Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details

  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details

  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details

  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Azure Virtual WAN P2S with Windows Native VPN Client using IKEv2 - 25 routes limit

      Currently Azure Virtual WAN P2S gateway creates a dedicated Traffic Selector for each prefix/subnet learned via ExpressRoute BGP. This behaviour creates an issue for P2S IKEv2 Windows clients because Windows IPSEC stack can only parse 25 Traffic Selectors. If the limit is reached Windows throws an Error 13834 – “Error processing ID payload” and stop processing VPN tunnel creation.

      It would be great if this issue can be addressed as at the moment Virtual WAN P2S gateway usage for more complex networks is limited to Open VPN.

      57 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Virtual WAN  ·  Flag idea as inappropriate…  ·  Admin →
    2. Virtual WAN - BGP Routes

      Currently we are unable to efficiently verify what routes have been learnt when BGP has been established for Virtual WAN.

      Could the team consider the creation of a PS Cmdlet or AZ CLI cmd to allow for engineers to check what routes have been learnt when BGP has been established for Virtual WAN.

      36 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Virtual WAN  ·  Flag idea as inappropriate…  ·  Admin →
    3. Support Global vNet peering with Azure Virtual WAN

      The Azure Virtual WAN solution seems compelling for organizations that are moving to Azure who are also currently using MPLS and are looking at SD-WAN.

      A shortcoming seems to be that global vNet peering is not yet supported.

      It would be great if global vNet peering support for Azure Virtual WAN was in the roadmap.

      29 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual WAN  ·  Flag idea as inappropriate…  ·  Admin →
    4. Ability to change BGP AS Number of Virtual WAN

      Right now Azure Virtual WAN uses a fixed predefined BGP AS Number "65515"
      I would like to have the possibility to change that AS Number.

      22 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      3 comments  ·  Virtual WAN  ·  Flag idea as inappropriate…  ·  Admin →
    5. Virtual WAN - allow powershell / cli query of effective routes

      Currently the route table that can be queried, is the one containing manually configured (static) routes. However, routes learned through a gateway or peering are stored in the effective route table.

      It'd be a great addition to the vWAN to be able to query the effective route table of a vHub in a way other than accessing it through web.

      12 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual WAN  ·  Flag idea as inappropriate…  ·  Admin →
    6. Enable Mesh Network using Azure WAN

      VNET to VNET peering is not available when VNETs are connected to Azure WAN, Also no connectivity between two Azure WAN hubs. Having this option will help to manage both Azure network and branch network centrally

      12 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual WAN  ·  Flag idea as inappropriate…  ·  Admin →
    7. Multi-Hub Hot Potato Path Selection / Document Route Decision Behaviors

      In testing prefix injection into multiple hubs globally, the path decisions made within vWAN appear to be based on oldest learned path. Common provider path selection behaviors (hot potato) are not observed, resulting in less efficient path selection out of vWAN. This is an issue for anycast based services announced into vWAN, to be consumed by VNET connected resources globally. This is also presumed, but I have not tested, to be an issue where there are parallel global transit networks (ie MPLS) which is peering in more than one location globally with vWAN via express route.

      Documenting the designed and…

      6 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual WAN  ·  Flag idea as inappropriate…  ·  Admin →
    8. Support custom routes for Virtual WAN Hub

      Provide support for custom routes for Virtual WAN Hub.
      Currently, Azure VNET VPN supports custom routes so that P2S client traffic can be routed. https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-p2s-advertise-custom-routes

      However, the same is needed for the VWAN Hub.

      So that traffic coming from P2S can go as per custom route via (express route and/or VPN).

      If force tunneling can be supported nothing like it. But at least custom routes.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual WAN  ·  Flag idea as inappropriate…  ·  Admin →
    9. VPN and ExpressRoute Full AS Path Visibility

      The AS path of BGP route advertisements originated by sites connected via IPsec VPN to Azure Virtual WAN are stripped of VPN connected site and Virtual WAN AS path detailed when subsequently advertised to sites connected via a co-existing ExpressRoute circuit. All routes from the Virtual WAN appearing to be originated from AS12076.

      This is a request to support bi-directional BGP full AS path visibility between Virtual WAN sites connected via IPsec and ExpressRoute.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual WAN  ·  Flag idea as inappropriate…  ·  Admin →
    10. Traffic Manager for VWAN Hub point to site VPN

      It should be possible that P2S clients get connected to the nearest VWAN Hub. The P2S profile of Azure VPN client can have e.g. TM URL instead of VWAN Hub so that traffic can be routed to the nearest hub if connected multi-hub design is in place.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual WAN  ·  Flag idea as inappropriate…  ·  Admin →
    11. Documentation - Virtual WAN use of 10.20.0.0 Address Space

      Please update existing documentation or create new documentation detailing use of the 10.20.0.0 address space in Virtual WAN. Lack of documentation makes it difficult to manage a co-existing transitional WAN and avoid overlapping IP address space.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual WAN  ·  Flag idea as inappropriate…  ·  Admin →
    12. Tools to get more details of VPN sites on Virtual WAN.

      There is no way to monitor the status of VPN sites or other connections under the Virtual WAN using Azure portal/powershell. We wondering we can use Azure monitor or Diagnostic Logs to get more information about the VPN status & error messages if it fails like general VPN gateways.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual WAN  ·  Flag idea as inappropriate…  ·  Admin →
    • Don't see your idea?

    Feedback and Knowledge Base