Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details

  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details

  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details

  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Private NAT for VM outbound to on prem

      If an Azure VM sits in a vnet (call it app-vnet) peered with a vnet that's VPN connected (call it vpn-vnet) to on-prem, and the VM needs to establish connectivity with an on-prem VM, a NAT gateway cannot snat the traffic from app-vnet using an IP from vpn-vnet, since the only kind of outbound IP a NAT gateway can use is a public IP.
      I actually don't know what azure solution could snat from a vnet using a private outbound IP of another vnet... Azure Firewall maybe?

      25 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  NAT  ·  Flag idea as inappropriate…  ·  Admin →
    2. NAT Gateway usage with Function App

      NAT Gateway has the following limitation:
      "NAT is compatible with standard SKU public IP, public IP prefix, and load balancer resources"
      https://docs.microsoft.com/en-us/azure/virtual-network/nat-overview#limitations
      It would be great if this limitation was worked on to allow use with function apps.

      13 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  NAT  ·  Flag idea as inappropriate…  ·  Admin →
    3. Zone-redundant NAT Gateway

      Since subnets are regional, not zonal, and can only be associated with a maximum of one NAT gateway, it seems that deployments would be much simpler if NAT gateways were supported in a zone-redundant mode.

      This is something you offer with Standard Load Balancer, so why can't it be provided by NAT gateways?

      Currently, I either must: (1) forego any failure isolation promises and go with a regional NAT, or (2) double or triple the number of subnets I manage just so a zone-isolated NAT can be assigned to each. That makes a complicated, messy deployment that wasn't required for…

      11 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  NAT  ·  Flag idea as inappropriate…  ·  Admin →
    4. Multiple SNAT configs in a single NAT gateway

      Would like to have the ability to deploy a single NAT gateway with multiple Public IP (ranges) and specify on a per-source adres based SNAT configurations. Like:

      SNAT GW Public IP1, Public IP2, Public IP3
      VMb and VMb are translated to IP1
      VMc is translated to IP2
      Default is IP3

      7 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  NAT  ·  Flag idea as inappropriate…  ·  Admin →
    5. Support ICMP

      Currently, NAT gateway doesn't support ICMP traffic. ICMP is frequently used to diagnose network issues (i.e. ping).

      It would be great for NAT gateway to support ICMP traffic.

      6 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  NAT  ·  Flag idea as inappropriate…  ·  Admin →
    6. NSG flow logs support for outbound traffics via NAT Gateway

      For outbound traffics from VMs associated with NAT Gateway, NSG Flow logs won't show the correct destination public IP in the logs. While this is due to the internal design of NAT Gateway and it's the expected behavior, users may be confused by observing un unfamiliar IP address.

      As all destination IP addresses are recorded as the same internal VIP, the flow logs no longer makes sense (for outbound). This is a big problem for customers who would like to monitor traffics, and leaving this as it is will affect user experiences strongly.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  NAT  ·  Flag idea as inappropriate…  ·  Admin →
    • Don't see your idea?

    Feedback and Knowledge Base