Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details

  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details

  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details

  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Support SNAT on internal Azure load Balancer

      Currently it seems Azure Internal Load Balancer does not support Source NAT.
      this mean that if 2 different services hosted on 2 different VM and the VM are on the same vnet the traffic is not load balanced if the ILB route the traffic to the same VM that start the request.
      example:
      Service A (exposed on port x) and B (exposed on port y) are hosted on VM 1 and VM2 on the same vnet.
      Service A has VIP z and Service B has VIP m.
      if service A is recalled via VIP z from VM 1 and ILB…

      287 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      10 comments  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
    2. HA Ports for Standard load balancers with Public IP

      Current review of HA ports only supports Internal LB without any public IP attached. The majority of NVA deployments are with Public IP attached to the LB.

      220 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      9 comments  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
    3. allow custom host header for azure load balancer health probes

      HTTP health probes for Azure load balancer are hard-coded to use the IP of backend as their host headers. This forces the backend hosts have to be configured to allow its IP as one of its allowed domain. It's very surprising that Azure doesn't custom host header for HTTP(s) health probes. Please add custom headers for HTTP(s) heath probes; at least, host header support should be there.

      67 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
    4. Allow ICMP ping to VIP (Allow Ping inbound)

      Vote for allowing UDP through the firewall. Such as ping inbound, because the ping are the minimal required for so much app.

      62 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      6 comments  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
    5. Standard Load Balancer should support using an "internal" IP address for probing the ports.

      The Standard Load Balancer and HA ports are are recommended for load balancing firewall appliances. However, the Load Balancer probe uses a common IP address for internal and external load balancers. This means that only the internal or external ports can be load balanced, which means that a messy Zookeeper alternative must be built to monitor the firewall availability.

      45 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      3 comments  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →

      Typically this is addressed by SNAT’ing the probe source on the interface within the VM. This is how virtual appliances (firewalls, etc) typically address this scenario. Changing the probe source is non trivial and not likely in the near term.
      — Christian

    6. TLS termination of TCP/TLS traffic

      It would be useful for Azure Load Balancer to support TLS termination / offloading when using TCP/TLS traffic.
      Application Gateway can do it for HTTPs traffic but there is no way to do it for other protocols based on TLS.
      AWS can do it with the Network Load Balancer tier of AWS Elastic Load Balancing.

      42 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
    7. Allow Upgrade or Swap VIP also when number of endpoints has been changed

      Or allow the external IP address to be fixed/allocated to the Hosted Service.

      The scenario is that during the lifetime of the application you may need to modify the number of endpoints, and re-deploy the solution BUT KEEP PUBLIC IP.

      The best would be if Swap VIP could handle this - to avoid downtime, but I am willing to have some downtime as long as Upgrade is supported. This is to avoid service unavailable during the time DNS CNAME records are updated.

      41 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      4 comments  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
    8. rename Load Balancer name in Azure Portal

      There should be an option to rename Load Balancer name in Azure Portal. We follow naming convention of each resources in Azure and there is high chance of typo's sometimes when configuring resources manually.

      Recently I created a Load balancer for HA/DR solution and later realised there is typo in Azure Load Balancer while creation. So I have to delete the load balancer and create it again which caused some delay to setup whole solution. So i think there should be a feature to rename resource name in Azure after creation.

      31 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      unplanned  ·  0 comments  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
    9. Configurable HTTP status code for Load Balancer Probe

      The HTTPS probe considers any HTTP status other than 200 to be a failure. Any response 200-299 should be considered a success. See https://tools.ietf.org/html/rfc7231#section-6.3

      7 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
    10. Permit Outbound Rules to reference secondary IPconfigs

      Is there any plan to permit an "Outbound Rule" on an External Standard Load Balancer to reference a backend address pool that is in turn referencing a Secondary IPconfig of a Network Interface?

      Currently when I try this I get the following error:

      OutboundRule <outbound rule name> cannot be used with Backend Address Pool <backend pool name> that contains Secondary IPConfig <ip config name within a NIC>

      I am able to reference the first (primary) IP Configuration of a NIC - but this VM (a Palo Alto firewall) has multiple IP addresses on its external interface which we wish to…

      4 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
    • Don't see your idea?

    Feedback and Knowledge Base