Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details

  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details

  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details

  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Event Hubs support in NSG Flow logs

      Currently NSG Flow Logs are do not have the ability to publish to Azure Event Hub as other logs do.

      It would be invaluable for this facility to be made available to allow onward transformation of log data (via Azure Functions) prior to ingest into products such as Splunk.

      128 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      5 comments  ·  Network Watcher  ·  Flag idea as inappropriate…  ·  Admin →

      Thank you for your feedback. Today publishing NSG Flow Logs to an Event Hub is not currently supported natively. We will continue to evaluate this suggestion and update the status accordingly.

      Today, if you are interested in transforming and streaming NSG Flow Logs to a 3rd party endpoint, we have published a sample here that leverages an Azure function: https://github.com/Microsoft/AzureNetworkWatcherNSGFlowLogsConnector

      Splunk has also published a blog with guidance on integrating NSG Flow Logging data here: https://www.splunk.com/blog/2017/02/20/splunking-microsoft-azure-network-watcher-data.html

    2. Network Watcher Topology should get information for resources in different resource group than VNET

      The preview of Network Watcher has a Topology feature which draws objects connected to a specific VNET, which is great. But, I noted that for a full topology, ALL resources need to be on the same Resource Group than the VNET chosen. That doesn't make sense, because is pretty common to have VMs and NICs on different RGs. Would be great if you choose a RG and a VNET as a starting point, and Topology feature gather all other resources interconnected independently of their RGs.

      123 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      12 comments  ·  Network Watcher  ·  Flag idea as inappropriate…  ·  Admin →
    3. Network Watcher in Azure Stack?

      Can you provide any guidance on when we could expect to see this awesome tool in Azure Stack? it would be hugely beneficial

      74 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      5 comments  ·  Network Watcher  ·  Flag idea as inappropriate…  ·  Admin →
    4. Additional "/read" permission to allow call to Network Watcher queryFlowLogStatus api

      Today default Build-In Reader role not allow to execute Query Flow Log Status, because Reader role allows all operations of "*/read".
      But query flow log status operation have "/action" in the end:
      Microsoft.Network/networkWatchers/queryFlowLogStatus/action

      This makes complicated to use different applications and services which want to query flow log status. To be able to do it they ask customers to create custom role in each and each subscription with that permission and then assign that role to the application (In addition to Reader role which they ask to assign for other features).

      If will be additional permission with "/read" operation to…

      43 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Network Watcher  ·  Flag idea as inappropriate…  ·  Admin →
    5. Network Monitor Dashboard

      Provide a dashboard to help understand the Azure network topology and to visualise the NSG rules

      26 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Network Watcher  ·  Flag idea as inappropriate…  ·  Admin →
    6. Network Flow Logs should show public destination IP

      When looking at the NSG Flow Logs at the moment, all traffic from e.g. my local laptop, seems to be flowing directly to the private IP address of my VM.

      The source IP is the public IP address of my laptop and the destination IP should, in my opinion, be the public IP address of the VM, not the local private subnet IP (10.x.x.x), when traffic is inbound from the internet.

      25 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Network Watcher  ·  Flag idea as inappropriate…  ·  Admin →

      Yes, the NSG Flow Logs will record the private IP address of the Network Interface. There are scenarios where public IP addresses can be shared across resources (e.g. using an Internet Load Balancer or Application Gateway) therefore we display private IP addresses to be most specific.
      The need to preserve Public IPs address traffic flow as part of the flow logs is valued feedback. Thank you for contributing.

    7. Allow access to packet capture while capture is running.

      When a packet capture is running in the Network watcher, you currently have to wait until the capture is complete to view the .pcap file. It would be useful to be able to look at the .pcap file while the capture is running.

      17 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Network Watcher  ·  Flag idea as inappropriate…  ·  Admin →
    8. Introduce alert mechanism in network watcher?

      It would be great if you can introduce an alert mechanism with all the monitoring it does. For exmaple : similar to what we have for Azure VMs, when the cpu utilization goes down we can configure an alert for the based on the threshold.

      Network watcher monitors many many things it should have the capability to generate alerts based on it's monitoring capabilities.

      16 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Network Watcher  ·  Flag idea as inappropriate…  ·  Admin →
    9. STOP creating random Resource Groups!

      Honestly, what are we going to do with you MSFT when it comes to RBAC?

      When MSFT puts services into Preview and often months or years after they are so-called GA they still fail to recognize that they are violating Governance, RBAC, rules allowing Azure Services to randomly create Resource Groups in any given Azure Subscription.

      The two biggest violators of this right now are Databricks and Network Watcher.

      In most cases our clients should be refusing to use these services until they are capable of adhering to Governance and Security rules being enforce by InfoSec and others.

      Resource Groups are sacred beasts…

      14 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Network Watcher  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.

    10. More frequent NSG Flow log rollover, and consumption into Traffic Analysis

      It would be useful to have NSG flow logs consumed by Traffic Analysis more frequently than every hour (ever minute would be great!).

      Currently the delay is too long to be useful for real-time troubleshooting, and useful only for analysis retrospectively.

      13 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      started  ·  1 comment  ·  Network Watcher  ·  Flag idea as inappropriate…  ·  Admin →
    11. Next Hop - show which route entry was used

      When you use next hop feature, it shows the route table ID that was used - but it would be nice if it showed the rule name from the route table as well.

      13 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Network Watcher  ·  Flag idea as inappropriate…  ·  Admin →
    12. NSG FLow Log with immutable storage

      For compliance reasons we want to send NSG flow logs to a compliant storage account with an applied immutability policy with allow protected appends on each log container.
      This works find with Activity Logs since Activity Logs writes to Append Blobs.
      But:
      NSG flow logs write to Block Blobs which are generated every hour and updated every few minutes.
      If immutability policy is set, no updates are written (despite of flag allow protected appends)

      Please change behaviour that flow logs can be used with immutable storage.
      Thank you

      12 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      3 comments  ·  Network Watcher  ·  Flag idea as inappropriate…  ·  Admin →
    13. ad snmp to service endpoint monitor

      The new service endpoint monitor is a very welcome addition. The only thing now missing from the OMS solution is a user-friendly way to collect SNMP data. Mainly for monitoring bandwidth usage etc on firewalls & routers.The linux snmpd to OMS logs option is to cumbursome because there's no way to centrally configure this.A snap option in the service endpoint monitor would be perfect for this!

      11 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Network Watcher  ·  Flag idea as inappropriate…  ·  Admin →
    14. Traffic Analytics in DoD regions

      Traffic Analytics in DoD regions

      9 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Network Watcher  ·  Flag idea as inappropriate…  ·  Admin →
    15. Azure Networking Traffic Simulator

      You should consider adding a Azure Networking Traffic Simulator somewhere in Azure to provide better tooling for troubleshooting and configuring NSG firewall rules.

      8 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      planned  ·  2 comments  ·  Network Watcher  ·  Flag idea as inappropriate…  ·  Admin →
    16. Synthetic Transactions for Office 365

      The network reachability tests are a fantastic addition, and taking it even further would be to allow user to specify send/receive account credentials and have the test send actual dummy email, test SPO and OD4B upload/download, Skype check presence, etc. Just a an even deeper test that O365 services are working from one of their nodes

      8 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Network Watcher  ·  Flag idea as inappropriate…  ·  Admin →
    17. Can't get NSG Flow Logs to show up in Azure Monitor Logs!

      I can't find corresponding flow logs for the action that I manually triggered. Here is what I am trying to do and I am expecting flow logs to show up after few (4) minutes but they don't!

      1) Call API at the Application Gateway @https://api.aspnet4you.com/api/customer/FindAllCustomers?country=United%20States&state=Washington&city=Seattle

      2) Query to find app gateway access logs and they show up in about 3 minutes:
      AzureDiagnostics
      | where TimeGenerated >= now(-15m)
      | where clientIP_s !=""
      | where Category == "ApplicationGatewayAccessLog"

      3) Query NSG Flow logs but NO Result Found!
      AzureNetworkAnalyticsCL
      | where TimeGenerated >= now(-15m)
      | where SubType
      s == "FlowLog"
      |…

      7 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Network Watcher  ·  Flag idea as inappropriate…  ·  Admin →
    18. Can network traffic (volume, speed, etc.) be visible in blades either at network interface or network security group?

      Can network traffic (volume, speed, etc.) be a tile visible in blades either at network interface or network security group or VM?

      7 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Network Watcher  ·  Flag idea as inappropriate…  ·  Admin →
    19. Network Monitoring API or Powershell Cmdlet for adding/removing nodes to be monitored

      Hello,
      Is it possible to use OMS - NPM with some kind of API or Poweshell Cmdlet.

      I have the following example that I need to solve:

      We create VMs and then sometimes they are turned off as they no longer needed for whatever reason. I do not want to still monitor network traffic to this node/VM on Azure.

      Currently we have to use the NPM UI configuration to select the node and click the checkbox for 'Use for monitoring` which is open to human error for when we forgot to disable this and more likely we forget to re-enable…

      6 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Network Watcher  ·  Flag idea as inappropriate…  ·  Admin →
    20. Availability Test Integration with Application Insights

      Right now App Insights provides availability tests, but they can only hit external facing sites. The Service Endpoint Monitor fills that gap for any internal sites, but the customer now has to manage 2 separate tool configurations. It would be ideal if App Insights would allow OMS nodes as options on the “Test Locations” list, so all URL testing would be configured in the same place and the respective engines would execute them appropriately

      5 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Network Watcher  ·  Flag idea as inappropriate…  ·  Admin →
    ← Previous 1
    • Don't see your idea?

    Feedback and Knowledge Base