Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details
  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details
  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details
  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    How can we improve Azure Networking?

    You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

    There are two ways to get more votes:

    • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
    • You can remove your votes from an open idea you support.
    • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
    (thinking…)

    Enter your idea and we'll search to see if someone has already suggested it.

    If a similar idea already exists, you can support and comment on it.

    If it doesn't exist, you can post your idea so others can support it.

    Enter your idea and we'll search to see if someone has already suggested it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Support IPv6 Throughout the Azure Platform

      IPv6 has been a standard for years and ISPs are starting to roll out native IPv6 stacks to consumers. The time is now to support IPv6.

      1,284 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        57 comments  ·  IPv6  ·  Flag idea as inappropriate…  ·  Admin →
      • add a source tag for Azure Datacenter IPs to NSG Rules

        On the following link, we are able to get the list of the azure datacenter / endpoint IPs that are actually used.

        https://www.microsoft.com/EN-US/DOWNLOAD/DETAILS.ASPX?ID=41653

        Please add a source tag like INTERNET or VIRTUALNETWORK to use Azure IP addresses in NSG rules.

        873 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)
          You have left! (?) (thinking…)
        • Azure Load Balancer to support HTTPS probes

          Currently it is not possible to utilise a HTTPS (port 443) probe against a backend pool and as a result you must use either port 80 or a TCP probe which isn't the same as actually making a HTTPS request and testing the HTTP response code.

          463 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            10 comments  ·  Load Balancing  ·  Flag idea as inappropriate…  ·  Admin →
          • VPN Gateway monitoring

            It would be great to have monitoring options in the azure portal which would show the bandwidth usage and throughput charts. It would help in figuring out if the 100mbps limit of the standard gateway sku is being hit at peak loads. If the details can be further provided for each individual site-to-site or point-to-site connection then that would be great thing to have. It would help immensely in finding out which connection is hogging the bandwidth the most.

            358 votes
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)
              You have left! (?) (thinking…)
            • Enable Multiple IP addresses for Azure Application Gateway

              Azure Application Gateway is a nice Service for Load Balancing Layer 7 HTTP and HTTPS traffic. Today, we can only attribute one IP address (Public or Private) to the Application Gateway Deployment. It is fundamental that a Load Balancer can support multiple IP addresses to provide flexibility (Based on many customers feedback)

              211 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                6 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
              • Provide multi-factor authentication capabilities in VPN client

                The ask is pretty self-explanatory.

                We want to host sensitive data in Azure VMs and enable connectivity only via P2S VPN.

                Today, the VPN client only requires having the cert to gain access the Azure Network. As the cert can easily end up in the hands of someone who shouldn't have access to it...it's not very secure.

                For MFA, integration with PhoneFactor would be cool. At a minimum, the VPN client should require a username/password in addition to requiring the cert.

                205 votes
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                • Enable split DNS for providing both public and internal name resolution to VMs in the VNET.

                  Amazon Route 53 supports split-view DNS, so you can configure public and "PRIVATE" hosted zones to return different external and internal IP addresses for the same domain names.
                  i think a similar capability can be very useful also in Azure

                  132 votes
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                  • App Gateway to support an URL length which is greater than 2048 characters

                    When running MVC applications with federated authentication with IdPs like Azure AD B2C, the OAuth response coming back from AD is always greater than 2048 character url length. This becomes limitation of AG as AG can not be used for application doing federated authentication with various IdPs including Azure AD B2C.

                    Please remove the 2048 character limitation as well any other request size limitation which could truncate url as well as request body including cookies etc.

                    101 votes
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      started  ·  7 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
                    • Monitoring of ExpressRoute

                      I want to be alerted, when my metered ExpressRoute is reaching a certain limit (that it is cheaper for me to go with unlimited model).
                      Overall no monitoring supported to verify if peering is up, how much inbound and outbound traffic is going through the ExpressRoute/Virtual Network Gateway.
                      The ExpressRoute is critical and therefore its state needs to be monitored.

                      52 votes
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        started  ·  4 comments  ·  ExpressRoute  ·  Flag idea as inappropriate…  ·  Admin →
                      • Faster configuration updates

                        I'm experimenting with using App Gateway as a frontend server to do URL routing to one Windows App Service and one Linux App Service, via the portal. I'm an hour in to this process because each and every step takes many minutes to complete.

                        50 votes
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →

                          Thanks for your feedback. We are working on improving the update experience to make it faster. As an alternate suggestion, please note that multiple configuration steps can be combined into a single update via PowerShell or ARM template for faster updates.

                        • Insight in Azure application gateway performance

                          Currently there is no way to view usage statistics of the Azure application gateway. Information I would like to see:

                          * Per hour performance statistics (e.g. nr of connections, bandwith, CPU usage, etc.)
                          * Advice on number of required instances based on metrics from last few days with recommendations to increase or decrease the number of instances

                          Regards,

                          Jan-Willem

                          48 votes
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            2 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
                          • Allow ACL on Application Gateway for IP filtering via X-FORWARDED-FOR header

                            We have requirements from customers to restrict access via their company subnets. It would be very nice if the App Gateway supported not only the SSL offload but the ability to apply ACLs to allow or deny access via a defined network range using X-FORWARDED-FOR headers.

                            48 votes
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              started  ·  4 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
                            • Allow IPv6 VIPs - Charge for *blocks of* IPv6 addreses

                              It would be nice if we could purchase elastic IPv6 blocks of IPs, then when setting up an endpoint for a VM we could select the specific IP from the block for the endpoint.

                              47 votes
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                0 comments  ·  IPv6  ·  Flag idea as inappropriate…  ·  Admin →

                                We currently offer the option of reserving single IPv4 public addresses. Reservation of blocks of IPv4 and IPv6 public addresses is, unfortunately, still in work- we apologize for the delay.

                                On a related topic, Azure now offers load-balanced, dual-stack (IPv4+IPv6) Internet connectivity for Azure VMs. This native IPv6 connectivity (TCP, UDP, HTTP…inbound and outbound initiated) all the way to the VM enables a broad range of service architectures. IPv6 for Azure VMs is available now in most Azure regions. Data transfers over IPv6 are billed at the same rates as IPv4. For more information, please visit this Overview of IPv6 for Azure Load Balancer: https://azure.microsoft.com/en-us/documentation/articles/load-balancer-ipv6-overview/

                              • Azure Internal Endpoints to Vnet

                                Please provide Azure Services with an Internal Endpoint (a least Azure Storage and Azure Backup) to build up machines without Internet Connection.

                                43 votes
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  3 comments  ·  Virtual Networks (VNET)  ·  Flag idea as inappropriate…  ·  Admin →
                                • Want that VNet Peering can be created another Region in same Gio

                                  Currently, although it is possible to create a Peering between VNet within the same region, the same thing can be carried out also in the address space and subnets in VNet.

                                  When VNet Peering can be created another Region in Same Gio that becomes available, I believe that the network design and expansion becomes easy.

                                  I kindly ask for your consideration.

                                  40 votes
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    5 comments  ·  Virtual Networks (VNET)  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Add DNS name label to private IPs

                                    Currently when using Azure provided DNS all VM's are registered automatically using VM name. Unfortunately it's not possible to register other resources like for example load-balancers with private IPs. It would be great to be able to assign dns name to private IPs

                                    30 votes
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                    • Make P2S (Point-To-Site) VPN work with Active-Active GW

                                      For running Production workloads in Azure we find that having a HA solution is important, and therefore using an Active-Active VPN GW is a must for us. Though we would also like to still use App Services linked to our custom vNet. At the moment this seems to not be possible as P2S VPN is not supported with a Active-Active GW.

                                      Therefore please make it compatible so we can connect App Services to our custom vNet and be able to communicate with onprem resources.

                                      15 votes
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                      • Add more metrics to better analyse capacity, firewall violations, etc

                                        Analysis via Log Analytics is useful, but it'd be nice to have some predefined reports or "blades" in Azure Portal to analyse events, throughput, capacity/utilization.

                                        12 votes
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          started  ·  0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Automatically add Web hosting plan services to virtual network

                                          I pretty much want to keep storage, SQL database, web app, VMs, and any other service I use within a private network to keep granular control of which services can connect to other services. The "open to all" connection strings to all services is a hard sell to any organization used to securing their IT behind firewalls and networks of networks. Where are you on this today? It must be considered a less secure since these connection strings always tend to leak..

                                          10 votes
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            1 comment  ·  Virtual Networks (VNET)  ·  Flag idea as inappropriate…  ·  Admin →
                                          • http probing SharePoint VMs

                                            Hi,
                                            we have an Azure IaaS dev SharePoint farm and we use Azure Load balancer to handle visitors trafic. We need to probe the SharePoint VMs using http (to get http return codes from a specific SharePoint page) and we discovered that to make http probing work, we had to add an unrelated 100.64.0.0/10 IP to the internal SharePoint alternate access mappings, which turned out to be the VM's physical host private Ip address.
                                            Problem is, we shut down the dev VM at night and when they're restarted, they're reallocated to a new host and then refuse to answer correctly…

                                            9 votes
                                            Vote
                                            Sign in
                                            Check!
                                            (thinking…)
                                            Reset
                                            or sign in with
                                            • facebook
                                            • google
                                              Password icon
                                              Signed in as (Sign out)
                                              You have left! (?) (thinking…)
                                              4 comments  ·  Load Balancing  ·  Flag idea as inappropriate…  ·  Admin →
                                            ← Previous 1
                                            • Don't see your idea?

                                            Feedback and Knowledge Base