Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details
  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details
  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details
  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    How can we improve Azure Networking?

    You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

    There are two ways to get more votes:

    • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
    • You can remove your votes from an open idea you support.
    • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
    (thinking…)

    Enter your idea and we'll search to see if someone has already suggested it.

    If a similar idea already exists, you can support and comment on it.

    If it doesn't exist, you can post your idea so others can support it.

    Enter your idea and we'll search to see if someone has already suggested it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Support IPv6 Throughout the Azure Platform

      IPv6 has been a standard for years and ISPs are starting to roll out native IPv6 stacks to consumers. The time is now to support IPv6.

      1,508 votes
      Vote
      Sign in
      (thinking…)
      Password icon
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      65 comments  ·  IPv6  ·  Flag idea as inappropriate…  ·  Admin →
    2. Support URL rewriting with Application Gateway

      PathBasedRouting is nice, but not super great without the ability to rewrite paths. I am trying to front a Service Fabric cluster, where multiple HTTP services live on http://+:80, at different path prefixes. Would be nice to use Application Gateway to direct https://api.company.com to http://cluster/api, and https://www.company.com to http://cluster/www

      992 votes
      Vote
      Sign in
      (thinking…)
      Password icon
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      31 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    3. Application Gateway: Support wildcard hosts in listeners

      Our product creates dynamic DNS zones for our customers, e.g. foo.z1.contoso.com, bar.z2.contoso.com, etc. We use Azure DNS for this. (Notice that we stripe our customer's domains across multiple zones (z1, z2), because Azure DNS has a max record count of 5000.)

      So, to support this, we have a wildcard SSL certificate for each zone e.g. *.z1.contoso.com, *.z2.contoso.com.

      In order to have Application Gateway provide SSL termintation for us, we obviously need to create Multi-site listeners for port 443. Unfortuantely, the 'Host' field on the Multi-site listener does not accept wildcard entries. Furthermore, specifying the host name 'z1.contoso.com' does not appear…

      588 votes
      Vote
      Sign in
      (thinking…)
      Password icon
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      26 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    4. Support SSL certificates stored in Key Vault secrets for listeners and backend HTTP settings on Application Gateway

      Azure Web Apps support the ability to store an SSL certificate in a Key Vault secret. A certificate resource can be created that references the Key Vault secret. The App service will periodically check for an updated SSL certificate in the Key Vault. The Application Gateway needs to have the same support for storing the SSL certificates in the Key Vault. It should be able to reference a Key Vault secret that contains the SSL certificate in the listener and backend HTTP settings configuration. This capability will allow the management of SSL certificates for Application Gateway and the Web Apps…

      439 votes
      Vote
      Sign in
      (thinking…)
      Password icon
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      25 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    5. VPN Gateway monitoring

      It would be great to have monitoring options in the azure portal which would show the bandwidth usage and throughput charts. It would help in figuring out if the 100mbps limit of the standard gateway sku is being hit at peak loads. If the details can be further provided for each individual site-to-site or point-to-site connection then that would be great thing to have. It would help immensely in finding out which connection is hogging the bandwidth the most.

      419 votes
      Vote
      Sign in
      (thinking…)
      Password icon
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    6. Increase listener limit for Application Gateway

      Application gateway has a very low listener limit (20 listeners / certificates). This severely limits it's usefulness for multi-tenant/domain applications where a web farm / service hosts many endpoints. IIS itself has no such small limit, but due to constraints on certificate deployment in cloud services, Application Gateway is the only clear path to wide scale SNI based SSL hosting. With it's low limit, it does not come close to meeting our use case. I would suggest the limit be removed or set to a very high limit like 10k+ so many certificates could be bound to host many different…

      336 votes
      Vote
      Sign in
      (thinking…)
      Password icon
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      18 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      We have raised the limit to 100 recently. We are regularly reviewing the limits and will continue to look for opportunities to raise the limits even further. If you have scenarios requiring limits higher than what is supported, please add your scenario details here (if you are comfortable with that) or raise an issue with Azure support and we will get back to you.

    7. Enable Multiple IP addresses for Azure Application Gateway

      Azure Application Gateway is a nice Service for Load Balancing Layer 7 HTTP and HTTPS traffic. Today, we can only attribute one IP address (Public or Private) to the Application Gateway Deployment. It is fundamental that a Load Balancer can support multiple IP addresses to provide flexibility (Based on many customers feedback)

      260 votes
      Vote
      Sign in
      (thinking…)
      Password icon
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      8 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    8. Provide multi-factor authentication capabilities in VPN client

      The ask is pretty self-explanatory.

      We want to host sensitive data in Azure VMs and enable connectivity only via P2S VPN.

      Today, the VPN client only requires having the cert to gain access the Azure Network. As the cert can easily end up in the hands of someone who shouldn't have access to it...it's not very secure.

      For MFA, integration with PhoneFactor would be cool. At a minimum, the VPN client should require a username/password in addition to requiring the cert.

      241 votes
      Vote
      Sign in
      (thinking…)
      Password icon
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    9. Integration with Key Vault Certificates

      It should be possible to select HTTPS certificates from Azure Key Vault. Since Azure Key Vault support auto-renewal of certificates, Application Gateway should also automatically update the certificates.

      221 votes
      Vote
      Sign in
      (thinking…)
      Password icon
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      started  ·  4 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    10. Allow Static Public IP Address

      Hi,
      We currently have VMSS running inside a public Load Balancer, that ensures all the apps have the same Public IP address. This is important for us, as we need to be able to publish our IP Addresses for all clients to whitelist.

      We really want to move to using the Application Gateway, but can't because it doesn't support static Public IP addresses.

      I don't believe there is a work around either?

      196 votes
      Vote
      Sign in
      (thinking…)
      Password icon
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      6 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    11. Support for dropping port out of x-forwarded-for header

      Hi,

      I've seen some compatibility issues with the x-forwarded-for header as it comes in on the format IP:Port rather than just IP. It would be useful to be able to adjust this header to just provide IP without the port. I think this should be adjustable, so IP:Port or just IP being available options rather than just one or the other.

      This would help x-forwarded-for being easy to parse on systems that only expect the IP to be sent through.

      Thanks,

      Neil

      156 votes
      Vote
      Sign in
      (thinking…)
      Password icon
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      started  ·  7 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    12. Enable split DNS for providing both public and internal name resolution to VMs in the VNET.

      Amazon Route 53 supports split-view DNS, so you can configure public and "PRIVATE" hosted zones to return different external and internal IP addresses for the same domain names.
      i think a similar capability can be very useful also in Azure

      142 votes
      Vote
      Sign in
      (thinking…)
      Password icon
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    13. VNet Peering Limit - INCREASE

      With new concepts like Global VNet Peerings, Virtual Datacenter and Hub-Spoke Topology - VNEt peerings become more and more important.
      Please INCREASE the number of 50x allowed Peerings / Subscription/Vnet

      Many thanks in advance, you are doing a great JOB - keep it UP!
      Catalin

      140 votes
      Vote
      Sign in
      (thinking…)
      Password icon
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      3 comments  ·  Virtual Networks (VNET)  ·  Flag idea as inappropriate…  ·  Admin →
    14. Allow an HTTP to HTTPS redirect on Azure Front Door

      Allow an HTTP to HTTPS redirect on Azure Front Door.

      132 votes
      Vote
      Sign in
      (thinking…)
      Password icon
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      started  ·  5 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    15. Add Custom Apex (Naked) Domains as front end hosts for Azure Front Door Service

      Azure Front Door Service is currently missing the ability to onboard Apex (Naked) Domains e.g. https://contoso.com https://example.com

      It runs on Anycast IP addresses that seem globally consistent for the Frontend host (something.azurefd,net)

      So why not allow me to onboard an Apex domain to the service by creating DNS A and / or AAAA records at the custom zone apex that point to the allocated Anycast IPs? (CNAMEs are not supported at the Zone Apex)

      If the answer is that the Anycast IPs aren't allocated in perpetuity please fix that first then add this feature!

      118 votes
      Vote
      Sign in
      (thinking…)
      Password icon
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      started  ·  8 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    16. Insight in Azure application gateway performance

      Currently there is no way to view usage statistics of the Azure application gateway. Information I would like to see:

      * Per hour performance statistics (e.g. nr of connections, bandwith, CPU usage, etc.)
      * Advice on number of required instances based on metrics from last few days with recommendations to increase or decrease the number of instances

      Regards,

      Jan-Willem

      103 votes
      Vote
      Sign in
      (thinking…)
      Password icon
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      3 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    17. Global VNET peering remote gateway and gateway transit support

      Remote gateways and gateway transit are currently not supported with global vnet peering. Is there a plan to support remote gateways in the global vnet peering feature to build a global hub-spoke topology over multipe regions?

      85 votes
      Vote
      Sign in
      (thinking…)
      Password icon
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      8 comments  ·  Virtual Networks (VNET)  ·  Flag idea as inappropriate…  ·  Admin →
    18. Allow ACL on Application Gateway for IP filtering via X-FORWARDED-FOR header

      We have requirements from customers to restrict access via their company subnets. It would be very nice if the App Gateway supported not only the SSL offload but the ability to apply ACLs to allow or deny access via a defined network range using X-FORWARDED-FOR headers.

      80 votes
      Vote
      Sign in
      (thinking…)
      Password icon
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      started  ·  8 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    19. Need a function to URL path rewriting in Application Gateway

      Currently, I know Azure Application Gateway has a function for redirection of URL path based.

      Now, I need a function for rewriting URL path during redirecting a request to backend server.

      For example, When Application Gateway received a HTTP request to http://www.contoso.com/test/*, it redirects the request as /images/* to backend server.

      In other words, I want to set a URL path for backend server in PathRuleConfig in Application Gateway.

      69 votes
      Vote
      Sign in
      (thinking…)
      Password icon
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    20. Add DNS name label to private IPs

      Currently when using Azure provided DNS all VM's are registered automatically using VM name. Unfortunately it's not possible to register other resources like for example load-balancers with private IPs. It would be great to be able to assign dns name to private IPs

      54 votes
      Vote
      Sign in
      (thinking…)
      Password icon
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    ← Previous 1 3
    • Don't see your idea?

    Feedback and Knowledge Base