Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details

  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details

  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details

  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Private NAT for VM outbound to on prem

      If an Azure VM sits in a vnet (call it app-vnet) peered with a vnet that's VPN connected (call it vpn-vnet) to on-prem, and the VM needs to establish connectivity with an on-prem VM, a NAT gateway cannot snat the traffic from app-vnet using an IP from vpn-vnet, since the only kind of outbound IP a NAT gateway can use is a public IP.
      I actually don't know what azure solution could snat from a vnet using a private outbound IP of another vnet... Azure Firewall maybe?

      16 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  NAT  ·  Flag idea as inappropriate…  ·  Admin →
    2. Zone-redundant NAT Gateway

      Since subnets are regional, not zonal, and can only be associated with a maximum of one NAT gateway, it seems that deployments would be much simpler if NAT gateways were supported in a zone-redundant mode.

      This is something you offer with Standard Load Balancer, so why can't it be provided by NAT gateways?

      Currently, I either must: (1) forego any failure isolation promises and go with a regional NAT, or (2) double or triple the number of subnets I manage just so a zone-isolated NAT can be assigned to each. That makes a complicated, messy deployment that wasn't required for…

      7 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  NAT  ·  Flag idea as inappropriate…  ·  Admin →
    3. Support ICMP

      Currently, NAT gateway doesn't support ICMP traffic. ICMP is frequently used to diagnose network issues (i.e. ping).

      It would be great for NAT gateway to support ICMP traffic.

      6 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  NAT  ·  Flag idea as inappropriate…  ·  Admin →
    4. NAT Gateway usage with Function App

      NAT Gateway has the following limitation:
      "NAT is compatible with standard SKU public IP, public IP prefix, and load balancer resources"
      https://docs.microsoft.com/en-us/azure/virtual-network/nat-overview#limitations
      It would be great if this limitation was worked on to allow use with function apps.

      4 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  NAT  ·  Flag idea as inappropriate…  ·  Admin →
    5. SNAT port constraint for one VM in multitenancy scenario

      For multi tenancy scenario, if they are in the same subnet, we should be able to set the max SNAT port an VM could use to make sure a malicious user can't impact others.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  NAT  ·  Flag idea as inappropriate…  ·  Admin →
    6. Multiple SNAT configs in a single NAT gateway

      Would like to have the ability to deploy a single NAT gateway with multiple Public IP (ranges) and specify on a per-source adres based SNAT configurations. Like:

      SNAT GW Public IP1, Public IP2, Public IP3
      VMb and VMb are translated to IP1
      VMc is translated to IP2
      Default is IP3

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  NAT  ·  Flag idea as inappropriate…  ·  Admin →
    • Don't see your idea?

    Feedback and Knowledge Base