ICMP Support for Azure Websites, Roles, Cloud Services
Need support for ICMP features like Ping in Azure Websites, Azure Mobile Services thru node.js, Web/Worker Roles/Cloud Services.
Unfortunately ICMP presents risks and problems for our underlying network infrastructure. However, we do understand the utility of being able to ping and we ourselves use TCP level applications to ping between services or the Internet, such as TCPING.
there is no benefit of Azure if you can connect to SQL server remotely and also u cant upload file using ftp
Andrew Best commented
This is unanswer. Please dont dodge like this. Also have a read of http://shouldiblockicmp.com/
Tim Weber commented
I can understand not allowing ping on external interfaces, whatever. We absolutely need a way to allow ping via a NSG without allowing all traffic. This is a basic need of any environment with multiple networks.
We develop websites and have a deployment system that deploys to multiple host servers. One of the sanity checks before deployment starts is a standard ping. If you can't ping the web host, obviously there's no reason to try the deploy process. Heck, even our anti-virus solution checks to see if a system is online by using ping. We don't feel the need to allow ALL traffic from our anti-virus server to all of our web-hosts.
Those are only a couple of examples where pinging between networks is used frequently. Microsoft, cut us all some slack and allow a ping option in your network security groups. Please reconsider!!
Cody Ardoin commented
I have revoked a $140,000 Enterprise License Agreement over this and gave it to Amazon Web Services. Absolutely pathetic. I will be moving our subsidiaries to AWS too until they fix this.
My personal favorite alternative http://www.azurespeed.com/Azure/PsPing get it from https://technet.microsoft.com/en-us/sysinternals/psping.aspx
Hieu Dang commented
"Unfortunately ICMP presents risks and problems for our underlying network infrastructure"
What the ****? Google and Amazon allowed it and why you don't? Seem your services is not good as Google and Amazon. This issue prevent me to choose Azure.
If ICMP presents risks and problems for the underlying network there is a much bigger problem than not being able to do health and access checks. Microsoft is saying that their network is fundamentally insecure and can not be trusted.
Ovi Dan commented
Please reconsider this position, security through obscurity is not the answer. You are doing harm to the Internet infrastructure by not allowing ICMP / traceroutes.
This is the stupidest dodge I've ever seen. Nobody is asking for blanket icmp support, just ping. Ping has no security risk at all. Give us a break and just be honest that it's a not a priority and you don't feel the effort to implement is worth the time. I would still disagree, literally every single hosting provider except Azure has this as a feature, but at least it would be honest.
Pretty stupid. Not sure what you are trying to hide.
Daniel Manser commented
Yeah ICMP is such a risk... that's why all major sites on the internet allow ICMP ping, even in Amazon AWS you can enable ICMP, but it's a risk for the Azure Cloud .
Robert Stanford commented
What a joke. If ICMP represents problems for underlying network infrastructure maybe you should reconsider whether you are in the right business.
Bas Warmerdam commented
For who isn't aware yet, you can do an outbound ping on Kudu, just go to Kudu Powershell and run tcpping.
That being said, being able to do a tracert to debug connectivity issues between to other endpoints would be nice.
Gordon Trivino commented
ICMP ping to Azure public IPs is a fundamental requirement to a number of external monitoring/checking services. Without this feature it prevents us from deploying some of our services into Azure. We will be trailing Amazon cloud to see if that provides ICMP support. This change is a requirement for many.
Tyler Kavanaugh commented
@Andrew, touche. The inability to use ping, as several commenters previously stated, limits the types of setups that can be deployed to Azure. For example, without ping, monitoring systems that rely on this functionality to verify whether a system is up or not will not be possible to set up. Why should we be limiting what the customer can do with the platform?
Disabling ICMP does not improve security. Sure it may cut down on random probes from the Internet but those are harmless to a properly secured service.
Ping and traceroute are critical tools for diagnosing network issues especially between peers on the Internet.
Tyler Kavanaugh commented
ICMP ping is such a fundamental part of the system administrator's toolkit that it's unbelievable that it is not supported in Azure. This really needs to change.
Taiko Jiao commented
Can't believe I purchased an Azure VM with no ping support!
Joel Charters commented
Built a VM infrastructure for monitoring remote equipment and sites, but cannot implement without ICMP. Didn't even occur to me that it wouldn't be available. If it isn't to be added I will have to move to Amazon. Grrr.
Gary Herbstman - Byte Solutions commented
Missing such a basic network management function is amazing. I had to imagine I had something mis-configured when trying to ping out from my VM. I cannot even ping the internal gateway.
I can come up with a whole bunch of demeaning adjectives for the designers of Azure but I will refrain.
Coming from the Amazon world, I find the system design and functionality differences dramatic. My current feelings are that unless you need something specific you can only get from Azure (which is not much), I will be going back to Amazon. The systems there are more fully developed, and they are designed by people with common sense. Azure seems to be designed by the same team who thought the Windows 8 start screen was a good idea.