Networking
The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.
Virtual Network:
Traffic Manager:
Network Watcher:
If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.
-
change virtual machine virtual network through portal
Today, I needed to change a virtual network to a existing Virtual Machine. I had to delete this VM, create a new one using attached disks from the old one and set the Virtual Network. It would be nice if we had another way to do that, using Portal for example.
650 votesThis was included in our planning.
-
Allow DNS servers to be advertised per subnet instead of VNET
Instead of advertising the DNS servers per VNET, is there anyway we can specify what DNS servers should be advertised per subnet? In most cases, I would create a VNET and use NSGs to segregate out my traffic.
The problem with specifying the DNS servers for the whole VNET, is now I am required to create a completely separate VNET for a DMZ, as my internal DNS servers are being advertised to those machines. In this case, being able to specify DNS servers at a subnet level will allow more flexibility in regards to creating one VNET instead of multiple…
440 votesThis remains on our long-term backlog as something we want to offer.
-
Offer NAT as a Service
There is often the need to connect two or more networks with overlapping addresses over a VPN in regulated industries. The address spaces (often 10.0.0.0/8) can't be changed, however a DMZ subnet can be introduced in each network from the 172.16.0.0/12 address space. The DMZ subnets will not overlap between any network.
Just like the load balancer, make a NAT device a first class function citizen in virtual networking and allow us to define SNAT, DNAT or Full NAT. Feel free to require a dedicated subnet for the device.
Then make it easier for custom route rules to route traffic…
209 votes -
Allow Network Security Groups (NSGs) to Reference Application Security Groups (ASGs) From Different Location
Remove the limitation of restricting Network Security Groups (NSGs) ability to leverage/associate Application Security Groups (ASGs) that are not within the same location of the target Virtual Network (VNET).
This is especially important, to provide granularity and segregation/isolation in a hub-and-spoke networking model (i.e. VNetA-ASG1-to-VNetB-ASG1), in association with VNet Peering.
191 votesThanks for the feedback, we are working on enabling ASG references across subscriptions/VNets, it’s currently on our plans
-
Allow transit routing between ExpressRoute, VPN Gateways, and NVAs by allowing them to peer with BGP and exchange routes.
Allow transit routing between ExpressRoute Gateways, VPN Gateways, and NVAs by allowing them to peer with BGP and exchange routes. This functionality would give the customer more flexibility in how they lay out their network.
157 votesHello,
Thank you for your feedback. We plan to address this gap.
Bridget [MSFT] -
Bring Your Own Public IP Address space and Internet subnet routing in Azure Virtual Networks
When you own a public address space IPv4 and/or IPv6, Windows Azure should provide a way to use it (via LISP and/or classic routing).
When you don't own a public address space, you should be able to rent it for your virtual network on Windows Azure both via Microsoft or via Tunnel Broker providers151 votesReactivating this request…apologies that it was closed due to misunderstanding of your intent.
We’ll take this request as: I need a simple way to host IP space that I own as Public IP’s in Azure which I can then use on my Azure-hosted services/VM’s.
We’ve had multiple requests for this feature recently and are actively working through the design now. Unfortunately, we don’t have an estimated release date yet.
-
VNet Peering Limit - INCREASE
With new concepts like Global VNet Peerings, Virtual Datacenter and Hub-Spoke Topology - VNEt peerings become more and more important.
Please INCREASE the number of 50x allowed Peerings / Subscription/VnetMany thanks in advance, you are doing a great JOB - keep it UP!
Catalin140 votesHi folks, we increased VNet Peering limits to 100 already as Caitlin points out below. However, we will increase beyond this.
Stay tuned and check for the latest updates here: https://docs.microsoft.com/en-us/azure/azure-subscription-service-limits#networking-limits
— Anavi N [MSFT]
-
Support VNET re-deployment without destroying subnets
When you deploy a VNET from an ARM template in incremental mode I would expect omitting the subnet property would not change the subnets since they are child resources. Instead they are destroyed. I think this is inconsistent with all other similar resource types e.g. app service plans and web apps, azure SQL servers and databases, etc... Please make VNETs and subnets deployments consistent.
https://github.com/Azure/azure-quickstart-templates/issues/2786
134 votes -
Allow the use of a known outbound nat gateway for vnets
VMs placed in a vnet today with a public ip attached, access the Internet from arbitrary, unknown addresses. This makes it hard to manage access from Azure VMs to backend systems relying on IP-address ACLs. We simply need to know which ip address azure vms use for accessing resources outside the vnet. If I use UDR's with dest 0.0.0.0/0, load balancing in Azure doesnt work. Please give us a configurable NAT gatway per subnet or vnet similar to what aws has.
93 votesThis is now in our planning.
-
Multiple Network Security Groups per subnet
Provide ability to associate multiple Network Security Groups with a single subnet. Right now there is limitation to associate only one NSG per subnet.
This limits reusability of NSGs which are created at subscription level. We have come across use-cases where multiple subnets have common rules and few subnet-specific rules.
It will be help a lot in terms of rules management and reusability if it is possible to segregate common rules across subnets in an NSG which can them be applied on a subnet with additional NSGs for subnet specific rules.
89 votesHi Gaurav
Thanks for the feedback, we are exploring options to cover this scenario, Application Security Groups it’s a good start
https://docs.microsoft.com/en-us/azure/virtual-network/create-network-security-group-preview -
Global VNET peering remote gateway and gateway transit support
Remote gateways and gateway transit are currently not supported with global vnet peering. Is there a plan to support remote gateways in the global vnet peering feature to build a global hub-spoke topology over multipe regions?
85 votesHi folks, we have started work on this and will be announcing GA soon. Keep an eye out:
https://azure.microsoft.com/en-us/updates/?product=virtual-network— Anavi N [MSFT]
-
update DNS settings for VNET without restart of the VMs to take effect
Current when we try to update the DNS settings in the VNET or NIC, it required the VMs to be restarted to take effect. But when there are a large amount of VMs under the VNET, it would be a hard work to do so.
If this process could be simplify so that the restarted of VM will be no longer required, it would be a good news.84 votesThank you for the feedback. We’ll look into whether this can be included in our roadmap.
-
Allow to change subnets modification with enabled vnet peering
Currentl once vnet is deployed and peering is created with another subscription or vnet. Once the peering is set, it is not possible to extend,remove or add another subnets ranges to all vnets which have valid peering configured. For such if you need to modify the subnet, you have to remove the peering (might cause downtime if peering is used), do the subnet modification and recreate the peering again.
83 votes -
Allow transitive network flow between peered VNET's
if we assume Three networks.
VNET1 <> VNET2 <>VNET3
<> denotes vnet peering
A machine on VNET1 cannot directly see a machine in VNET3
We would like this facility to enable us to build a network design without having to use vitual network appliances to make this happen.
61 votesTransitive network flow between peered vnets is on our roadmap but we have no dates to share at this time.
-
KMS / RHUI service endpoint
Could you kindly add service endpoint for KMS and RHUI.
It will really helpful for managing VMs without SNAT Public IP.54 votes -
Allow a VM's NIC to use a VNET\Subnet from another Subscription
Given that the syntax of json deployment templates allows referencing resources by a unique resourceid which includes the guid of the subscription, I would like to create a VM in subscription 'A', whose NIC references a subnet that is part of a VNET in subscription 'B'.
The reason for this is two-fold:
1) This would allow a corporate networking function to securely manage all the networking infrastructure in a corporate IT-owned and managed subscription, but allow it to be consumed by line-of-business units, whose subscriptions are restricted (via ARM policies) to not allow the creation of VNETs.
2) This would…50 votes -
VM MAC address spoofing
I wanted to run multiple LXC/LXD containers on a single Linux VM and make them exposed to VNET via a bridged interface to provide services in the private network. That's not possible without VM/VNIC ability of MAC address spoofing. Please support it.
50 votes -
Azure Internal Endpoints to Vnet
Please provide Azure Services with an Internal Endpoint (a least Azure Storage and Azure Backup) to build up machines without Internet Connection.
47 votesStorage service tags gives this capability and it was Completed. Private IP for storage is under review.
-
Ability to move a NIC from one VNET to another.
Could we get the ability to detach a NIC from it's current VNET and reattach it to a different VNET? In my case, I accidentally created a new VNET instead of attaching it to a pre-existing one, and it would be more convenient to move it over instead of recreating the NIC.
39 votesThank you for your suggestion, we are planning to offer this feature.
-
Azure Security Group
Azure Security Group (ASG) should have the option to show all the NICs associated with it.
36 votesvalid suggestion subject to upvote
- Don't see your idea?