Networking
The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.
Virtual Network:
Traffic Manager:
Network Watcher:
If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.
-
change virtual machine virtual network through portal
Today, I needed to change a virtual network to a existing Virtual Machine. I had to delete this VM, create a new one using attached disks from the old one and set the Virtual Network. It would be nice if we had another way to do that, using Portal for example.
766 votesThis remains on our long-term backlog as something we want to offer.
Thank you for your feedback and sorry for the inconvenience of the previous update.
- Tim M [MSFT]
-
Allow DNS servers to be advertised per subnet instead of VNET
Instead of advertising the DNS servers per VNET, is there anyway we can specify what DNS servers should be advertised per subnet? In most cases, I would create a VNET and use NSGs to segregate out my traffic.
The problem with specifying the DNS servers for the whole VNET, is now I am required to create a completely separate VNET for a DMZ, as my internal DNS servers are being advertised to those machines. In this case, being able to specify DNS servers at a subnet level will allow more flexibility in regards to creating one VNET instead of multiple…
569 votesThis remains on our long-term backlog as something we want to offer.
-
Please add port-mirroring to Azure to enable DLP and logging applications
We would like a virtual span port or port-mirroring ability
375 votes -
Offer NAT as a Service
There is often the need to connect two or more networks with overlapping addresses over a VPN in regulated industries. The address spaces (often 10.0.0.0/8) can't be changed, however a DMZ subnet can be introduced in each network from the 172.16.0.0/12 address space. The DMZ subnets will not overlap between any network.
Just like the load balancer, make a NAT device a first class function citizen in virtual networking and allow us to define SNAT, DNAT or Full NAT. Feel free to require a dedicated subnet for the device.
Then make it easier for custom route rules to route traffic…
335 votesApologies. There was apparently a misunderstanding and the status has been corrected.
This specific feedback item is for NAT from private IP space to private IP address
-
Possibility to set a DNS Suffix on Azure networks (like DNS Servers)
There are many scenarios for Virtual Machines (and Other maybe) where NIC settings are cleared (VM Deallocated). DNS Servers can be set on Azure Network, and this VM will have DNS Servers settings via DHCP. But we have to set DNS Suffix manually each time, or set a script automatically at each boot.
The idea is just to have a way to set a suffix DNS for VM Networks, with the same way as DNS Servers. With this settings, DHCP will assign DNS suffix to all VM automatically.331 votesWe understand the need for this capability and are looking at ways to solve this. At this time we do not have any timelines to share however but your comments help raise the priority for getting it done.
- Altaf T -
Please provide a way for grouping the endpoints and assign as a group name to the Azure VMs
We are adding endpoints for each virtual machine once created. Normally the RDP endpoint will be created by default, and can be added more if required by specifying the port #. I feel there are additional features needed to make this feature more flexible and to secure them in a centralized place. Some are -
The endpoints are configured by defining the ports, but it is not accepting whether the ports are inbound or outbound. So, there should be an option to include the port to open for inbound or outbound instead of configuring in the VM.
There should also…
312 votesHi there, this is a lot of good feedback. Thanks for taking the time to send it over to us, we really appreciate that here at Microsoft.
1. Could you elaborate on the need for this?
2. This is possible today via NSGs you can specify the source IP.
3. Have you looked at ASGs?
4 (both of them) We are looking into making management easier and will take this feedback into consideration.
Thanks!
- Anavi N [MSFT]
-
Support VNET re-deployment without destroying subnets
When you deploy a VNET from an ARM template in incremental mode I would expect omitting the subnet property would not change the subnets since they are child resources. Instead they are destroyed. I think this is inconsistent with all other similar resource types e.g. app service plans and web apps, azure SQL servers and databases, etc... Please make VNETs and subnets deployments consistent.
https://github.com/Azure/azure-quickstart-templates/issues/2786
302 votesThanks for this suggestion. Apologies for the inconvenience this inconsistent behavior has caused, while we look into it, note a workaround that has worked for a few:
https://github.com/Azure/azure-quickstart-templates/issues/2786#issuecomment-382489945
- Anavi N [MSFT]
-
Allow to change subnets modification with enabled vnet peering
Currentl once vnet is deployed and peering is created with another subscription or vnet. Once the peering is set, it is not possible to extend,remove or add another subnets ranges to all vnets which have valid peering configured. For such if you need to modify the subnet, you have to remove the peering (might cause downtime if peering is used), do the subnet modification and recreate the peering again.
258 votes -
Allow transit routing between ExpressRoute, VPN Gateways, and NVAs by allowing them to peer with BGP and exchange routes.
Allow transit routing between ExpressRoute Gateways, VPN Gateways, and NVAs by allowing them to peer with BGP and exchange routes. This functionality would give the customer more flexibility in how they lay out their network.
205 votesHello,
Thank you for your feedback. We plan to address this gap.
Bridget [MSFT] -
Simplify creation and visualization of Azure VNET's
Creating a virtual network that spans an on-premise deployment and more than 1 Azure datacenter is a pain and not easy to "see" if all thing are lined up correctly. Building a network like this shouldn't require importing or exporting files and running powershell commands if you don't want to. Would be great it was like using Visio (Drag, Drop, Pipe). Then use that same view to see the overall health, speed, and usage in real time on that network.
187 votesHey Conrad,
This is an amazing idea! For now, this tool can help you view and interact with your network: https://marketplace.visualstudio.com/items?itemName=bencoleman.armview.
Additionally, documentation for Network Watcher topology view can be found here: https://docs.microsoft.com/en-us/azure/network-watcher/view-network-topology. I will forward your suggestion that this be made more interactive.
Best,
Allegra [MSFT] -
update DNS settings for VNET without restart of the VMs to take effect
Current when we try to update the DNS settings in the VNET or NIC, it required the VMs to be restarted to take effect. But when there are a large amount of VMs under the VNET, it would be a hard work to do so.
If this process could be simplify so that the restarted of VM will be no longer required, it would be a good news.174 votesThank you for the feedback. We’ll look into whether this can be included in our roadmap.
-
implement Service tags for UDR/Route
Can be good when we create a Route/UDR to have the possibility to select in "Next Hop Type" a service Tag, or Azure Region IP range.
166 votesHi all,
We’re currently working on implementing this feature!
Stay tuned,
Allegra [MSFT] -
Allow us to view the effective route for an Subnet without requiring an Interface inside of the subnet.
Currently in order to view the effective routes for a subnet you need to have some kind of network interface inside of the subnet. I find that sometimes I need to view the routing table for a subnet, but it doesn't contain any VMs. Could you add functionality to allow us to view the effective routes without having to provision anything inside of it?
My use case is that I host ILB ASEs in dedicated subnets, but I can't view the routing table because there are no VMs inside of it.159 votesThis is great feedback, we are working on this.
- Anavi N [MSFT]
-
Allow transitive network flow between peered VNET's
if we assume Three networks.
VNET1 <> VNET2 <>VNET3
<> denotes vnet peering
A machine on VNET1 cannot directly see a machine in VNET3
We would like this facility to enable us to build a network design without having to use vitual network appliances to make this happen.
159 votesTransitive network flow between peered vnets is on our roadmap but we have no dates to share at this time.
-
Multiple Network Security Groups per subnet
Provide ability to associate multiple Network Security Groups with a single subnet. Right now there is limitation to associate only one NSG per subnet.
This limits reusability of NSGs which are created at subscription level. We have come across use-cases where multiple subnets have common rules and few subnet-specific rules.
It will be help a lot in terms of rules management and reusability if it is possible to segregate common rules across subnets in an NSG which can them be applied on a subnet with additional NSGs for subnet specific rules.
107 votesHi Gaurav
Thanks for the feedback, we are exploring options to cover this scenario, Application Security Groups it’s a good start
https://docs.microsoft.com/en-us/azure/virtual-network/create-network-security-group-preview -
Allow a VM's NIC to use a VNET\Subnet from another Subscription
Given that the syntax of json deployment templates allows referencing resources by a unique resourceid which includes the guid of the subscription, I would like to create a VM in subscription 'A', whose NIC references a subnet that is part of a VNET in subscription 'B'.
The reason for this is two-fold:
1) This would allow a corporate networking function to securely manage all the networking infrastructure in a corporate IT-owned and managed subscription, but allow it to be consumed by line-of-business units, whose subscriptions are restricted (via ARM policies) to not allow the creation of VNETs.
2) This would…97 votes -
Cross-subscription VNet (Shared VNet)
A virtual network that spans subscriptions. Multiple different subscriptions can deploy to the same virtual network in a region.
If you are interested in this feature, please up-vote and add details about your company/scenario.
We appreciate the feedback.
- VNet Team [MSFT]
81 votes -
VM MAC address spoofing
I wanted to run multiple LXC/LXD containers on a single Linux VM and make them exposed to VNET via a bridged interface to provide services in the private network. That's not possible without VM/VNIC ability of MAC address spoofing. Please support it.
79 votes -
vnet peering too expensive
Best practices are to create a subscription for ExpressRoute and then peer VNets for different subscriptions. This doubles the cost of traffic to and from Azure making it a non start for most. It is understandable to have costs between regions, but for networking that would be no cost if in the same subscription, why is there then a cost for my networks in my two subscriptions in the same region? These cost make it impossible to follow best practices for security, design, partner management, etc.
68 votesThank you for your feedback.
We are evaluating what we can do in this space.
- Anavi N [MSFT]
-
Network Security Group Rules Export button to CSV in portal
I would like to have a button in the Portal on the NSG blade to Export all inbound and outbound rules to CSV.
66 votesThanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature
- Don't see your idea?