Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details
  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details
  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details
  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Internal load balancer Log Analytics

      Log analytics currently works only for Internet facing load balancers.
      We need this very urgent for our Internal facing load balancers!

      90 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      5 comments  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →

      Thank you for the feedback. Please use Standard internal LB which provides multi-dimensional metrics in Azure Monitor.

      “Request logs” is not something that can be provided. The service is a pass through network load balancer and the handshake is between the client and the VM’s application directly. You can use NSG flow logs in Network Watcher to generate flow records for any VM’s traffic, including that which traverses the Load Balancer resource. This is described here: docs.microsoft.com/en-us/azure/network-watc..

      — Christian

    2. Support for Sticky IP Load Balancing

      Many applications still use non-persisted session-cookies to track user sessions -- default behavior in most web application servers. So it is not possible to use DNS round-robin load balancing without changing the application session management logic. This makes it more difficult to migrate to Azure.

      Can you enable sticky IP load balancing for Azure VMs? You may get more application migrate to a azure without much re-engineering effort.

      40 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      6 comments  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
    3. Custom Destination on load balancer failure

      It would be good if when the loadbalancer probe fails (It can't reach any page in a timely fashion) it could redirect to a failureURL. This way in the event that something is going wrong customers could still be given a brandend friendly error message or be assured we are working on it.

      37 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
    4. Please provide a function to collect Azure Load Balancer access logs.

      We want to collect ALB access logs.
      Today (July 2016), we can collect "Alert event" and "Health probe" logs by using preview feature, but these features doesn't contain access logs.

      Log analytics for Azure Load Balancer (Preview)
      https://azure.microsoft.com/en-us/documentation/articles/load-balancer-monitor-log/

      For example, we can collect access logs on Application Gateway in the following system.
      Since we cannot collect ALB access logs, a function just like the one for Application Gateway is needed.

      (Client) => (Application Gateway) => (Web Frontend) => (ALB) => (App / DB)

      Any little information is appreciated.

      =====
      (Japanese)
      ロードバランサーのアクセス ログを取得したい。
      2016/07 現在、プレビュー機能を利用してアラートとヘルスプローブのログを収集できるが、この機能ではアクセスログが取得できない。

      Azure Load Balancer のログ分析 (プレビュー)
      https://azure.microsoft.com/ja-jp/documentation/articles/load-balancer-monitor-log/

      30 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →

      thank you for your feedback. Azure Load Balancer does not interact with the application layer today. I’ve noted this as long term feedback but declining at this time since I have near term way to get there and returning your votes. Happy to discuss further if you like.

    5. azure reverse proxy load balancer

      At the moment of discussion Azure offers 2 possibilities for ARM load balancers: internet facing load balancer and application gateway. There are some features that are missing from both of them, that would be nice to have. I would like a solution like F5 BIG-IP LTM to be available from azure. Among the features it should have:
      - cookie persistence
      - ssl offloading
      - ssl strengthening (use certain versions of tls and ciphers)
      - preserver original IP
      - encrypt application cookie
      - disable headers (Server, X-Powered-By)
      - disable clickjacking (x-frame-options: SAMEORIGIN)
      - block blacklisted user agents
      - cookie encryption
      -…

      29 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
    6. Load Balancing on Linux servers - net.ipv4.tcp_tw_recycle & reuse settings

      Currently you don't allow net.ipv4.tcp_tw_recycle, net.ipv4.tcp_tw_reuse and net.ipv4.tcp_tw_timestamps to be set to 1. You require them to be set to default 0. For our MapR performance improvements, we are required to set them to 1 - which prevents the wait time for the socket to become available and reuses existing.

      It will be nice if you could allow us to use the Load Balancer even when we set the reuse and recycle flag to 1.

      20 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
    7. Name based forwarding

      We have microservices running in Container Services.
      It would be nice to give them meaningful names such as:
      foo.stg.myservices.net
      foo.tst.myservices.net

      In order to achieve it I think Azure Load Balancer should be capable of doing some kind of name based forwarding in the balancing rules.

      Does that make sense?

      18 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
    8. Dynamic single use endpoints

      Some protocols (most notably FTP in PASV mode) require creation of temporary single-use inbound endpoints. Allowing a role to request a temporary endpoint on a random port > 1023 would allow this.

      16 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
      declined  ·  Narayan Annamalai responded

      Thanks for your feedback.

      We will not be supporting dynamic endpoints since it could cumbersome to define and maintain if they are really going to be short lived, but we are working on a feature that would allow a VM (instance) to have a public IP that accepts inbound connections on all ports, (more like a port less NAT) which would solve the FTP scenarios

      Thanks for taking the time to provide feedback.

    9. Custom errors when web role is failing (or not running)

      When i update the web role (incresing web roles, starting, suspending, ...) there is a short moment (or pretty long) when the web role is not responding. Customers than may see just browser error page "the page is not accessible" or "the server is not responding". In my opinion there should by allways some nice, user-friendly, response like "We are currently upgrading your application, please wait a few minutes. Thanks" with company logo or something.

      15 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →

      thank you for your suggestion. Azure Load Balancer doesn’t interact with the application layer today. I’m going to return the votes because I don’t have an obvious path to deliver this feature today. Please check if Application Gateway can perform this function and if not request it on UserVoice there.

      This may work for HTTP but I’m not sure how we would do that for HTTPS unless we had the certificate and could create a response that doesn’t alarm the client with a certificate error. Any thoughts on how your see this working? Please reply and we can discuss further.

    10. Support Multiple Web Roles with Host Header Redirection at the Load Balancer

      Currently you can only have multiple web roles using different ports numbers. If host headers could be configured at the load balancer then different web roles in the same cloud service could be accessed over standard ports 80/443 using different DNS aliases. One reason for wanting this is multiple web roles that share dedicated cache roles.

      13 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
      declined  ·  Narayan Annamalai responded

      Thanks for the suggestion.

      Currently Azure’s Load balancer operates at Layer 4. it does not inspect the Http headers to make any decision. This will have to be done in the future through a Layer7 load balancer appliance.

    11. Allow Internal Load Balancer Internet Access

      In an Internal Azure Load Balancer {Standard SKU}, VMs within the Load Balancer do not have internet access except:
      1) If they have a public IP address
      2) If they are part of a public Load Balancer
      3) If they have load balancer rules statically configured.

      There are instances that VMs may need access to the internet as 'internal' servers may need internet access.

      I think there should be an option for "Allow VMs in this Internal LB to access the internet" on the internal load balancer. This would allow security checks for public certificate validation or other tests that…

      12 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
    12. reserved custom public IP range - bring my own public IPs to azure datacenter

      I want to move parts of my onpremise data Center to azure. it's used to host a service for my customers. therefore i have a public IP-Range. So my customers already have implemented a security setting to allow traffic to my public IP-Range and my public Services.

      When i will migrate to azure data center,then i have no option to take the public ip range with me. This means, i have to inform all my Customers about my move to azure and have to wait until all customers have implemented the new IP Setting.

      In azure a can use reserved…

      12 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      7 comments  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
    13. 10 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →

      Thank you for the suggestion.

      Traffic Manager uses a DNS-based system for distributing load. Whilst I understand how a BGP anycast system would provide an alternative, we don’t have any current plans to switch to a BGP Anycast based approach.

      Thank you again for taking the time to contribute your feedback.

    14. Provide rapid failover away from unhealth and/or removed VMs from the Load Balancer backend pool

      Presently, the Standard SKU Load Balancer takes up to several minutes to stop sending traffic to backend VMs which have been identified as unhealthy by Health probes and/or have been manually removed from a backend pool through a configuration change.

      This delay prevents using the Load Balancer as an SLA/availability solution and is counter-intuitive. A preferable design would be to immediately cease sending any additional traffic to an unhealthy VM once it has been marked as unhealthy (unless it is the only VM in the backend pool.)

      6 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
    15. Azure standard loadbalancer - force all UDP traffic bidirectionally back over the LB

      Currently a single specific session with the same source and destination port on UDP will be routed correctly. But when the system behind the loadbalancer stars creating multiple sessions with the same destination port but different source ports (Random) it will be routed directly back bypassing the loadbalancer fully. This breaks functionality for certain UDP based designs....

      Please make it possible to route the traffic always via the loadbalancer

      6 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
    16. Add Load Balancer backend IP

      Load balancers should have a backend IP so traffic can be sent to it to initiate a flow from the other side.

      The reason this feature is very helpful is when you're using a Virtual Network Appliance ( VNA ) in HA. HA requires we use load balancers on each side of the VNA ( firewall in this case ). The problem with not having a backend IP the flow from inbound and outbound originated traffic doesn't follow the same path in and out bound.

      This leads to some creative solutions that aren't ideal. Really, Azure should be working more…

      6 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
    17. Load balancing with sticky sessions (source IP distribution mode for load balancing) in Cloud Services

      When a load-balanced set changes (removing or adding an instance), the distribution of client requests is recomputed. Cannot depend on new connections from existing clients ending up at the same server. Whenever a new vm is added to the pool make it ready to accept only requests from new clients rather than having requests from existing clients end up on the different server. Make the load balancer to route the same client to the same application server while scaling up/down

      6 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →

      Thank you for the feedback. What you’re suggesting is not possible in today’s platform and cannot be implemented at this time. Longer term, we may make enhancements to make this possible and I appreciate this feedback for planning purposes. I would like to encourage you to take a look a the other load balancing options in Azure, which include Application Gateway as a fully managed product or any of the 3rd party offers.

    18. Tcpdump and TCP session stats on Azure Standard LB

      Currently, there are bare minimum stats available for TCP sessions on Azure Standard LB. Can you add more traffic flow stats showing the client IP address hitting Azur LB?
      Secondly, tcpdump is the basic tool for operational troubleshooting.

      6 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →

      Thank you for the feedback. Load Balancer is a pass through network load balancer and does not terminate connections. The handshake is directly between the client and the application on a VM.

      You can use Network Watcher to initate packet captures.
      — Christian

    19. Load Balancer support for on-premise VMs

      When on-premise is connected to Azure, I would like to use the Azure Load Balancer to direct traffic to on-premise VMs and replace my on-premise load balancer which is near end of life. Next step would be to migrate on-premise VM to Azure, but that requires much more work in my IaaS scenario.

      5 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
    20. PIP address to CLoudservices

      Its should be a great feature to reserve an PIP address to the Cloudservice, or a option to make an ReversenDNS of the PIP to the Cloudservice

      4 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
    ← Previous 1 3
    • Don't see your idea?

    Feedback and Knowledge Base