Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details

  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details

  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details

  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Support URL rewriting with Application Gateway

      PathBasedRouting is nice, but not super great without the ability to rewrite paths. I am trying to front a Service Fabric cluster, where multiple HTTP services live on http://+:80, at different path prefixes. Would be nice to use Application Gateway to direct https://api.company.com to http://cluster/api, and https://www.company.com to http://cluster/www

      1,252 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      50 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      URL rewrite for Application Gateway v2 is currently in public preview! With this, you can now rewrite URL path and query string parameters based on a condition. The condition will be on request or response parameters.

      Also, you get the ability to choose the routing to a backend pool based on the original URL or the rewritten URL.

      We’d love for you to try it out and let us know your valuable feedback. Learn more here – https://aka.ms/urlrewritepreview and https://aka.ms/urlrewriteconfiguration

    2. Application Gateway: Support wildcard hosts in listeners

      Our product creates dynamic DNS zones for our customers, e.g. foo.z1.contoso.com, bar.z2.contoso.com, etc. We use Azure DNS for this. (Notice that we stripe our customer's domains across multiple zones (z1, z2), because Azure DNS has a max record count of 5000.)

      So, to support this, we have a wildcard SSL certificate for each zone e.g. .z1.contoso.com, .z2.contoso.com.

      In order to have Application Gateway provide SSL termintation for us, we obviously need to create Multi-site listeners for port 443. Unfortuantely, the 'Host' field on the Multi-site listener does not accept wildcard entries. Furthermore, specifying the host name 'z1.contoso.com' does not appear…

      1,086 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      53 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    3. Authentication support for application gateway

      For lift & shift of legacy systems, application gateway is very useful as we have different kinds of backends (VMs, service fabric, other PaaS services, etc.). The only missing capability is authentication, so we have to implement and configure authentication in various services, which is a big overhead. Otherwise, we have to give up application gateway but set up Nginx VMs instead.

      I have also looked at Azure API Gateway, but it seems to be too specialized for public APIs but our services also service static contents and ever-changing private APIs without swagger definition.

      265 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      4 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    4. Cross-subscription VNet (Shared VNet)

      A virtual network that spans subscriptions. Multiple different subscriptions can deploy to the same virtual network in a region.

      If you are interested in this feature, please up-vote and add details about your company/scenario.

      We appreciate the feedback.


      • VNet Team [MSFT]

      262 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      need-feedback  ·  6 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    5. Is it possible to expose Azure blob storage via Application Gateway

      Expose Azure blob storage via Application Gateway.

      I would like to remove public access for Azure Blob and only make it accessible via virtual network. The Azure Application Gateway will be public facing which does the SSL termination and forwards the request to blob.

      This would allow scanning for malicious content via virtual appliances before content is stored in blob.

      179 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      6 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    6. Azure Loadbalancer must delete unhealthy VM of Azure VMSS

      I have create Azure VMSS behind Public Azure Std LB with HTTP based Health Probe. Azure Loadbalancer is working as per expectation. But If VM is unhealthy then it must be deleted or re-provisioned. So that machine can attain healthy state again.

      156 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      12 comments  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →

      I’d like to ask you for more feedback on this request please. Load Balancer doesn’t control the VMSS. I think what you’re looking for is a way for VMSS to replace any instances with a LB health probe status of 0. I’ve reached out to VMSS team to get their input. LB is likely not the right place to do this.
      — Christian

    7. Monitor Application Gateway Load

      Provide a way to monitor Application Gateway CPU/Memory in order to track load. It's hard to know only based on current access/http errors when the WAF is under heavy preasure and we need to scale it up.

      153 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      There is no plan currently to offer these system level metrics for Application Gateway Standard (V1). However, we are planning to offer more observability with our new Autoscaling version (V2) of Application Gateway/WAF. We already offer Capacity Units as a metric which gives you a sense of the traffic load on your Application Gateway. More are planned for V2. Please send in your specific feedback via https://aka.ms/ApplicationGatewayCohort

    8. Add functionality to Application Gateway for routing based on HTTP headers

      The ability to route traffic to backend pools depending on HTTP headers would be much appreciated. At the moment the only way to do this is with a function app.

      121 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      4 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    9. vnet peering too expensive

      Best practices are to create a subscription for ExpressRoute and then peer VNets for different subscriptions. This doubles the cost of traffic to and from Azure making it a non start for most. It is understandable to have costs between regions, but for networking that would be no cost if in the same subscription, why is there then a cost for my networks in my two subscriptions in the same region? These cost make it impossible to follow best practices for security, design, partner management, etc.

      113 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      6 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    10. Azure load balancer currently doesn't report the status of backend pool VMs based on health probes.

      Azure load balancer should report the status of backend pool VMs based on the health probes we have created and not just report if the VM is running or not. Recently one of my backend pool VM went into high load and it took me minutes to identify the problematic one. LB was not sending any traffic to this VM however the portal was still showing it 'Running' instead of "Unhealthy" or "Failed". This would save a lot of time and will be easy to see health of backend pool vms.

      110 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      3 comments  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
    11. Application Gateway WAF support gzipped content in the request body

      Application Gateway WAF does not support gzipped content in the request body.

      91 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      4 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    12. Need a function to URL path rewriting in Application Gateway

      Currently, I know Azure Application Gateway has a function for redirection of URL path based.

      Now, I need a function for rewriting URL path during redirecting a request to backend server.

      For example, When Application Gateway received a HTTP request to http://www.contoso.com/test/, it redirects the request as /images/ to backend server.

      In other words, I want to set a URL path for backend server in PathRuleConfig in Application Gateway.

      79 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      URL rewrite for Application Gateway v2 is currently in public preview! With this, you can now rewrite URL path and query string parameters based on a condition. The condition will be on request or response parameters.

      Also, you get the ability to choose the routing to a backend pool based on the original URL or the rewritten URL.

      We’d love for you to try it out and let us know your valuable feedback. Learn more here – https://aka.ms/urlrewritepreview and https://aka.ms/urlrewriteconfiguration

    13. Allow multiple hostnames in the same Listener Application Gateway

      Sometimes we share differents hostnames with the same web site.
      Currently, this means that we have to deploy differents listeners in order to provide access to the same backend pool.

      With a 20 listeners limit this solution is a bit expensive...

      Would it be possible to add multiple hostnames/sitenames to listener?

      Thanks in advance

      79 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      6 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    14. Allow Traffic Manager to Support Absolute Monitoring Endpoints

      Current endpoint monitoring in Traffic Manger only supports a relative path. For flexibility, it would be great to support a full url path like http://www.example.com/health

      66 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →

      Traffic Manager constructs the probing URL by appending the endpoint FQDN with the relative path. So if the FQDN of your endpoint is example.com and a relative path is /index.html then the probing path would be example.com/index.html
      You can also specify custom host header for each endpoint if required and set expected HTTP codes for the profile; in case the application does not return 200OK for the probes. Please see https://docs.microsoft.com/en-us/azure/traffic-manager/traffic-manager-monitoring

      Could you elaborate on the scenario that would require absolute URLs for each endpoint?

    15. List the private IP address of a virtual network gateway

      Show the private IP address of a virtual network gateway in the "Connected devices" blade.

      33 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      4 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      Hi,

      Currently, the gateway private IP addresses are not required for configurations or operations, other than the GatewaySubnet range. They should have been hidden from users. The gateway resource model does not have a field for those either.

      There may be use cases for new features down the road. We will update the gateway resource model accordingly and expose those properly.

      Thanks,
      Yushun [MSFT]

    16. Enable Jumbo Frames with Accelerated Network

      Accelerated Network still has MTU = 1500, which creates too much overhead at 30 Gb/s speed. Would be helpful to have it at 9000 by default or at least configurable.

      22 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      3 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    17. custom domain verification for Azure users is a hassle and blocker

      We are setting up an Azure tenant which we want to link to VSTS in order to create a Devops infrastructure.

      To do so we need to add a custom domain in the Azure tenant's AD, but this is impossible because the domain is already listed in another AD (the one used by our Office365 tenant).

      So now we need to use a separate domain, and change all users in VSTS???

      Please remove this barrier....

      15 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →
    18. Azure load balancer health checks should have more configurable options

      The current Azure Load Balancer checks are very basic. They should be extended to allow
      * Custom headers added to HTTP checks
      * Auth headers on HTTP checks
      * Check returned content for a pattern
      * Allow POST rather than GET with customisable content
      * Accept other HTTP return statuses (for example, 3xx) as valid
      * TCP checks should allow configuration of Send/Expect strings
      * Maybe additional checks for such services as LDAP, DNS, etc

      As comparison, the popular HAProxy load balancer supports most of these capabilities.

      15 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
    19. Add internal dns name for loadbalancer

      Is it possible to add the swicth "--internal-dns-name <Name>" for an internal loadbalancer ?
      This is possible for an NIC today, please add this to loadbalancer

      12 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
    20. Audit logs for DNS record changes

      Multiple people have access to our DNS zones. We would like to know who changed what.

      11 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      3 comments  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →
    ← Previous 1 3
    • Don't see your idea?

    Feedback and Knowledge Base