Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details
  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details
  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details
  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Allow Basic Port Forwarding With Network Load Balancer for all Services

      Azure Network Load Balancer should support basic port forwarding, many customers have firewall rules that block PaaS Services. Today you can create a port forwarder with NLB, but only to its supported endpoints. Ideally you could forward to any Azure hostname or IP address.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
    2. Send FIN after probe confirms healthy

      The current behaviour of the four way handshake of the health probe is to not send the FIN until the next probe is due.

      The FIN should be sent as soon as the health has been confirmed.

      For example:
      We've got an Azure Load Balancer running over a RabbitMQ cluster with a health probe set to check port 5672 every 60 seconds.

      A packet capture shows the following:

      1. Load balancer SYN
      2. RabbitMQ ACK
      3. Load Balancer ACK
      4. 10 seconds later RabbitMQ RST
      5. Another 50 seconds later Load Balancer FIN

      Azure load balancer documentation declares that it…

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →

      Thank you for the feedback. We don’t have any near term plans to change probe behavior.

      A possible workaround may be to use an HTTP endpoint and configure an HTTP probe or increase the RabbitMQ timeout.

      Or you can instead substitute Azure Service Bus which also support AMQP.
      — Christian

    3. Allow Internet traffic via VPN Gateway

      Allow communication to the internet to devices connected to Azure via VPN.

      Add ability to add routes to non connected LAN segments on the Azure VPN endpoint, and support non TCP/UDP traffic for VM’s (such as enabling IPSEC traffic )

      2 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    4. Allow the load balancer to support Azure databases as a backend pool

      It would be great if, in addition to Availability Sets and VMs, the various databases from Azure (MySQL, and PostgreSQL) could be part of a back end pool.

      2 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
    5. Need drivers for Accelerated Networking for Linux on older OS kernels

      Currently, anyone using Linux OS kernels released prior to January 2018 cannot use Azure Accelerated Networking for Linux. Users who are still reliant on older OS kernels should not have to upgrade. Accelerated Networking drivers for legacy OS kernels should be available.

      2 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      declined  ·  1 comment  ·  Flag idea as inappropriate…  ·  Admin →
    6. Migrate CNAMEs

      If I want to change an A record, which is being referenced by several CNAME records... I'd ideally like to just click a "Migrate to new A record" button... which would either let me pick an existing A record, or enter the name of a new A record... and then update all CNAMEs (within the zone) to use the target record.

      2 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →

      This feels like a very specialized scenario. I don’t think we can justify supporting this in the Azure Portal.

      Please note that it should be possible for you to implement this in a script, building on the Azure PowerShell cmdlets or cross-platform Azure CLI.

    7. Add & Support Multicast in VNET

      We have a need for VNET to support Multicast for various applications (IaaS)

      2 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      declined  ·  1 comment  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    8. IN ACS Context We Need LBs Doing SSL Offload

      In the context of Azure Container Services (Kubernetes in my case), it is a problem having Azure LBs with zero SSL Offloading. It's fine that SSL Offloading is offered with Application Gateways, but when ACS provisions a Kubernetes cluster with Azure LBs you have no ability out of the box to offload SSL for hosting web applications. It's great that Azure Kubernetes has a plugin to automate exposing pods via the Azure Load Balancer, but we need to have a way to do SSL load balancing that doesn't involve routing through nginx containers.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      declined  ·  1 comment  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
    9. cannot delete vpn and there is no free support for bugs

      I created a site to site vpn in the old portal as a test. I want to make a new one in the new portal, but cannot delete the old one. I tried everything.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      Hi,

      Please open a Support Request if you still cannot delete the VPN gateway. In general, the currently portal is not 100% compatible with the features/resources created using the previous/old portal. Once you open a support request, if it’s a bug, it will get to the product team for the actual bug fix.

      Thanks,
      Yushun [MSFT]

    10. allow a different dns name from the service name (like in the old Portal)

      For different situations, at times, you may want a different DNS name for your service than the service name. In the old Portal you could do this. The new one automatically makes them the same. Requests this feature be added back.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →
    11. After I configured a Point-to-Site connection to a VNet using native Azure certificate authentication. I can't ping from Client to Azure VM.

      After I configured a Point-to-Site connection to a VNet using native Azure certificate authentication. I can't ping from Client to Azure VM.
      Help me!

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    12. how can access to Guest VM of the Hyper-V on Azure from other Azure VM? (Nested Enabled VM(M Series))

      i'm working with M Series VMs. first of all when you install Guest VM in External Virtual Network Switch, the VM can not take any ip address. you sould apply some settings on network interface of the Azure VM.
      now, it work. Guest VM can connect to Internet through Azure VM. but other Azure VMs cannot acces to Guest Machine. i tryed route table, NSG, static route but it does not work.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  IP addresses  ·  Flag idea as inappropriate…  ·  Admin →
    13. Optionally allow virtual servers a direct connection to the Internet, NAT is too limiting

      Forcing NAT for every VM makes it much more difficult to build Highly Available systems using Azure.

      IPSec is the most common way to secure communications across the Internet and is often used in IaaS when setting up highly available services.

      For example, if I want to replicate MongoDB from US EAST to US WEST, using IPSec between the two VMs is the easiest way to accomplish that.

      But Azure forces NAT for every VM making it impossible to use IPSec.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
      declined  ·  Narayan Annamalai responded

      Thanks for the feedback.

      Although we will be working on providing a dedicated NAT IP address for a virtual machine we will not be routing the traffic directly to the VM, it will still go through Azure’s NAT device.

      For high availability, Azure offers free load balancing on a cloud service. You can put 1 or more instances behind a public IP and can take advantage of the load balancing Azure provides to customers as a basic service.

      I will be interested to know if that does not solve a particular scenario.

      Thanks!

    14. ExpressRoute between Azure datacenters without any connection to on premises

      There is now ExpressRoute Premium Add-on which allows to bind VNETs in several datacenters to same ExpressRoute. This basically allows to handle routing between various azure VNETs via BGP. There is no need to connect various Azure VNETs via IPSEC VPNs then. We want this ExpressRoute networking/routing for our Azure VNETs but without creating leased line to Azure from on premises because we moved whole system to cloud and don't need dedicated connection to Azure at all.

      So basically we want ExpressRoute Premium Add-on without ExpressRoute and manage our networking via virtual router appliance inside Azure completely separated from on…

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  ExpressRoute  ·  Flag idea as inappropriate…  ·  Admin →
    15. Bug in Application Gateway - Cert password

      I could not provision a listener on Application Gateway using a SSL Certificate where the password for the .pfx file was this string:

      gzsh4~?w_"!a\3"'z9TU

      I tried this via 3 different mechanisms:
      Portal
      Powershell scripting
      Resource Manager

      All failed to provision the Ssl Certificate.

      After regenerating the .pfx with a different password, everything was ok.

      Guessing that the problem is one or more of these characters not being escaped correctly:
      '
      "
      \

      Regards,
      Ben.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    16. 1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
    17. enable secondary private ip access internet

      programs using second ip cannot access internet
      please allow second ip have same nat rule like primary ip

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    18. Allow to Reserve VPN

      Allow the Azure Admin to reserve IP address for specific clients so when they connect to the VPN via a Point-to-Site configuration, the client receive the same IP Address all the time.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    19. Load balanced set form not displaying

      The Load balanced set creation form or details view doesn't display correctly. Instead, some sort of crying cloud icon is displayed. When clicking on the icon, it "flashes" the correct form but the crying cloud comes back.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
    20. have a case where issue is with cookie based session affinity

      Appreciate any help on this. Have a case, where issue is with cookie based session affinity on the APP GATEWAY, its on linux Centos i dont think it matters, So here's the thing:

      I see 3 cookies (PFA trace) App gateway affinity, persistence cookie and session cookie)

      APPLICTATIONGATEWAYAFFINITY cookie changes (bounces between 2 as 2 backend servers at times), so we would like to know when and why this cookie is changing (factors influencing this change).

      https://support.microsoft.com/en-us/help/4033827/troubleshooting-azure-application-gateway-session-affinity-issues

      And one most important thing i want to know is, if session cookie changes, will the cookie based session affinity be lost, even…

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    • Don't see your idea?

    Feedback and Knowledge Base