Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details
  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details
  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details
  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Add CAA record

      Add the ability to add a CAA record! This is now becoming more important with Qualys flagging it as a "requirement".

      436 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      13 comments  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →
    2. Allow the use of a known outbound nat gateway for vnets

      VMs placed in a vnet today with a public ip attached, access the Internet from arbitrary, unknown addresses. This makes it hard to manage access from Azure VMs to backend systems relying on IP-address ACLs. We simply need to know which ip address azure vms use for accessing resources outside the vnet. If I use UDR's with dest 0.0.0.0/0, load balancing in Azure doesnt work. Please give us a configurable NAT gatway per subnet or vnet similar to what aws has.

      105 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      7 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    3. LoadBalancerProbe element to support SSL

      LoadBalancerProbe element to support https rather than just http - after all it's only been around since the nineties.

      68 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
    4. NAT Gateway functionality in Azure

      When we attach Azure Standard Internal Gateway then internet stopped working in the Azure VM (behind the Std ILB). There are two workaround to tackle this issue:
      1. Assign Individual IP to each and every Azure VM
      2. Put these all VMs behind the new Std Public LB with the same custom health probe which we have used in Std ILB, and creating any random LB rule based on this custom HP (Like workaround).

      There are below challenges with above soluntions:
      1. It is costly as there is some cost associated with each ***** ip.
      2. It is workaround which…

      48 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    5. Offer IPv6 nameservers

      Currently Azure DNS only provides IPv4 nameservers. Please provide IPv6 nameservers as well, preferably 2 or 3 of them along with the IPv4.

      21 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →
    6. Vous faite dure Microsolf

      Va falloir retourner a l ecole je comprend rien.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
    7. Microsoft peering to use /31 public IP for peering

      Most of the routers support using /31 IP address in interface configuration for point to point links. For microsoft peering it is mandatory to use public IP address space. Using a /31 public IP addresses will save some public IP addresses for us. Please enable this feature.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  ExpressRoute  ·  Flag idea as inappropriate…  ·  Admin →
    8. ARM V2 networks allow multiple address spaces

      When you try to add an address space to a V2 Virtual Network, it fails with an error message saying "Virtual network address space changes are not supported." You can do this with classic networks, and we started building our networks using different address spaces for DMZ, Data and App tiers. In order to maintain consistency we are holding back from utilising V2 features, which is a shame.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    9. ETA for Application Gateway Tier 2 (v2) availability in all locations ?

      Is there a plan to make App Gateway v2 available in all locations and if so is there an ETA for it ? Whitout public staic IPs, we can`t use App Gateways...

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      closed  ·  0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    10. Application Gateway v2 availability in Canada ?

      When are App Gateway v2 with WAF be available in Canada datacenters ?

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      closed  ·  2 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    11. SNI Certificates shouldn't break HTTPS health probing in Traffic Manager

      Currently, if a backend serves an SNI certificate, this breaks HTTPS health probing in Traffic Manager. This seems like a bug, really, but I'm not sure where to report it.

      https://github.com/MicrosoftDocs/azure-docs/issues/28209

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      closed  ·  1 comment  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →
    12. Traffic Analytics Dashboard Empty after Long Time

      I've configured Network Flows and Traffic Analytics per https://docs.microsoft.com/en-us/azure/network-watcher/traffic-analytics#enable-flow-log-settings yet, over two hours later, I am still getting the message about having "resource data... and no flow info for the selected workspace". When I look at the storage container that I have associated with the NSG flow, I can see that it has accumulated 84M of data and that 55M has been read by, presumably, the Traffic Analytics engine, but it is still missing from the dashboard.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      closed  ·  1 comment  ·  Network Watcher  ·  Flag idea as inappropriate…  ·  Admin →
    13. Path-based routing to single App Service Environment backend

      Currently to route traffic to an ILB ASE with many apps based on subdomains. I can use 1 backend pool with many multi-site listeners (not good because of the limit of listeners) or path-based routing to many backends. I would like 1 backend pool pointing to the ILB ASE, and path-based routing with hostname mapping to each App Service instance in the ASE based on my own custom domains. See here for clarification:

      https://stackoverflow.com/questions/51544913/azure-application-gateway-with-multiple-apps-in-a-single-app-service-environment

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    14. 2 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      closed  ·  1 comment  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    15. Allow Azure Firewall to be deployed to different resource group to VNet

      Currently Azure firewall must be in the same RG as the VNet, which impacts current RBAC models.

      2 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Firewall  ·  Flag idea as inappropriate…  ·  Admin →
    16. Static or DYnamic IP when creating VM

      guys is it possible that when you creating VM i.e WinServer2k16 that I have an option to make it Static IP Address ?

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      closed  ·  0 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    17. Log Rule details, not only NSG name

      When you have a Activity Log, you only have the name of the rule. When rule is deleted, we don't know what rules where there. Please add rule details in the activity log.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  Network Security Groups  ·  Flag idea as inappropriate…  ·  Admin →
    18. Documents looks older

      Documents looks older. When someone trying to explore azure there is need for recent documentation for every topic. Most of the topics are still looks older. For example HUB-Smoke topology, need to update newer ones.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      closed  ·  1 comment  ·  Flag idea as inappropriate…  ·  Admin →
    19. Costs go through the roof for the VPN Gateway

      Why is it you all say you support compliance, but only to the tune of the $. We need to go to at least DH group 5 or higher as a minimum to meet PCI-DSSv3.2 at a minimum (DH 5 is not even available). Basic Gateway used to support v3.1, but now with v3.2 mandatory we can't meet minimum requirements on basic. I would think that Microsoft should at least support the minimum requirements of PCI-DSSv3.2 for Basic instead of us having to pay times 5 to get to a level acceptable to v3.2

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      closed  ·  1 comment  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    20. Global VNet Peering Results

      Hi Team,

      We noticed that there is a latency issue between UK South to Korea South using global peering. We have done similar testing between Korea South to UK South and result was ok. Enclosed you will find iperf results, Please check and let me know.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      closed  ·  0 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    ← Previous 1 3
    • Don't see your idea?

    Feedback and Knowledge Base