Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details
  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details
  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details
  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Network Watcher in Azure Stack?

      Can you provide any guidance on when we could expect to see this awesome tool in Azure Stack? it would be hugely beneficial

      62 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      5 comments  ·  Network Watcher  ·  Flag idea as inappropriate…  ·  Admin →
    2. Event Hubs support in NSG Flow logs

      Currently NSG Flow Logs are do not have the ability to publish to Azure Event Hub as other logs do.

      It would be invaluable for this facility to be made available to allow onward transformation of log data (via Azure Functions) prior to ingest into products such as Splunk.

      50 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  Network Watcher  ·  Flag idea as inappropriate…  ·  Admin →

      Thank you for your feedback. Today publishing NSG Flow Logs to an Event Hub is not currently supported natively. We will continue to evaluate this suggestion and update the status accordingly.

      Today, if you are interested in transforming and streaming NSG Flow Logs to a 3rd party endpoint, we have published a sample here that leverages an Azure function: https://github.com/Microsoft/AzureNetworkWatcherNSGFlowLogsConnector

      Splunk has also published a blog with guidance on integrating NSG Flow Logging data here: https://www.splunk.com/blog/2017/02/20/splunking-microsoft-azure-network-watcher-data.html

    3. Introduce alert mechanism in network watcher?

      It would be great if you can introduce an alert mechanism with all the monitoring it does. For exmaple : similar to what we have for Azure VMs, when the cpu utilization goes down we can configure an alert for the based on the threshold.

      Network watcher monitors many many things it should have the capability to generate alerts based on it's monitoring capabilities.

      16 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Network Watcher  ·  Flag idea as inappropriate…  ·  Admin →
    4. Next Hop - show which route entry was used

      When you use next hop feature, it shows the route table ID that was used - but it would be nice if it showed the rule name from the route table as well.

      13 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Network Watcher  ·  Flag idea as inappropriate…  ·  Admin →
    5. Allow access to packet capture while capture is running.

      When a packet capture is running in the Network watcher, you currently have to wait until the capture is complete to view the .pcap file. It would be useful to be able to look at the .pcap file while the capture is running.

      11 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Network Watcher  ·  Flag idea as inappropriate…  ·  Admin →
    6. Can network traffic (volume, speed, etc.) be visible in blades either at network interface or network security group?

      Can network traffic (volume, speed, etc.) be a tile visible in blades either at network interface or network security group or VM?

      7 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Network Watcher  ·  Flag idea as inappropriate…  ·  Admin →
    7. Network Flow Logs should show public destination IP

      When looking at the NSG Flow Logs at the moment, all traffic from e.g. my local laptop, seems to be flowing directly to the private IP address of my VM.

      The source IP is the public IP address of my laptop and the destination IP should, in my opinion, be the public IP address of the VM, not the local private subnet IP (10.x.x.x), when traffic is inbound from the internet.

      4 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Network Watcher  ·  Flag idea as inappropriate…  ·  Admin →

      Yes, the NSG Flow Logs will record the private IP address of the Network Interface. There are scenarios where public IP addresses can be shared across resources (e.g. using an Internet Load Balancer or Application Gateway) therefore we display private IP addresses to be most specific.
      The need to preserve Public IPs address traffic flow as part of the flow logs is valued feedback. Thank you for contributing.

    8. GetBestNeigbhors for a given Source Azure Region

      GetBestNeighbors
      Input :
      AzureRegion SourceRegion : Source region , Frame of Reference
      AzureRegion[] Regions : List of regions which needs to be reached from Source Region

      Output : Ordered list of azure regions “best” reachable from SourceRegion

      Alternatively , Simpler version

      GetBestNeighbors
      Input :
      AzureRegion SourceRegion : Source region

      Output : Ordered list of all available azure regions “best” reachable from SourceRegion

      Alternatively ,Even more simpler version

      GetBestNeighbors
      Input :

      Output : Ordered list of all available azure regions “best” reachable from SourceRegion. This must be same as it would have been called from Source region as above.

      2 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Network Watcher  ·  Flag idea as inappropriate…  ·  Admin →
    9. Monitor container network traffic within a node

      I would like to see a solution for monitoring traffic between containers on the same node. I'm not sure if the Network Watcher product already does this or not - it wasn't specified.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  Network Watcher  ·  Flag idea as inappropriate…  ·  Admin →
    10. Let security group view show the order in which rules are processed

      The current security group view allows multiple ways to sort the security rules that show up. It would be most useful if there would be a way to sort the security rules in the effective way they would be processed, meaning:
      1. customer defined rules on the subnet
      2. default rules on the subnet
      3. customer defined rules on the NIC
      4. default rules on the NIC.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Network Watcher  ·  Flag idea as inappropriate…  ·  Admin →

      Thank you for the suggestion, we’ll consider adding this sort option. The current UI in Portal provides you with tabs to see the security rules applied on the Subnet and the NIC, as well as the default rules.

      Note, the rule processing order you provided only applies for inbound traffic. From https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-nsg :

      Inbound traffic

      1. NSG applied to subnet: If a subnet NSG has a matching rule to deny traffic, the packet will be dropped.

      2. NSG applied to NIC (Resource Manager) or VM (classic): If VM\NIC NSG has a matching rule to deny traffic, packet will be dropped at VM\NIC, although subnet NSG has a matching rule to allow traffic.

      Outbound traffic

      1. NSG applied to NIC (Resource Manager) or VM (classic): If VM\NIC NSG has a matching rule to deny traffic, the packet will be dropped.

      2. NSG applied to subnet: If…

    • Don't see your idea?

    Feedback and Knowledge Base