Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details
  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details
  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details
  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. have a case where issue is with cookie based session affinity

      Appreciate any help on this. Have a case, where issue is with cookie based session affinity on the APP GATEWAY, its on linux Centos i dont think it matters, So here's the thing:

      I see 3 cookies (PFA trace) App gateway affinity, persistence cookie and session cookie)

      APPLICTATIONGATEWAYAFFINITY cookie changes (bounces between 2 as 2 backend servers at times), so we would like to know when and why this cookie is changing (factors influencing this change).

      https://support.microsoft.com/en-us/help/4033827/troubleshooting-azure-application-gateway-session-affinity-issues

      And one most important thing i want to know is, if session cookie changes, will the cookie based session affinity be lost, even…

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    2. Accept request only from specific sourceIP address

      It would be nice to enable a feature that requests are only allowed from a specific sourceIP address. That makes it easier for companys to manage a more advanced security. In my opinion there are many companys that want to secure a listener with sourceIP-restriction.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    3. Bug: Incorrect message When deleting VM regarding Internal Load balancer

      When i delete a virtual machine that belongs to an internal load balancer in the new portal the display says it will delete the load balancer and i can't deselect this even tough there are other machines connected the the load balancer. IN the end it's not deleted but it's a false message.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
    4. Any restrictions on Subnets/Application Gateways?

      I have configured Application gateway on EDGE subnet and now I am trying to configure Barracuda CloudGen Firewall on same EDGE subnet but its not allowing me to configure.. Error says

      "This subnet is being used by one or more application gateways "

      are there any restrictions on Subnets ?

      Thank you

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      declined  ·  1 comment  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    5. Allow connection to only some specific address Point-to-Site address

      Restrict connectivity of Point-to-Site to some specific addresses.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    6. Auto-start Secondary Website when using Failover

      I would like to be able to have my website stopped and waiting for failover and automatically started when the failover occurs.

      I could do this but I would have to setup my own monitoring service.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
    7. SLBv2 HAPort Preview

      For the HAPort Feature just announce preview on Ignite 2017, after register the preview feature from cli, try to create ha rule but failed with error
      Failed to save load balancer rule 'harule'. Error: Subscription 4507938f-a0ac-4571-978e-7cc741a60af8 is not registered for feature Microsoft.Network/AllowILBAllPortsRule required to carry out the requested operation

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
    8. response substring matcher in load balancer

      Support the common load balancer feature of matching a substring in probe responses as well as checking response codes. For one or both of Azure LB or Application Gateway products.

      This permits simple and dynamic switching of servers between load balancer pools (eg: live and staging pools, or dedicated and public pools) by updating a health check page without reconfiguration and/or restarts.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
    9. the connection speed is slow !

      I don't know what happened to Azure, but Microsoft cloud services run extremely slow via my IE 10 browser, Firefox or Google Chrome. It took me more than 20 hours to just copy 400M files from local machine to a virtual machine hosted by Windows Azure. Besides that, whenever I log into my management account, either the website services or Virtual machines or mobile services category behaves as if Azure is search and retrieving data forever but never done.
      I am frustrated by this .

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      declined  ·  0 comments  ·  Flag idea as inappropriate…  ·  Admin →
    10. How to configure SSL on Azure LoadBalancer

      Hi,

      We have configured 2 Windows resources and it has Apache server. now we have enabled Load balancer for these 2 instances and its working fine.

      I need to configure SSL for the load balancer . pls share the steps/guide to configure SSL on Azure load balancer.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
    11. Changing Public IP Address configuration via the portal removes ReverseFqdn setting

      I created a Public IP Address via the Azure PowerShell module but after i changed the DNS Name Label in the Portal my ReverseFqdn DnsSetting was gone and the IP-address stopped resolving to the hostname I had assigned.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  IP addresses  ·  Flag idea as inappropriate…  ·  Admin →
    12. Allow Virtual Machines from different subscriptions to belong to the same Virtual Network

      We have multiple subscriptions for development and testing and it would be useful if we could have Virtual Machines from those different subscriptions attached to the same Virtual Network.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
      declined  ·  Narayan Annamalai responded

      We will soon have ways to inter connect different VNets on the same subscription, but subscription remains to be the trust boundary for a customer, hence Vnets will have to stay within subscription scope, at least in the near term.

    13. Azure VM NIC in Promiscuous Mode

      Some of the legacy system virtualization software require VM NICs to be configured in "Promiscuous Mode" to operate correctly.

      https://stromasys.atlassian.net/wiki/display/DocCHAXPv47W/Networking

      This feature would help us run those platforms on Azure. Can Azure VMs enable this feature? There is very little documentation on this aspect - Is promiscuous mode available and supported?

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      declined  ·  3 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    14. standard internal loadbalancer

      Access to public address does not work for standard internal loadbalancer (according to MS by design). In order to be able to access public resources a public IP need to be assigned.
      However there are cases where public IP should not be assigned to allow only private traffic. There are two services which however require (via UDR) access to public.
      Reaching the KMS license server (Windows) and Redhat repositories (for both the recommendation is to use UDR).
      So access to those services is not possible once you do a standard internal loadbalancer and your policy prohibits use of public IP. …

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
    15. Accelerated networking for all SKUs in a SKU family

      Accelerated networking, and more generically: all features of a SKU family, should be supported across all SKUs in a SKU family. With the current limitations based on the number of cores of a SKU in supported SKU families, we have to develop lgoic in a wrapper around Terraform to see when we can just resize a SKU and when we need to recreate it.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    16. Avoid creating a static route on the onprem side to establish VPN and BGP connectivity

      Right now on the onprem side we are required to create a static route to the VPN tunnel interface while configuring BGP. This is ironic for the matter of fact we are calling it BGP and doing static routing configuration on onprem side. AWS does share a /30 subnet for both LGW and VPNGW to peer for. See https://docs.aws.amazon.com/AmazonVPC/latest/NetworkAdminGuide/GenericConfig.html can we have a similar functionality in Azure VPN which avoids creating this static routing business

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      Thank you for the feedback. This is unfortunately by design on the Azure side. Azure VPN gateway is using one of the VNet addresses as the BGP peer IP, so there needs to be an on-premises route to point to the IPsec tunnel (VTI, etc.) for that BGP peer IP address(es) in Azure. Without that route, BGP sessions cannot be established.

      Thanks,
      Yushun [MSFT]

    17. Application Gateway WAF | Unable to disable rule 949110

      Through advanced settings on an WAF enabled Application Gateway, you are unable to turn of Rule 949110. Is it possible to have this rule selectable like the rest.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      949110 signifies that a given request has reached threshold score and would be blocked. This is often due to one or more previous issues with the request which cause other rules to be triggered. It is those earlier rules customers should examine or disable to mitigate this issue being triggered.

    18. Local Network Gateway is NOT indicative of what it is. It should be REMOTE (to Azure) Network Gateway

      Local Network Gateway is NOT indicative of what it is. It should be Remote Network Gateway as it is where you add the REMOTE (to Azure) network IP addresses / ranges.
      We use Site-to-Site to connect to business partners.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      declined  ·  1 comment  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    19. 1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Flag idea as inappropriate…  ·  Admin →
    20. Meraki vpn

      looks like meraki with Ikev1 works, can you add it to the list if it works? are there any plans if its not tested so far??

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      declined  ·  0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    • Don't see your idea?

    Feedback and Knowledge Base