Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details

  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details

  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details

  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Create private dns zone in virtual network which already has VMs

      Create private dns zone in virtual network which already has VMs. Currently, it's giving below error:

      Virtual networks that are non-empty (have Virtual Machines or other resources) are not allowed during association with a private zone.

      76 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      7 comments  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →
    2. Allow modifying NS records in apex of DNS zone

      We need to be able to modify the NS records in the apex of a domain hosted by Azure DNS.

      In the wake of the DYN DNS DDoS, a lot of large websites are adding multiple independent DNS providers to reduce the impact of a single DNS provider being taken offline.

      However, you cannot do this if you use Azure DNS, because Azure does not allow modifying the NS records in the apex of your zone.

      Modifying these NS records is possible in Route 53 and Google Cloud DNS, and it is because of the lack of this functionality that…

      76 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      3 comments  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the feedback. We’ve changed the behaviour in Azure DNS. You can now add or remove additional name server names to the NS record set at the zone apex. This allows you to configure your DNS zone for co-hosting in multiple providers.

      Note that Azure DNS does not currently support zone transfers, hence you will need to make other arrangements to ensure the DNS records are in sync across providers.

      Note also that whilst you can add additional name server names to the NS record set at the zone apex, you cannot remove or edit the pre-populated Azure DNS name server names. I.e. Azure DNS does not currently support ‘vanity’ name servers. The reason for this is to prevent customers taking a direct dependency on the name server IP addresses at this time.

    3. Enable secure connections between virtual networks

      Amazon doesn't have this but it is rumored by their support that it's in the pipes (pin intended).

      There should be a way to use the built in Azure VPN infrastructure to connect to another Azure cloud.

      Example: Company Contoso performs a data exchange between their on-prem databases and their Azure (IaaS) cloud based web servers through a hardware VPN to the Azure VPN solution. Contoso hires Tailspin Toys to be their web contractor. Tailspin Toys has their own Azure cloud that they use as a dev environment for their web solutions as well as a code repository. Tailspin Toys…

      75 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      5 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
      completed  ·  Yushun Wang [MSFT] responded

      We have announced the general availability of the VNet-to-VNet connectivity in TechEd 2014. The feature enables VNet-to-VNet connectivity both intra-/cross-region, and same-/cross-subscription. We have published an MSDN page to describe the configuration steps:

      http://msdn.microsoft.com/en-us/library/azure/dn690122.aspx

      More documentation and blogs will follow. Please try it out and let us know if you have any questions.

      Thanks!
      Yushun [MSFT]

    4. Custom error page for Application Gateway.

      I want to use custom page instead of deault error page (403) in APPGW.

      Use application gateway with prevent mode and SQL injection send to application gateway and then default error page (403) will be displayed.

      I want to use custom page instead of that default page.
      I hope that application gateway can have a feature to use custom page.

      73 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      3 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    5. Increase limit of custom domains per front door

      There is a limit of 100 custom domains per front door.
      This works well for apps that only require only a handful of domains, but SaaS applications often require it's customers to be on their own domain. This limitation currently prevents SaaS platforms using Azure FrontDoor.

      Alternative platforms such as Cloudflare or AWS Cloudfront already support a very large number of custom domains.

      68 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    6. Enable the feature to have multiple public ip addresses per cloud service

      Enable the feature to have multiple public ip addresses per cloud service

      64 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      completed  ·  13 comments  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
    7. Provide operation logs for Network Security Rules

      Hi,
      I have spend a large amount of time troubleshooting network security rules (added to a group and attached to a subnet). While they appear rather simple at first, the complexity comes when the source and destination IP is either DIP,PIP,VIP or RIP depending on the connection and the ports are dynamic or randomly allocated. Add to this the fun of trying to work out a load-balanced incoming IP, and I dream of the day I can open the log and resolve my issue.

      60 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      completed  ·  0 comments  ·  Network Security Groups  ·  Flag idea as inappropriate…  ·  Admin →
    8. Azure Load Balancer to support having VMs from multiple availability sets in the backend.

      Currently, only VMs from a single Availability Set is allowed and there are scenarios where a user may wish to add a VM from a 2nd availability set to the backend pool.

      58 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
    9. Allow SSL/TLS configuration on Azure Frontdoor

      Allow option to configure SSL protocols and best practices, same as an application gateway on Azure front door service.
      Currently, Azure Frontdoor supports TLS 1.0 as well, there should be an option to select protocols as well as the cipher suite.

      58 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    10. traffic manager support for external endpoints that are IP addresses instead of FQDN

      Support for IPs to be used instead of FQDNs for Azure Traffic Manager external endpoints would reduce the DNS lookup penalty of the external endpoint. Right now 3 DNS lookups are needed: 1, foo.com 2, foo.trafficmanager.net 3, foo-vip.externalendpoint.com

      Supporting foo.trafficmanager.net pointing to the IP for #3 eliminates the DNS lookup for #3 in the example above

      56 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      7 comments  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →
    11. 56 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      12 comments  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
    12. Add DNS name label to private IPs

      Currently when using Azure provided DNS all VM's are registered automatically using VM name. Unfortunately it's not possible to register other resources like for example load-balancers with private IPs. It would be great to be able to assign dns name to private IPs

      55 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      6 comments  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →
    13. Support communicating to the frontend IP address of a globally peered internal load balancer

      The VNet peering documentation contains the following constraint:

      Resources in one virtual network cannot communicate with the frontend IP address of an Azure internal load balancer in the globally peered virtual network. The load balancer and the resources that communicate with it must be in the same region.

      In scenarios that require a resource to access a load balanced application in another region, a 3rd party load balancer is required.

      52 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      5 comments  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
    14. add tags for NSG on a portal with datacnters ranges

      We have a ranges of IP for each datacenter

      Instead of current tags (internet, azureloadbalance) we could add AzureWestUS,AzureNorthEurope
      https://www.microsoft.com/en-us/download/details.aspx?id=41653

      51 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      5 comments  ·  Network Security Groups  ·  Flag idea as inappropriate…  ·  Admin →
    15. About Idle Timeout on Application Gateway

      In case when the connection is done via Application Gateway, it shows no response when HTTP connection takes over 4 minutes.
      I predict the root cause of this issue is due to Azure’s Load Balancer, as it depends on limitations.
      Therefore, I ask you to change it so we can make the limitation optional.

      (Japanese)
      Application Gateway を経由した通信の場合、 4 分間を超える HTTP 通信が発生すると、応答を返さなくなる。
      この動作は、Load Balancer の制限に依存すると思われるが、これを任意で変更できるようにしてほしい。

      47 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    16. Faster configuration updates

      I'm experimenting with using App Gateway as a frontend server to do URL routing to one Windows App Service and one Linux App Service, via the portal. I'm an hour in to this process because each and every step takes many minutes to complete.

      47 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      completed  ·  0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    17. Azure DNS private zone for non-empty vnets

      allow creating of private zone for non-empty vnet.

      46 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      3 comments  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →
    18. Make ASE and Webapps able to connect with "VNET v2"

      Please provide us a way to connect App Service Enviroment and Azure Webapps to connect to the new VNET v2. Currently only classic VNet's are supported.

      45 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      completed  ·  1 comment  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    19. Increase the limit on local netwroks per VNet

      The limit of 10 local networks per VNet is to constricting for companies that have multiple physical locations. Please please please increase that tohe LAN to VNet limit to 100 or something that eliminates the need to configure VNet to VNet connectivity.

      44 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    20. Support Azure Web Sites

      At the moment only cloudapp.net Cloud Services are supported by Traffic Manager. Please add azurewebsites.net Web Sites to the list, too.

      43 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →
    • Don't see your idea?

    Feedback and Knowledge Base