Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details
  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details
  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details
  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. ICMP Support for Azure Websites, Roles, Cloud Services

      Need support for ICMP features like Ping in Azure Websites, Azure Mobile Services thru node.js, Web/Worker Roles/Cloud Services.

      877 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      75 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    2. Support Multicast within Virtual Networks

      Allow Multicast operations within the virtual networks for IaaS

      139 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      declined  ·  15 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    3. Please make Site-to-Site VPN avaiable for devices behind a NAT and not on public IP

      Please make Site-to-Site VPN avaiable for devices behind an router an not only public ip

      121 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      11 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    4. Rename VNET

      Be able to rename a VNET (changing name only) without having to suppress all VM's and recreate them after...

      114 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      18 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    5. Allow basic port forwarding in Network Security Groups

      It'd be really nice if Network Security Groups allowed basic port forwarding without the use of Azure Load Balancers. Being able to use an alternate public port for RDP, for example 23456, and directing the traffic to the native port (3389) in the Azure environment via the network group would make things simpler than having to create a load balancer to sit in front of the NSG and VM.

      107 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      3 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    6. Allow Multiple network interfaces on all VM sizes

      While it is great that Azure now supports multiple network interfaces, this is restricted to standard sizes above large.

      Often the requirement for multiple nics is on a machine that is a crossing point between networks, using a standard tier large VM for this type of traffic is serious overkill!

      There is a need to have a small, ideally basic tier VM that can have two nics attached.

      I realise this *may* be in the pipeline, since multiple nics are so new to Azure, but it would be very helpful in creating cost effective solutions on Azure if this could…

      100 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      7 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    7. Internal load balancer Log Analytics

      Log analytics currently works only for Internet facing load balancers.
      We need this very urgent for our Internal facing load balancers!

      90 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      5 comments  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →

      Thank you for the feedback. Please use Standard internal LB which provides multi-dimensional metrics in Azure Monitor.

      “Request logs” is not something that can be provided. The service is a pass through network load balancer and the handshake is between the client and the VM’s application directly. You can use NSG flow logs in Network Watcher to generate flow records for any VM’s traffic, including that which traverses the Load Balancer resource. This is described here: docs.microsoft.com/en-us/azure/network-watc..

      — Christian

    8. Specify Firewall Exceptions by Host Name Resolution

      The current mechanism of specifying firewall exceptions is problematic for those without static IP addresses. Allowing permitted IP addresses to be specified by host name resolution would allow customers to use a dynamic DNS service and eliminate the need to manually update firewall rules when a new address is assigned.

      79 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      4 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →

      Thank you for the suggestion. Layer 7 functionality is out of scope for NSG at this time. Please take a look at WAF options, including Application Gateway, to see if they can meet your needs. We’re also looking at ways to expose endpoints within the vnet itself.

    9. Move Azure Network to Resources Groups or Subscription

      Would be great if we can move networks to new Resources Groups or move networks to another subscription. We have 4 subscriptions to organize the costs, but now we can't move the Networks.

      64 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      declined  ·  1 comment  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    10. Multicast support

      Once Azure supports UDP for web and worker roles, it would be really nice to enable UDP multicast, at least for internal network traffic.

      55 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Flag idea as inappropriate…  ·  Admin →

      Given the security implications, we are not likely to support multicast in the near future.

      UDP is supported, today.

    11. Allow adding of web apps from other subscription to traffic manager

      Currently it is not possible to add web apps from different subscriptions (e.g. EU and US deployment in different enterprise accounts) to the same traffic manager configuration, not even as external endpoint via Powershell.

      This seems to be an artificial restriction as it prevents endpoints with "azurewebsites.net" in the domain name, but using a CNAME to change this domain name works (nasty work around).

      50 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →

      We have added support for endpoints from multiple subscriptions in a single Traffic Manager profile. This is now possible when using the Azure Resource Manager API for Traffic Manager. The account containing the Traffic Manager profile must simply have read permissions for each endpoint.

      Unfortunately, we were unable to extend this support to include Web App endpoints, due to a restriction in how custom domain names work in Web Apps. Please see https://docs.microsoft.com/azure/traffic-manager/traffic-manager-faqs#traffic-manager-endpoints for details.

    12. Support for Sticky IP Load Balancing

      Many applications still use non-persisted session-cookies to track user sessions -- default behavior in most web application servers. So it is not possible to use DNS round-robin load balancing without changing the application session management logic. This makes it more difficult to migrate to Azure.

      Can you enable sticky IP load balancing for Azure VMs? You may get more application migrate to a azure without much re-engineering effort.

      40 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      6 comments  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
    13. Custom Destination on load balancer failure

      It would be good if when the loadbalancer probe fails (It can't reach any page in a timely fashion) it could redirect to a failureURL. This way in the event that something is going wrong customers could still be given a brandend friendly error message or be assured we are working on it.

      37 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
    14. Create a tool that automatically connect TMG with Azure VPN

      Create a tool that automatically connect TMG with Azure VPN.
      As the Forefront Thread Management Gateway is a Microsoft product i like to see a tool that setup the TMG more easily.

      35 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
      declined  ·  Yushun Wang [MSFT] responded

      Thanks for the feedback. Please note that Microsoft has announced the plan to discontinue TMG. Please refer to the following link:

      http://technet.microsoft.com/en-us/forefront/ee807302.aspx

      For connecting to Azure, the product team has added support for using Windows Server Routing and Remote Services as the on premise VPN gateways:

      http://msdn.microsoft.com/en-us/library/windowsazure/dn133801.aspx

      Disclaimer: The DynamicRouting gateway offering is still in preview. The Microsoft recommendation is NOT to run production workload on preview services.

      Thanks!
      Yushun [MSFT]

    15. P2S VPN Client Without Local Admin Rights

      Currently the Azure P2S VPN client requires the user to be a local admin. The response to my support call was:

      "This is By Design and unfortunately there is no alternative as running the Point-To-Site VPN connection as local admin, because you basically need to inject a new route in the routing table for the VPN and that can be done only by an admin.

      Unfortunately, Point-to-Site users need to have machine admin rights at this time. There is no workaround for the Point-to-Site VPN, cause the VPN client needs admin permissions."

      I would like to see the necessity to…

      33 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      12 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    16. Allow Azure Connect groups settings to be specified in the service configuration and/or expose APIs

      There is apparently no way to persist Azure Connect group settings between full deployments. Since some startup tasks rely on this, and since managing them through the UI can be a pain when there are many roles and endpoints to configure, there has to either be a way to specify the groups that a role should join, within the ServiceConfiguration.cscfg file, or a way to programmatically configure the group settings during a startup task. The configuration option is probably sufficient for most scenarios.

      31 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    17. Please provide a function to collect Azure Load Balancer access logs.

      We want to collect ALB access logs.
      Today (July 2016), we can collect "Alert event" and "Health probe" logs by using preview feature, but these features doesn't contain access logs.

      Log analytics for Azure Load Balancer (Preview)
      https://azure.microsoft.com/en-us/documentation/articles/load-balancer-monitor-log/

      For example, we can collect access logs on Application Gateway in the following system.
      Since we cannot collect ALB access logs, a function just like the one for Application Gateway is needed.

      (Client) => (Application Gateway) => (Web Frontend) => (ALB) => (App / DB)

      Any little information is appreciated.

      =====
      (Japanese)
      ロードバランサーのアクセス ログを取得したい。
      2016/07 現在、プレビュー機能を利用してアラートとヘルスプローブのログを収集できるが、この機能ではアクセスログが取得できない。

      Azure Load Balancer のログ分析 (プレビュー)
      https://azure.microsoft.com/ja-jp/documentation/articles/load-balancer-monitor-log/

      30 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →

      thank you for your feedback. Azure Load Balancer does not interact with the application layer today. I’ve noted this as long term feedback but declining at this time since I have near term way to get there and returning your votes. Happy to discuss further if you like.

    18. Silent install for P2S VPN package file

      We want to silent install mode for P2S VPN package file.
      Now, This package file has Quiet modes of the "/Q" options. However, we got the error message below when we execute vpn package file with "/Q".
      "Error creating process <<None>>. Reason: The system cannot find the file specified."

      30 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      3 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      Thank you for the suggestion. Unfortunately, this is a Windows VPN platform constraint. Azure P2S VPN package will add network routes on the machine, which will require admin privilege and will trigger UAC prompt on Windows. This is not an Azure specific constraint.

      Thanks,
      Yushun [MSFT]

    19. azure reverse proxy load balancer

      At the moment of discussion Azure offers 2 possibilities for ARM load balancers: internet facing load balancer and application gateway. There are some features that are missing from both of them, that would be nice to have. I would like a solution like F5 BIG-IP LTM to be available from azure. Among the features it should have:
      - cookie persistence
      - ssl offloading
      - ssl strengthening (use certain versions of tls and ciphers)
      - preserver original IP
      - encrypt application cookie
      - disable headers (Server, X-Powered-By)
      - disable clickjacking (x-frame-options: SAMEORIGIN)
      - block blacklisted user agents
      - cookie encryption
      -…

      29 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
    20. Our team has tens of developers who have MSDN account. We'd like to share same VNet which connects to our on-premise network.

      Each developer has free-tier Azure usage within their MSDN account, but they can not start virtual machines in the on-premise-connected VNet using the free tier.

      To start virtual machines with their account and to access them from on-premise network, It seems that they have to make their own VNet and connect it to the on-premise-connected VNet. It is not convenient.

      I believe that If the owner of the on-premise-connected VNet could allow other accounts to create virtual machines within the VNet, lots of developers will be happy for that.

      29 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    ← Previous 1 3 4 5 6 7
    • Don't see your idea?

    Feedback and Knowledge Base