Networking
The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.
Virtual Network:
Traffic Manager:
Network Watcher:
If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.
-
Affinity Group Missing
Hi Gents,
The Affinity Group - or my vnet is missing when creating a cloud service. How do you expect me to assign my cloud services to my vnet (Affinity Group) if it is missing from the Azure Portal?
I had to use power shell and am now running into address issues.
1 voteVNet is scoped to a region. It accepts deployments that are tied to an affinity group, as long the affinity group is in the same region as the VNet. The new Ibiza portal does not support cloud services concept.
-
Provide Load balancing performance Data for ILB
Provide the ability to get ILB performance data.
1 votethank you for your suggestion. we are looking at providing more diagnostic options for the platform and may decide to incorporate this at a later time.
-
Standard load balancer - last rule warning
I just caused an outage, because I deleted the last rule of the standard frontend load balancer in front of the firewalls.
The root cause is clear based on the documentation:
"The Load Balancer resource must be configured with a load balancer rule to create a link between the public IP frontend with the backend pool."
That means, I am forced to have a rule, regardless whether it is nonsense like some random high port, in order to enable the backend VMs to connect to internet. So even I do not want to have a connection from internet, I still…1 votePlease use outbound rules https://aka.ms/lboutboundrules to define outbound independently of inbound connectivity.
— Christian -
Virtual Network Gateway
I believe that route based Virtual Network Gateways are created as GatewaySKU = Basic by the new Azure Portal but billed as GatewaySKU = Standard.
I created a new Virtual Network Gateway through the new Azure Portal and then checked the GatewaySKU via Azure PowerShell. It showed the SKU being Basic but according to the Portal I was being billed the Standard GatewaySKU rate.
I was able to fix the billing by first changing the GatewaySKU via PowerShell to Standard and then immediately back to Basic.
1 voteYou should not be seeing this behavior. If it happens again, please open a support ticket through the Azure Portal so that we may investigate why this is happening.
Thanks,
Bridget [MSFT] -
Improve to check cause of setup error
On my network watcher, i could not get the status correct on my NSG. Is there a way to check why it "failed to load"?
I find no clue what is the cause of it? Validated that the region is enabled.
How to troubleshoot such error? Googled but still not able to find a good solution to it. Or way to troubleshoot the cause to proceed the setup.
1 voteThank you for the feedback. This is a feature request forum. Please choose to ask how-to/troubleshooting questions on the MSDN forum (https://social.msdn.microsoft.com/Forums/en-US/home?forum=WAVirtualMachinesVirtualNetwork&filter=alltypes&sort=lastpostdesc) or create a Support ticket from the Azure Portal. Thanks again.
-
Virtual Network Gateway Hours - Pay only for what you use
I just notice, Virtual network gateway hours is not pay when use. Once you create the gateway and extend the Azure virtual network to your premise, it starts to charge no matter what it's connect or disconnect.
From pricing detail, $0.05 per connection-hour (~$38/month).
So, even I shutdown my premise router overnight, I still need to spend min $38 monthly. It is not really "Pay only for what you use".
1 voteHi, Alex,
There are two charges related to the Azure VPN service: the compute resource charge at $0.05/hour, and the egress data volume charge. Both are based on resource consumption, Unfortunately, even if the VPN tunnels are not connected, the gateway compute resource is still being consumed.
The charge is based on business review and common industry practice. We will consider providing the functionality to “STOP” a gateway if the customer is certain that the gateway will not be in use. If this is the request, please open another item and we will track that feature ask accordingly.
Thanks,
Yushun [MSFT] -
Add information covering scaling.
How much throughput can a VNET handle? How do you monitor that? Guidance on this topic would be helpful.
1 voteHi Zack, VNet doesn’t impose any throughput limitations. VNet is simply a logical boundary to isolate your environment in the cloud. Throughput restrictions would come into play with other resources such as VMs. You can find those here: https://docs.microsoft.com/en-us/azure/virtual-network/virtual-machine-network-throughput
-
Port Not listing on LB
Team,
When we openany new port on LB, it always not listing and also not able to telnet. Then we need to delete again probe and LB rule then it works.
Please improve the LB function so that if anybody open new port, its work quickly.
thanks
AShok1 voteThank you for your post. This functionality already exists. It seems like you are having trouble and we recommend opening a Service Request with our Support team via our portal at portal.azure.com.
-
native support for opc-ua over https
my organization is keen to implement opcua on cloud but needs the protocol opc-ua over https as native.
please consider. for now this is still an optional implementation as specified in the ua specifications. will microsoft consider taking the lead to jump start this implementation?1 voteThank you for your suggestion. We are not looking at supporting this in the near future.
-
Using portal
When using the portal to create reserved IPs the name gets prepended with "Group <groupname> <reserved ip name>". Then, when it's displayed it only shows what was entered, so it's very deceiving. If you use powershell to view your list of reserved IPs you can see the actual name and it's usable.
1 voteHi there,
This was an issue with classic IPs and how they appear in ARM. We recommend using ARM for future deployments.
- Anavi N [MSFT]
-
Hi Geeks, exchange 2013 setup on azure but unable to recieve external emails. port 25 blocked!! any help!! :(
Hi Geeks, exchange 2013 setup on azure but unable to recieve external emails. port 25 blocked!! any help!! :(
1 voteThis is a support request, Uservoice is used for suggestions for feature work. Please create a support ticket with our support team through portal.azure.com.
-
1 vote
thank you for the suggestion.
-
Poderia ter um gerenciamento de dns reverso! Acho que faz muita falta...
Poderia ter um gerenciamento de dns reverso! Acho que faz muita falta...
1 vote -
Ability to specify Target VM on Azure CLI command 'az network lb inbound-nat-rule create' command
When you create an inbound NAT rule you cannot specify the target VM. You can use a different command (az network nic ip-config inbound-nat-rule add) or the GUI, but it would be good to have the option here too.
1 voteThanks for the suggestion. The commands are actually two different actions. One is the creation of the rule and the other the application to the NIC where the rule should be used.
-
Support names as well as IP addresses for local gateway on site-to-site VPN
Today you only allow IP addresses to be specified as the local gateway endpoint for a site-to-site VPN. Customers who receive their public IP via DHCP would greatly benefit if this config parameter could also take a DNS name that the Azure gateway infrastructure would resolve to the current IP (and if there are connectivity issues, re-resolve as the IP may have changed).
1 voteUnfortunately, static IP address is a requirement on the Azure VPN. Switching to DNS name based IPsec/IKE is currently not possible.
Thanks,
Yushun [MSFT] -
Azure DNS
Azure DNS is a service, not a resource! So don't require using it in a context of a resource group!
0 votesThank you for the feedback.
Azure Resource Manager is fundamental building block of all Azure services, providing a number of cross-platform benefits such as a shared authentication and authorization framework enabling role-based access control.
A resource group is a fundamental concept in Azure Resource Manager, and that’s why Azure DNS requires DNS zones to be placed in resource groups.
We would like to understand your concerns better to look for alternative solutions. Other than needing to create a resource group and specify the resource group name when creating a DNS zone, is there another issue? We would be interested in any specific feedback if using a resource group causes any specific scenarios not to work for you.
-
Azure SLB: suggestion for display of frontend ip addresses
On the portal, we can see public IP address which is assigned to each VM in "overview" of VM resource.
If VM is bound to loadbalancing rule or inbound NAT rule of SLB, SLB's frontend IP address is displayed in "Public IP address" field.However, even if SLB has multiple frontend addresses, not all public addresses are not displayed, but only a single public address is displayed in this field. Sometimes it confuses operators. Please consider to modify this like below:
- not to display any frontend IP address of SLB in "Public IP address" field
or - display all frontend IP…
0 votes - not to display any frontend IP address of SLB in "Public IP address" field
-
Load Balancer should drop all packets for ports not configured
Load Balancer should drop all packets for ports not configured before they get to my NSGs. See REG: 119012221000062 for additional information. Basically, the Azure LB installed as part of the Azure AD service is configured for port 443. But my NSG flow logs show packets arriving on a port other than 443 and incidentally for the destination as the public IP associated with the LB. My initial complaint was why do I see such a public IP address and I was told this is unavoidable because SNAT is enabled on this LB. I have no control over this LB…
0 votesDuplicate of another Uservoice item.
— Christian -
Application Gateway WAF | unable to disable ruleId:200002
I would like to diable ruleId:200002.
Currently, only ruleId:200004 is listed in General.
It seems that ruleId:200002 is same as ruleId:920130 .
I will be blocked by 200002 even if I disabled 920130.0 votesThis is not planned as this rule validates whether the request body can be parsed which is important for further analysis. This rule signifies that the request body is malformed.
- Don't see your idea?