Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details

  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details

  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details

  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Create a UDR nextHopType VnetPeering

      At the moment there is no way to set a UDR route entry nextHopType to Vnet Peering. This makes it cumbersome to overwrite standard routes to force them through for instance a virtual firewall.

      For instance, I would like to be able to route a full VNET peered address space to a Virtual Firewall NIC IP, and then make a more specific route for the subnet of the Virtual NIC pointing to VnetPeering. At the moment you will have to keep the standard created address space summary and create multiple specific routes for all the other subnets.

      7 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  2 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    2. NSG service tag for AzureBastionSubnet

      When implementing complicated access controls inside a virtual network, we always need to allow connections from AzureBastionSubnet of the virtual network.

      It would be nice we have AzureBastionSubnet service tag which automatically describes a specific Azure Bastion subnet for each virtual network where resources NSG attached reside in.

      7 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    3. Distribute DNS Suffix through Virtual Nerwork

      Distribute DNS Suffix through Virtual Nerwork for all OS, in most of case, mainly Linux OS, we need to set a dns suffix to resolve internal names.

      7 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    4. Azure Network Topology Diagram Vnet to Vnet

      Azure Network Topology Diagram is great but it will be more useful & better if that can be extended from Vnet to vnet as well & this will give us better understating how the whole azure setup is done. It will also help us to troubleshoot more better way. Is there any plan to add this feature in near future?

      7 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    5. I would like to be able to define DNS Servers on a subnet level and not just at the vNet level

      I sometimes have different DNS Servers that I want to assign to each subnet within a vNet. I currently can't find a way to do that except for changing the DNS Servers on each VM's NIC in the subnet.

      7 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      under review  ·  0 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    6. Delete bulk selected Unassociated Public IP address

      I have created bulk 100 VMs in Azure cloud with static IP and deleted those VMs later.

      Now I want to delete particular 60 unassociated public IP address and keep 40 IPs for further developments.

      Currently, we have an option to delete unassociated public IP address using this command "Remove-AzureRmPublicIpAddress" but it is not user-friendly. it is required yes or no option for every IP. Too much patience for this.

      We need an option like "select all unassociated IPs and deselect only required IPs then delete button. Only 2 to 5 minutes.

      The current delete option is required more than…

      6 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    7. Tell the user which objects prevent an object from being deleted

      I wanted to delete a Virtual Network and it kept telling me that it was in use and that I should come back later if I just deleted an object that used this Network.
      However, the actual reason was that the Virtual Network still had a Gateway configured. As this gateway only shows up inside the Virtual Network and not on "All Resources", I wasted hours to figure out why I couldn't delete the network.

      Suggestion:
      If I can't delete an object because it is in use or has children, give me a list of those objects that prevent the…

      6 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →

      Hi Daniel, we’ve made some updates here, our error messages tell you what resources are preventing delete VNet.

      Further, we created a diagnostic in the support work flow (Azure Portal, support ticket creation: Virtual Network > Management > Cannot delete VNet) to tell you exactly what resources are preventing delete, too!

      Hope this helps, let us know your feedback

      https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-troubleshoot-cannot-delete-vnet

      - Anavi N [MSFT]

    8. I want to set using gateways on spoke vnet.

      actually, vnet peering is able to single hub architecture.

      eg;
      Allowed model:
      [ Spoke vnet1 ] ----------- [ Hub vnet1 ] -----<ER/S2S>---
      - spoke to hub use remote gateway
      - hub to spoke allow gateway transit

      Disallowed model:
      ---<ER/S2S>---- [ Spoke vnet1 ] -------- [ Hub vnet1 ] --- <ER/S2S> ---
      - spoke to hub use remote gateway
      - hub to spoke allow gateway transit(both vnets)

      I want to use multi gateway, use scenario is below.
      [Spoke vnet1] is owned by managed service provider. This service has VPN option on VPN gateway. but, cannot deploy VPN of this restriction.

      6 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    9. Peering Cost prevents some freedom in design

      Several times when proposing a customer utilize an "empty hub" as a starting point in what will grow over time, the cost affiliated with the peering causes some push back.

      My suggestion is to remove the cost associated with Peering within a region, Global peering I wouldn't expect be free. Typically the hosts in a hub / spoke config communicates within 1 vNet or to a Hybrid endpoint, that already incur egress charges from the GW

      5 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    10. effectiveNetworkSecurityGroups and effectiveRouteTable to have 'read' rather than 'action' t better integrate with Azure RBAC

      The 'Microsoft.Network/networkInterfaces/effectiveRouteTable/action' and 'Microsoft.Network/networkInterfaces/effectiveNetworkSecurityGroups/action' provider actions must rather end with a 'read' to better integrate with Azure RBAC. Customers have to write a new role definition for a reader to just be able to read effective NSG rules (while individual NSGs and NSG rules can be read by a reader). The fact that these two actions end with a 'action' makes a reader not have access to leverage this feature.

      4 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    11. Support Longest Prefix Match in VNet Peering

      Allow VNet Peering between two VNets that may have overlapped IPs by supporting Longest Prefix Match in routing.

      4 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    12. Attach second network interface to already running instance

      I would like to be able to attach new network interface to already started instance (single VM or VM in scale set)

      Reason for that is for example:
      https://www.credera.com/blog/technology-solutions/how-to-automate-zookeeper-in-aws/ (Option 3)

      4 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    13. Tiny IPv6 address prefix size is just embarrasing.

      This is a common theme of service providers that Just Do Not Get It. The entire point of IPv6 is that the address space is no longer limited to tiny blocks.

      The standard is to provide a /64 to customers. That should be the bare minimum for a cloud service being provided to enterprises. A /125 is a joke.

      The RIPE.NET recommendation is /48 for everybody: https://bit.ly/2rynO5M

      4 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    14. Dual Stack Azure VM requires public IPv4 address to work

      An Azure VM configured in a dual-stack IPv6 subnet with two IP configurations (IPv4 and IPv6) by default has IPv4-only connectivity.
      The VM will get IPv6 internet connectivity only if a public IPv6 address is assigned to it. Once a public IPv6 is assigned to the machine, IF the machine does NOT have a public IPv4 assigned to it, the VM will loose IPv4 internet connectivity and will only be able to browse ipv6-only sites.
      When a public IPv4 address is assigned to the VM, VM will be able to browse IPv4 and IPv6 sites.

      Such behavior is unexpected (assigning…

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    15. IP and domain restrictions - add posibility to configure it in Portal

      Instead of configuring IP and domain access restrictions in web.config like described here: http://azure.microsoft.com/blog/2013/12/09/ip-and-domain-restrictions-for-windows-azure-web-sites/ , it would be nice to add posibility to set restrictions somewhere in Portal.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    16. Improve Networking API

      https://docs.microsoft.com/en-us/rest/api/virtualnetwork/Subnets/Get

      Add an additional return value field stating remaining Private IP Addresses available for consumption in a VNET\Subnet -

      This response can help monitor Private IP exhaustion from AKS \ DataBricks \ - maybe expand capability to PrivateLink or Service Delegated subnets.

      This could also be delivered as a service in NetworkWatcher.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    17. VNet peering circular dependency reference due to cross 'dependsOn' between the two VNets

      When a peering is set up between two vNets, VNET1 and VNET2, there would be two 'dependsOn' properties in the template generated from the Automation script blade of the resource group. VNET1 would depend on VNET2, and VNET2 would depend on VNET1. This causes a circular dependency error and the deployment of the template would fail. If you manually remove the two 'dependsON' properties, the deployment would succeed with the same result. I think that this should be fixed, I found this suggestion in this post : https://techcommunity.microsoft.com/t5/Azure/Does-vNet-peering-cause-a-circular-dependency-error-in/m-p/369823#M3963

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      under review  ·  0 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    18. Allow to add multiple Service Tags to NSG rule

      Allow to add multiple Service Tags to NSG rule. Right now we can add multiple subnets, ranges, IPs and ports, Great idea would be to add also multiple service tags to source/destination as now we create multiple rules for one host to multiple service tags.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    19. Error Messages from Azure should be informative enough for the user to take corrective measures

      When a deployment fails, error messages do not explain or let us know what was the issue all about. This needs to be fixed.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    20. IP-in-IP

      Provide the ability to unblock IP-in-IP encapsulated packets in a virtual network.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      need-feedback  ·  1 comment  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    • Don't see your idea?

    Feedback and Knowledge Base