Networking
The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.
Virtual Network:
Traffic Manager:
Network Watcher:
If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.
-
change virtual machine virtual network through portal
Today, I needed to change a virtual network to a existing Virtual Machine. I had to delete this VM, create a new one using attached disks from the old one and set the Virtual Network. It would be nice if we had another way to do that, using Portal for example.
651 votesThis was included in our planning.
-
Allow DNS servers to be advertised per subnet instead of VNET
Instead of advertising the DNS servers per VNET, is there anyway we can specify what DNS servers should be advertised per subnet? In most cases, I would create a VNET and use NSGs to segregate out my traffic.
The problem with specifying the DNS servers for the whole VNET, is now I am required to create a completely separate VNET for a DMZ, as my internal DNS servers are being advertised to those machines. In this case, being able to specify DNS servers at a subnet level will allow more flexibility in regards to creating one VNET instead of multiple…
452 votesThis remains on our long-term backlog as something we want to offer.
-
Allow Network Security Groups (NSGs) to Reference Application Security Groups (ASGs) From Different Location
Remove the limitation of restricting Network Security Groups (NSGs) ability to leverage/associate Application Security Groups (ASGs) that are not within the same location of the target Virtual Network (VNET).
This is especially important, to provide granularity and segregation/isolation in a hub-and-spoke networking model (i.e. VNetA-ASG1-to-VNetB-ASG1), in association with VNet Peering.
231 votesThanks for the feedback, we are working on enabling ASG references across subscriptions/VNets, it’s currently on our plans
-
Offer NAT as a Service
There is often the need to connect two or more networks with overlapping addresses over a VPN in regulated industries. The address spaces (often 10.0.0.0/8) can't be changed, however a DMZ subnet can be introduced in each network from the 172.16.0.0/12 address space. The DMZ subnets will not overlap between any network.
Just like the load balancer, make a NAT device a first class function citizen in virtual networking and allow us to define SNAT, DNAT or Full NAT. Feel free to require a dedicated subnet for the device.
Then make it easier for custom route rules to route traffic…
229 votes -
Bring Your Own Public IP Address space and Internet subnet routing in Azure Virtual Networks
When you own a public address space IPv4 and/or IPv6, Windows Azure should provide a way to use it (via LISP and/or classic routing).
When you don't own a public address space, you should be able to rent it for your virtual network on Windows Azure both via Microsoft or via Tunnel Broker providers175 votesReactivating this request…apologies that it was closed due to misunderstanding of your intent.
We’ll take this request as: I need a simple way to host IP space that I own as Public IP’s in Azure which I can then use on my Azure-hosted services/VM’s.
We’ve had multiple requests for this feature recently and are actively working through the design now. Unfortunately, we don’t have an estimated release date yet.
-
Support VNET re-deployment without destroying subnets
When you deploy a VNET from an ARM template in incremental mode I would expect omitting the subnet property would not change the subnets since they are child resources. Instead they are destroyed. I think this is inconsistent with all other similar resource types e.g. app service plans and web apps, azure SQL servers and databases, etc... Please make VNETs and subnets deployments consistent.
https://github.com/Azure/azure-quickstart-templates/issues/2786
167 votes -
Allow transit routing between ExpressRoute, VPN Gateways, and NVAs by allowing them to peer with BGP and exchange routes.
Allow transit routing between ExpressRoute Gateways, VPN Gateways, and NVAs by allowing them to peer with BGP and exchange routes. This functionality would give the customer more flexibility in how they lay out their network.
161 votesHello,
Thank you for your feedback. We plan to address this gap.
Bridget [MSFT] -
114 votes
-
Allow the use of a known outbound nat gateway for vnets
VMs placed in a vnet today with a public ip attached, access the Internet from arbitrary, unknown addresses. This makes it hard to manage access from Azure VMs to backend systems relying on IP-address ACLs. We simply need to know which ip address azure vms use for accessing resources outside the vnet. If I use UDR's with dest 0.0.0.0/0, load balancing in Azure doesnt work. Please give us a configurable NAT gatway per subnet or vnet similar to what aws has.
102 votesThis is now in our planning.
-
Allow to change subnets modification with enabled vnet peering
Currentl once vnet is deployed and peering is created with another subscription or vnet. Once the peering is set, it is not possible to extend,remove or add another subnets ranges to all vnets which have valid peering configured. For such if you need to modify the subnet, you have to remove the peering (might cause downtime if peering is used), do the subnet modification and recreate the peering again.
98 votes -
update DNS settings for VNET without restart of the VMs to take effect
Current when we try to update the DNS settings in the VNET or NIC, it required the VMs to be restarted to take effect. But when there are a large amount of VMs under the VNET, it would be a hard work to do so.
If this process could be simplify so that the restarted of VM will be no longer required, it would be a good news.95 votesThank you for the feedback. We’ll look into whether this can be included in our roadmap.
-
Multiple Network Security Groups per subnet
Provide ability to associate multiple Network Security Groups with a single subnet. Right now there is limitation to associate only one NSG per subnet.
This limits reusability of NSGs which are created at subscription level. We have come across use-cases where multiple subnets have common rules and few subnet-specific rules.
It will be help a lot in terms of rules management and reusability if it is possible to segregate common rules across subnets in an NSG which can them be applied on a subnet with additional NSGs for subnet specific rules.
89 votesHi Gaurav
Thanks for the feedback, we are exploring options to cover this scenario, Application Security Groups it’s a good start
https://docs.microsoft.com/en-us/azure/virtual-network/create-network-security-group-preview -
Allow transitive network flow between peered VNET's
if we assume Three networks.
VNET1 <> VNET2 <>VNET3
<> denotes vnet peering
A machine on VNET1 cannot directly see a machine in VNET3
We would like this facility to enable us to build a network design without having to use vitual network appliances to make this happen.
68 votesTransitive network flow between peered vnets is on our roadmap but we have no dates to share at this time.
-
Allow a VM's NIC to use a VNET\Subnet from another Subscription
Given that the syntax of json deployment templates allows referencing resources by a unique resourceid which includes the guid of the subscription, I would like to create a VM in subscription 'A', whose NIC references a subnet that is part of a VNET in subscription 'B'.
The reason for this is two-fold:
1) This would allow a corporate networking function to securely manage all the networking infrastructure in a corporate IT-owned and managed subscription, but allow it to be consumed by line-of-business units, whose subscriptions are restricted (via ARM policies) to not allow the creation of VNETs.
2) This would…60 votes -
VM MAC address spoofing
I wanted to run multiple LXC/LXD containers on a single Linux VM and make them exposed to VNET via a bridged interface to provide services in the private network. That's not possible without VM/VNIC ability of MAC address spoofing. Please support it.
56 votes -
KMS / RHUI service endpoint
Could you kindly add service endpoint for KMS and RHUI.
It will really helpful for managing VMs without SNAT Public IP.54 votes -
48 votes
Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature
-
Azure Internal Endpoints to Vnet
Please provide Azure Services with an Internal Endpoint (a least Azure Storage and Azure Backup) to build up machines without Internet Connection.
47 votesStorage service tags gives this capability and it was Completed. Private IP for storage is under review.
-
Multi Tenant, Service Endpoint, vNet Peering, Subnet Whitlisting
We have had a use case that could not be implemented due to the functionality not being available, We have a Multi-Tenant Alliance of Companies that require interoperability in regards to network access,
Use Case:
Tenant 1 :-
Subscription,
CosmosDB with Vnet with CosmosDB Service EndpointTenant 2 :-
Subscription,
VPN vNet with CosmosDB Service EndpointWe have managed to get both virtual network Globally vNet Peered via resourceID, however, cannot get the external tenant vnet subnet whitelisted within the cosmosdb due to it not being implemented yet.
Confirmed with MS support to raise a Azure Network Improvement
46 votesThanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature
-
NAT Gateway functionality in Azure
When we attach Azure Standard Internal Gateway then internet stopped working in the Azure VM (behind the Std ILB). There are two workaround to tackle this issue:
1. Assign Individual IP to each and every Azure VM
2. Put these all VMs behind the new Std Public LB with the same custom health probe which we have used in Std ILB, and creating any random LB rule based on this custom HP (Like workaround).There are below challenges with above soluntions:
1. It is costly as there is some cost associated with each ***** ip.
2. It is workaround which…45 votes
- Don't see your idea?