Networking
The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.
Virtual Network:
Traffic Manager:
Network Watcher:
If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.
-
Support SNAT on internal Azure load Balancer
Currently it seems Azure Internal Load Balancer does not support Source NAT.
this mean that if 2 different services hosted on 2 different VM and the VM are on the same vnet the traffic is not load balanced if the ILB route the traffic to the same VM that start the request.
example:
Service A (exposed on port x) and B (exposed on port y) are hosted on VM 1 and VM2 on the same vnet.
Service A has VIP z and Service B has VIP m.
if service A is recalled via VIP z from VM 1 and ILB…297 votesWe don’t have plans to provide this in the near term. there’s a potential workaround by using VM’s with multiple interfaces. I’ve added documenting this scenario to our doc backlog.
— Christian -
HA Ports for Standard load balancers with Public IP
Current review of HA ports only supports Internal LB without any public IP attached. The majority of NVA deployments are with Public IP attached to the LB.
236 votesNot currently in plan. We are exploring other solutions for this scenario.
— Christian -
allow custom host header for azure load balancer health probes
HTTP health probes for Azure load balancer are hard-coded to use the IP of backend as their host headers. This forces the backend hosts have to be configured to allow its IP as one of its allowed domain. It's very surprising that Azure doesn't custom host header for HTTP(s) health probes. Please add custom headers for HTTP(s) heath probes; at least, host header support should be there.
77 votesThank you for the feedback. Need to investigate what is possible.
— Christian -
Allow ICMP ping to VIP (Allow Ping inbound)
Vote for allowing UDP through the firewall. Such as ping inbound, because the ping are the minimal required for so much app.
65 votesPlease use TCP ping as a workaround. No near term plans to process ICMP on Load Balancer as it is a UDP/TCP product.
— Christian -
Standard Load Balancer should support using an "internal" IP address for probing the ports.
The Standard Load Balancer and HA ports are are recommended for load balancing firewall appliances. However, the Load Balancer probe uses a common IP address for internal and external load balancers. This means that only the internal or external ports can be load balanced, which means that a messy Zookeeper alternative must be built to monitor the firewall availability.
51 votesTypically this is addressed by SNAT’ing the probe source on the interface within the VM. This is how virtual appliances (firewalls, etc) typically address this scenario. Changing the probe source is non trivial and not likely in the near term.
— Christian -
TLS termination of TCP/TLS traffic
It would be useful for Azure Load Balancer to support TLS termination / offloading when using TCP/TLS traffic.
Application Gateway can do it for HTTPs traffic but there is no way to do it for other protocols based on TLS.
AWS can do it with the Network Load Balancer tier of AWS Elastic Load Balancing.51 votesThank you for the feedback. Not on near term roadmap.
— Christian -
Allow Upgrade or Swap VIP also when number of endpoints has been changed
Or allow the external IP address to be fixed/allocated to the Hosted Service.
The scenario is that during the lifetime of the application you may need to modify the number of endpoints, and re-deploy the solution BUT KEEP PUBLIC IP.
The best would be if Swap VIP could handle this - to avoid downtime, but I am willing to have some downtime as long as Upgrade is supported. This is to avoid service unavailable during the time DNS CNAME records are updated.
41 votesUnderstand the ask. Need to see when we can fit this in for Standard LB.
— Christian -
Permit Outbound Rules to reference secondary IPconfigs
Is there any plan to permit an "Outbound Rule" on an External Standard Load Balancer to reference a backend address pool that is in turn referencing a Secondary IPconfig of a Network Interface?
Currently when I try this I get the following error:
OutboundRule <outbound rule name> cannot be used with Backend Address Pool <backend pool name> that contains Secondary IPConfig <ip config name within a NIC>
I am able to reference the first (primary) IP Configuration of a NIC - but this VM (a Palo Alto firewall) has multiple IP addresses on its external interface which we wish to…
20 votesNot on near term roadmap.
— Christian -
Configurable HTTP status code for Load Balancer Probe
The HTTPS probe considers any HTTP status other than 200 to be a failure. Any response 200-299 should be considered a success. See https://tools.ietf.org/html/rfc7231#section-6.3
10 votesThanks for the feedback. Not in near term plans.
— Christian
- Don't see your idea?