Networking
The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.
Virtual Network:
Traffic Manager:
Network Watcher:
If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.
-
change virtual machine virtual network through portal
Today, I needed to change a virtual network to a existing Virtual Machine. I had to delete this VM, create a new one using attached disks from the old one and set the Virtual Network. It would be nice if we had another way to do that, using Portal for example.
607 votesThis was included in our planning.
-
Allow DNS servers to be advertised per subnet instead of VNET
Instead of advertising the DNS servers per VNET, is there anyway we can specify what DNS servers should be advertised per subnet? In most cases, I would create a VNET and use NSGs to segregate out my traffic.
The problem with specifying the DNS servers for the whole VNET, is now I am required to create a completely separate VNET for a DMZ, as my internal DNS servers are being advertised to those machines. In this case, being able to specify DNS servers at a subnet level will allow more flexibility in regards to creating one VNET instead of multiple…
375 votesThis remains on our long-term backlog as something we want to offer.
-
Want that VNet Peering can be created in another Directory
Currently, VNet Peering between the different subscription there is a description that can be created. However, I checked , there was a need to be a separate subscription in the same directory.
The scene in which Vnet Peering is utilized, the situation is considered overwhelming majority (such as the merger of the company, and integration of the system, etc for connection between VNet and VNet).
254 votes -
Allow transit routing between ExpressRoute, VPN Gateways, and NVAs by allowing them to peer with BGP and exchange routes.
Allow transit routing between ExpressRoute Gateways, VPN Gateways, and NVAs by allowing them to peer with BGP and exchange routes. This functionality would give the customer more flexibility in how they lay out their network.
134 votesHello,
Thank you for your feedback. We plan to address this gap.
Bridget [MSFT] -
VNet Peering Limit - INCREASE
With new concepts like Global VNet Peerings, Virtual Datacenter and Hub-Spoke Topology - VNEt peerings become more and more important.
Please INCREASE the number of 50x allowed Peerings / Subscription/VnetMany thanks in advance, you are doing a great JOB - keep it UP!
Catalin133 votesHi CataLin, glad you’re enjoying our products and features! We’ll add this onto into our plan.
— Anavi N [MSFT]
-
Offer NAT as a Service
There is often the need to connect two or more networks with overlapping addresses over a VPN in regulated industries. The address spaces (often 10.0.0.0/8) can't be changed, however a DMZ subnet can be introduced in each network from the 172.16.0.0/12 address space. The DMZ subnets will not overlap between any network.
Just like the load balancer, make a NAT device a first class function citizen in virtual networking and allow us to define SNAT, DNAT or Full NAT. Feel free to require a dedicated subnet for the device.
Then make it easier for custom route rules to route traffic…
122 votes -
Support VNET re-deployment without destroying subnets
When you deploy a VNET from an ARM template in incremental mode I would expect omitting the subnet property would not change the subnets since they are child resources. Instead they are destroyed. I think this is inconsistent with all other similar resource types e.g. app service plans and web apps, azure SQL servers and databases, etc... Please make VNETs and subnets deployments consistent.
https://github.com/Azure/azure-quickstart-templates/issues/2786
96 votes -
Allow Network Security Groups (NSGs) to Reference Application Security Groups (ASGs) From Different Location
Remove the limitation of restricting Network Security Groups (NSGs) ability to leverage/associate Application Security Groups (ASGs) that are not within the same location of the target Virtual Network (VNET).
This is especially important, to provide granularity and segregation/isolation in a hub-and-spoke networking model (i.e. VNetA-ASG1-to-VNetB-ASG1), in association with VNet Peering.
88 votesThanks for the feedback, we are working on enabling ASG references across subscriptions/VNets, it’s currently on our plans
-
Multiple Network Security Groups per subnet
Provide ability to associate multiple Network Security Groups with a single subnet. Right now there is limitation to associate only one NSG per subnet.
This limits reusability of NSGs which are created at subscription level. We have come across use-cases where multiple subnets have common rules and few subnet-specific rules.
It will be help a lot in terms of rules management and reusability if it is possible to segregate common rules across subnets in an NSG which can them be applied on a subnet with additional NSGs for subnet specific rules.
80 votesHi Gaurav
Thanks for the feedback, we are exploring options to cover this scenario, Application Security Groups it’s a good start
https://docs.microsoft.com/en-us/azure/virtual-network/create-network-security-group-preview -
Bring Your Own Public IP Address space and Internet subnet routing in Azure Virtual Networks
When you own a public address space IPv4 and/or IPv6, Windows Azure should provide a way to use it (via LISP and/or classic routing).
When you don't own a public address space, you should be able to rent it for your virtual network on Windows Azure both via Microsoft or via Tunnel Broker providers78 votesReactivating this request…apologies that it was closed due to misunderstanding of your intent.
We’ll take this request as: I need a simple way to host IP space that I own as Public IP’s in Azure which I can then use on my Azure-hosted services/VM’s.
We’ve had multiple requests for this feature recently and are actively working through the design now. Unfortunately, we don’t have an estimated release date yet.
-
Allow the use of a known outbound nat gateway for vnets
VMs placed in a vnet today with a public ip attached, access the Internet from arbitrary, unknown addresses. This makes it hard to manage access from Azure VMs to backend systems relying on IP-address ACLs. We simply need to know which ip address azure vms use for accessing resources outside the vnet. If I use UDR's with dest 0.0.0.0/0, load balancing in Azure doesnt work. Please give us a configurable NAT gatway per subnet or vnet similar to what aws has.
77 votesThis is now in our planning.
-
update DNS settings for VNET without restart of the VMs to take effect
Current when we try to update the DNS settings in the VNET or NIC, it required the VMs to be restarted to take effect. But when there are a large amount of VMs under the VNET, it would be a hard work to do so.
If this process could be simplify so that the restarted of VM will be no longer required, it would be a good news.49 votesThank you for the feedback. We’ll look into whether this can be included in our roadmap.
-
Azure Internal Endpoints to Vnet
Please provide Azure Services with an Internal Endpoint (a least Azure Storage and Azure Backup) to build up machines without Internet Connection.
43 votesStorage service tags gives this capability and it was Completed. Private IP for storage is under review.
-
Want that VNet Peering can be created another Region in same Gio
Currently, although it is possible to create a Peering between VNet within the same region, the same thing can be carried out also in the address space and subnets in VNet.
When VNet Peering can be created another Region in Same Gio that becomes available, I believe that the network design and expansion becomes easy.
I kindly ask for your consideration.
40 votesHi, this is been in preview. More info: https://azure.microsoft.com/en-us/updates/global-vnet-peering-preview/
-
Add a system route for KMS
Could you please add a system route to the KMS server. (kms.core.windows.net / 23.102.135.246)
When using forced-tunneling, we must set an UDR to the KMS manually.33 votesThanks for the feedback, we are exploring options to solve this inconvinient when using default routes.
Unfortunatelly kms is not a single VIP globally, exploring options.
-
Allow a VM's NIC to use a VNET\Subnet from another Subscription
Given that the syntax of json deployment templates allows referencing resources by a unique resourceid which includes the guid of the subscription, I would like to create a VM in subscription 'A', whose NIC references a subnet that is part of a VNET in subscription 'B'.
The reason for this is two-fold:
1) This would allow a corporate networking function to securely manage all the networking infrastructure in a corporate IT-owned and managed subscription, but allow it to be consumed by line-of-business units, whose subscriptions are restricted (via ARM policies) to not allow the creation of VNETs.
2) This would…33 votes -
subnet expansion
It would be nice if you could expand a subnet without having to remove all of the cloud services and VMs from the subnet. In our case we will have to destroy all of our subnets to expand one subnet. This is very inconvenient (yes we opened a support ticket).
Additionally, make the tool available that the internal Microsoft support people use that creates a nice table of the various components of the subscription (I don't need to know datacenter, node, cluster). I've only seen snippets of the tables, but they are better than what I am getting from either…
33 votesIdea of subnet expansion is in review. The topology view showing VNets, subnets and VMs under that is now available through Netwatcher which was just announced to preview. More information here: https://azure.microsoft.com/en-us/updates/public-preview-network-watcher/
— Narayan [MSFT]
-
Ability to move a NIC from one VNET to another.
Could we get the ability to detach a NIC from it's current VNET and reattach it to a different VNET? In my case, I accidentally created a new VNET instead of attaching it to a pre-existing one, and it would be more convenient to move it over instead of recreating the NIC.
27 votesThank you for your suggestion, we are planning to offer this feature.
-
Allow transitive network flow between peered VNET's
if we assume Three networks.
VNET1 <> VNET2 <>VNET3
<> denotes vnet peering
A machine on VNET1 cannot directly see a machine in VNET3
We would like this facility to enable us to build a network design without having to use vitual network appliances to make this happen.
25 votesTransitive network flow between peered vnets is on our roadmap but we have no dates to share at this time.
-
Enable a VM to move between cloud service and VMNet AFTER VM creation
At present, if you create a VM and THEN want to put it into a vmnet, you must destroy the VM then recreate it (keeping the same disk). This is quite wasteful and slow. Please provide the feature to 'move' a vm between a cloud service and a vmnet with minimal downtime.
24 votesWe are planning to enable this feature.
- Don't see your idea?