →
    2. Azure Networking Traffic Simulator

      You should consider adding a Azure Networking Traffic Simulator somewhere in Azure to provide better tooling for troubleshooting and configuring NSG firewall rules.

      5 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      planned  ·  2 comments  ·  Network Watcher  ·  Flag idea as inappropriate…  ·  Admin →
    3. Application Gateway Public IP to be allocated to existing Virtual Machine

      We want Application Gateway Public IP to be used and associated with Virtual machine. If we remove application Gateway , its public IP should be retailed.

      5 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    4. Allow referencing an Azure resource by id in Network Security Groups

      NSG's should allow the use of Azure resource ID in addition to ip addresses for NSGs. For example, if I reference the ID of a webapp, then the rule will apply to the public IPs of that webapp. If I reference an azure VM, then the rule will apply to the ip address of that vm. And so on. It would make it so much more flexible to build up rules by using resource id's/names than today's very static and cumbersome implementation, especially for complex rules.

      4 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Network Security Groups  ·  Flag idea as inappropriate…  ·  Admin →
    5. Site Categorization for the new Azure Firewall

      Adding the ability to restrict outbound traffic based on Site Categorization would be great. This would give the ability to restrict outbound access to adult, gambling and other questionable sites.

      4 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      planned  ·  1 comment  ·  Network Security Groups  ·  Flag idea as inappropriate…  ·  Admin →
    6. Roelant

      when adding endpoints to the traffic manager, you get all app-services that are available, but in our case, the list is very long, and searching makes it difficult. The list is not sorted, and neither can we filter it.
      Adding a filter would be very helpfull.

      4 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      planned  ·  0 comments  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →
    7. Add Azure Service Fabric Reverse Proxy Port to AKAMAI CDN Allowed Origin Ports

      The Azure Service Fabric Reverse Proxy allows services running in the cluster to be reached from outside the cluster via HTTP(s). The default port for the reverse proxy is 19081.

      Azure CDN (with AKAMAI) allowed origin port list currently does not include that port.

      AKAMAI CDN should include the default reverse proxy port for Azure Service Fabric in the allowed origin port list so that integration can happen right out of the box.

      4 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Content Delivery Network  ·  Flag idea as inappropriate…  ·  Admin →
      planned  ·  Anton Kucer [MSFT] responded

      Thank you for the feedback. We have confirmed the ability to add this port. We are targeting January 2018 to have this update in place as the Akamai network is currently locked down for this type of update until after the holiday season.

    8. Please provide metric for Point-to-Site VPN traffic

      We can't meter Point-to-Site VPN usage now.
      Please provide metric for Point-to-Site VPN traffic like Site-to-Site tunnnel metric.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      planned  ·  1 comment  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    9. Application Security Groups, Service Tags, and Augmented security rules in Gov

      Application Security Groups, Service Tags, and Augmented security rules (public preview) would be great additions to managing networks security in Azure Government. NSG's are good, but a complex application can quickly increase the number NSG rules and potentially reach limits fast. These three features would be really REALLY nice.

      https://azure.microsoft.com/en-us/updates/public-preview-features-for-nsgs/

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Network Security Groups  ·  Flag idea as inappropriate…  ·  Admin →
    10. Add a feature that gives you an static IP regardless of what server you attach to it.

      Add a feature that gives you an static IP regardless of what server you attach to it. That wat, if you have to migrate your server you keep your IP Address.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  IP addresses  ·  Flag idea as inappropriate…  ·  Admin →
    11. Add ServiceTags for login.microsoft.com and arm api endpoint in NSG

      Kubernetes requires access to the different endpoint to perform automation.

      We also need to restrict internet access with an outbound rule. It would be best if we could configured the NSG to prevent internet access while keeping the access to the internal Azure endpoints.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Network Security Groups  ·  Flag idea as inappropriate…  ·  Admin →
    12. Maintain "DNS Zone" name server across muliple Zones

      Currently Azure DNS Zone will randomly create Zone records in different DNS Servers.

      I have a public DNS server which I would like to migrate to Azure DNS Zone, to do this I need maintain my name servers but redirect to Azure's. because every time I create a new zone it is generated in a different DNS Server I can't create the CNAMEs to easily migrate my clients domains.

      Could this feature be added.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →
    13. Show Traffic lights on an ILB Rule showing which node traffic is being passed too

      Load balance rules do not show which server(s) traffic is currently being sent to.
      Within a “Load Balance Rule” simple traffic light of Green /or Red against a node would give a quick visual indication that traffic is being sent to the node.
      This would help us identify if a service had/was stop on a specific node or if a node was turned off.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
    14. Akamai CDN Easly Expire Header Set and Purge ALL Available?

      Hello,

      I'm using Akamai General Web Delivery. Its seems fine but Purge all and on the images files specific have not able the set Leverage Browser Caching (expire headers). Its maybe easly be on the Azure control panel.

      2 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Content Delivery Network  ·  Flag idea as inappropriate…  ·  Admin →
      planned  ·  Anton Kucer [MSFT] responded

      Both of these capabilities are in our backlog for making available via Azure CDN from Akamai later this year.

    15. azure application gateway websockets latency metric

      When using websockets together with Azure Application Gateway, you end up with artifically increased latencyd in the ApplicationGatewayPerformanceLog. Indeed, all the 101 (websockets) connections remain pending, which is a normal behavior and their duration gets recorded by the gateway. The problem is this normal behavior increases the average latency of all requests (including non-101) and there is no way to filter 101 out of the ApplicationGatewayPerformanceLog logs...Therefore, if we setup an alert on latencyd, this will raise a lot of false positives...While this metric is very useful in the ApplicationGatewayAccessLog because it allows for calculation of average user…

      2 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    16. Azure Firewall NAT Rules

      When the UDR assoc the Subnet is not possible connect by RDP from the Internet, or other services exposed in the internet.

      If I could create the NAT Rule on the Azure Firewall I can expose any services in internet and this issue would be resolved.

      thank you so much.

      Best Regards

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      planned  ·  1 comment  ·  Network Security Groups  ·  Flag idea as inappropriate…  ·  Admin →
    17. 1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    18. Traffic analytics error reporting IP vs NIC

      We have several app-ways in the same subnet.
      Traffic analytics is display a DestIPs which does not correspond with the displayed NICs (it belongs to a different app-way).

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      planned  ·  1 comment  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →
    19. Outbound data transfer Zones - Country wise

      Hello, Please provide which country comes under which Zones for Outbound data transfer. This will help for correct pricing for customers for zone1, zone2 and zone3

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  ExpressRoute  ·  Flag idea as inappropriate…  ·  Admin →
    20. Is adding external endpoints via IP address available instead of FQDN? i don't think it is? can some one clarify it please..

      On Azure Traffic Manager, is external endpoints addition via IP address available instead of FQDN? i don't think it is yet? can some one clarify it please..

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      planned  ·  0 comments  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →
    • Don't see your idea?

    Feedback and Knowledge Base