Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details

  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details

  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details

  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. how to access restrict for private endpoint

      A private endpoint of Azure SQLDB is created, and it can be accessed with Private IP via Express Route from on-premises.
      Since the NSG of the subnet does not act on the endpoint, the private endopoint can be accessed from anywhere on-premises.
      Is there any way to restrict the connection source IP address for Private endpoint on Azure side?

      61 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      3 comments  ·  Azure Private Link  ·  Flag idea as inappropriate…  ·  Admin →
    2. Private Endpoint ARM template deployment: fix Complete mode

      Deploying a Private Endpoint using an ARM template works fine in Incremental mode: the Microsoft.Network/privateEndpoints resource in the template automatically deploys the Microsoft.Network/networkInterfaces resource as well.

      Deploying the template in Complete mode results in a failure however: because the NIC is not explicitly mentioned in the template ARM tries to delete it. This fails, which causes the deployment to return failure after about an hour.

      I have not found a way to explicitly deploy a NIC in the template and link it to the Private Endpoint.

      Please make it possible to deploy ARM templates in Complete mode when the template…

      25 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Private Link  ·  Flag idea as inappropriate…  ·  Admin →
    3. PaaS Resources Should All Have Private IP Option

      One of the biggest concerns for companies is moving data to publicly accessible resources. Most companies are going to be hybrid cloud for a while as well. They also have sites that access sensitive data.

      The game changer for Azure is to allow all storage (data lake store, storage accts, etc.) and app services (besides paying for an ASE) to be private IP with VNET integration...

      All of the AWS breaches are from people exposing storage publicly. This same concern lies within Azure blob storage as well. Even worse since Azure blob storage doesn't have the same firewall settings as…

      14 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Azure Private Link  ·  Flag idea as inappropriate…  ·  Admin →
    4. Private Endpoint groupId should be case insensitive.

      When setting up a private endpoint, the groupId should be case insensitive. For example, a CosmosDB private endpoint against the SQL API requires the groupId to be "Sql". If the groupId is "sql", the error message is unhelpful:

      code: InternalServerError
      message: An error occurred
      details: []

      Instead, the resource provider should be accommodate any case for the groupId. Or, as a second option, the resource provider should return a helpful error message, such as "Invalid groupId 'sql' was provided. Please see <insert docs url here> for more information." That's an error message a user can understand and provides a path…

      13 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Private Link  ·  Flag idea as inappropriate…  ·  Admin →
    5. Can't delete Storage Account Private Endpoint due to resource lock

      When you configure Backups on a Storage Account File Share, the automation creates a Delete Resource Lock on the SA. Microsoft public documentation for File Share Backup states that "Best Practice" is to NOT remove the resource lock (reference: https://docs.microsoft.com/en-us/azure/backup/backup-afs#best-practices)
      However, this resource lock prevents deletion of a PE attached to the same SA. For a user to delete the PE, they first have to delete the lock, which goes against the best practice. This can add significant management overhead and diminishes the usability of Private Endpoint. Every time a Private Endpoint creator wants to delete their Private Endpoint,…

      5 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Private Link  ·  Flag idea as inappropriate…  ·  Admin →
    6. Delete correct Private DNS Zone record when deleting Private Endpoint

      Environment:
      1 VNet
      1 Private DNS Zone for Storage (linked to above VNet)
      1 Storage Account
      2 Private Endpoints (PE1 and PE2)

      When deploying a Private Endpoint (PE1) for the storage account to the VNet, an A record is automatically added to the Private DNS Zone as expected.

      When deploying a second Private Endpoint (PE2) for the same storage account to the same VNet, the previous A record with PE1's IP is overwritten with PE2's IP.

      When deleting PE1, the A record (pointing to PE2 IP) is deleted

      It would be great if there was a platform check when deleting…

      4 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Azure Private Link  ·  Flag idea as inappropriate…  ·  Admin →
    7. Give option to name NIC in ARM Private Link Template

      It is very frustrating in Azure where you cannot rename anything. And now we don't even have the ability to rename the NIC. This breaks naming conventions.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Private Link  ·  Flag idea as inappropriate…  ·  Admin →
    8. Dual-homed private endpoints

      We use private endpoints in our backend systems, and because it is cloud, our developers/engineers need access via the frontend network! So our backend services need to be dual homed to allow connection to the DB privately! To get this to work, we are asked to implement an unmanageable workaround, because of DNS issues that were raised in ticket 120042825000729.
      If we put two IP addresses under the same DNS entry, the first IP address is picked up all the time! The only solution appears that we have two different zones (with the same name), and connect each zone to…

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Private Link  ·  Flag idea as inappropriate…  ·  Admin →
    • Don't see your idea?

    Feedback and Knowledge Base