Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details
  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details
  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details
  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    How can we improve Azure Networking?

    You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

    There are two ways to get more votes:

    • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
    • You can remove your votes from an open idea you support.
    • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
    (thinking…)

    Enter your idea and we'll search to see if someone has already suggested it.

    If a similar idea already exists, you can support and comment on it.

    If it doesn't exist, you can post your idea so others can support it.

    Enter your idea and we'll search to see if someone has already suggested it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. NSG service tag for AzureBastionSubnet

      When implementing complicated access controls inside a virtual network, we always need to allow connections from AzureBastionSubnet of the virtual network.

      It would be nice we have AzureBastionSubnet service tag which automatically describes a specific Azure Bastion subnet for each virtual network where resources NSG attached reside in.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Virtual Networks (VNET)  ·  Flag idea as inappropriate…  ·  Admin →
    2. VNet peering circular dependency reference due to cross 'dependsOn' between the two VNets

      When a peering is set up between two vNets, VNET1 and VNET2, there would be two 'dependsOn' properties in the template generated from the Automation script blade of the resource group. VNET1 would depend on VNET2, and VNET2 would depend on VNET1. This causes a circular dependency error and the deployment of the template would fail. If you manually remove the two 'dependsON' properties, the deployment would succeed with the same result. I think that this should be fixed, I found this suggestion in this post : https://techcommunity.microsoft.com/t5/Azure/Does-vNet-peering-cause-a-circular-dependency-error-in/m-p/369823#M3963

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      under review  ·  0 comments  ·  Virtual Networks (VNET)  ·  Flag idea as inappropriate…  ·  Admin →
    3. Apply NSG at subnet without applying to NICs

      Provide ability to apply an NSG at the subnet level that is NOT applied to each individual NIC as is currently the case.

      Say I have five subnets and want to block all inbound traffic to subnet A from the other subnets except for one port.

      If I apply a deny all rule to VirtualNetwork, this blocks all communication between VMs in subnet A which breaks cluster type setups unless explicit allow rules are added.

      If I don't apply a deny all rule I have to explicitly add the other subnets as deny, but if another subnet is added it…

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual Networks (VNET)  ·  Flag idea as inappropriate…  ·  Admin →
    4. IP-in-IP

      Provide the ability to unblock IP-in-IP encapsulated packets in a virtual network.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      need-feedback  ·  1 comment  ·  Virtual Networks (VNET)  ·  Flag idea as inappropriate…  ·  Admin →
    5. Dynamic routing within VNET

      I would like to have the option to dynamically route traffic within a subnet in Azure.
      Example: I have a two VMs acting as tunnel endpoints for 4G<->Network devices. These VMs are connecting to the same endpoints over Internet but use different technologies and have different connection availability. One is fast but unreliable, the other one slow but reliable. This setup is exported from my on premise VMware setup. But for this to work I have to be able to dynamically choose which VM I want to route traffic to, be it using Cisco route tracking or OSPF.

      I've set…

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  Virtual Networks (VNET)  ·  Flag idea as inappropriate…  ·  Admin →
    6. Need ability to update NIC IP configurations for VMs that are stopped but not deallocated

      When attempting to update NIC IP configurations for Azure VMs that are stopped but not deallocated, the update request times out after a long time period and subsequent requests for changes to the VM's NIC configuration fail. Users should be able to make this type of change without a failure or a long time-out period.

      2 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual Networks (VNET)  ·  Flag idea as inappropriate…  ·  Admin →
    7. virtual network integration panel is broken (August 2017)

      Hi,

      The section "IP ADDRESSES ROUTED TO VNET" in the App Service Plan/Networking/Virtual Network Integration panel is no longer working.

      This looks like a GUI error. The section is empty - does not show the actual configured routes, and does not provide an input box to add additional routes.

      This affects classic VNets - I do not know about RM Vnets.

      Regards,
      Ben

      2 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Virtual Networks (VNET)  ·  Flag idea as inappropriate…  ·  Admin →
    8. Support for VNET peering when deploying failover groups

      There is no support for VNET peering when deploying failover groups (one have to create new IPSec VPN tunnels to test failover across regions)

      2 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual Networks (VNET)  ·  Flag idea as inappropriate…  ·  Admin →
    9. Name display for next hop types

      "The name displayed and referenced for next hop types is different between the Azure portal and command-line tools, and the Azure Resource Manager and classic deployment models."

      This should be changed for intuition. I should be forced to remember multiple names for identical configurations. Azure already has unnecessarily given proprietary names for industry standards.

      Stop making your product unnecessarily difficult to use.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual Networks (VNET)  ·  Flag idea as inappropriate…  ·  Admin →
    10. Make sure no new network adapters are created or the new one inherites the values of the pre existing NIC.

      We use DSC to monitor for compliancy. When someone switches the subnet in Azure a new NIC is created in Windows. The networkingDSC resource enables you to rename a NIC so you can monitor it based on a predictable name for monitoring / orchestration purposes. But when a VM is moved to a new Network subnet it creates a new nic and hides the old one in system devices. DSC is then unable to rename the NIC to the same name as it's config due to the old name being in use.... This behavior breaks the goal of eliminating configuration…

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual Networks (VNET)  ·  Flag idea as inappropriate…  ·  Admin →
    11. effectiveNetworkSecurityGroups and effectiveRouteTable to have 'read' rather than 'action' t better integrate with Azure RBAC

      The 'Microsoft.Network/networkInterfaces/effectiveRouteTable/action' and 'Microsoft.Network/networkInterfaces/effectiveNetworkSecurityGroups/action' provider actions must rather end with a 'read' to better integrate with Azure RBAC. Customers have to write a new role definition for a reader to just be able to read effective NSG rules (while individual NSGs and NSG rules can be read by a reader). The fact that these two actions end with a 'action' makes a reader not have access to leverage this feature.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual Networks (VNET)  ·  Flag idea as inappropriate…  ·  Admin →
    12. Service tag for Azure alert webhooks

      We would like to have a way to whitelist webhook calls from Azure alerts on the NSGs. I have tried using the 'Azure Monitor' service tag, however, it looks like the calls are getting blocked (testing using the Internet service tag which works).

      Could you please let me know if there is a tag for Azure alerts?

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual Networks (VNET)  ·  Flag idea as inappropriate…  ·  Admin →
    13. Delete a network security group: this description is insufficient. please make it better

      Delete a network security group: this description is insufficient. please make it better

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual Networks (VNET)  ·  Flag idea as inappropriate…  ·  Admin →
    14. There is a bug in firewall settings

      in this page:
      https://portal.azure.com/#@XXXX/providers/Microsoft.Network/networkSecurityGroups/xxxx/overview

      Where I try to change the ip for more that one inbound rule, there is a validation message says that the port is duplicated (although it is not)

      Excepted not to see this message

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual Networks (VNET)  ·  Flag idea as inappropriate…  ·  Admin →
    15. make SNAT Flows graph tool available to customers

      give customers access to the virtual network SNAT Flows graph tool/data, so that a customer can self determine if a Azure VM using default Internet access is actually successfully communicating outbound to the internet. This is impossible to discern from other Azure tools or conclusively know by running packet captures locally on the VM. Support has access to this tool and data, and was able to confirm for me which ruled that out as a problem, and resulted in correct resolution of the root problem.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual Networks (VNET)  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    16. Add Ability to create a Dynamic Object "Local Subnet" Route in a Route Table

      We have a configuration where we want VMs on the same subnet to communicate directly through the virtual network, and VMs on different subnets to communicate through a firewall. We have done this by defining a unique route table for for each subnet.

      It would be far more better to have a "Local Subnet" object so that a single route table could be used for all the subnets in a vnet. For example, create a route with Address Prefix as "Local Subnet" with nexthop "Virtual Network".

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Virtual Networks (VNET)  ·  Flag idea as inappropriate…  ·  Admin →
    17. Vnet creation imposes 1 subnet. why not make it optional or allow the creation of all subnet needed at once

      upon creating my vnet I can only 1 subnet. an ADD button would be useful to allow the creation of multiple subnet at one time or make it optional

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual Networks (VNET)  ·  Flag idea as inappropriate…  ·  Admin →
    18. Internal vNet endpoints for SQL Databases and Storage Devices to allow private accessible only via Expressroute Gateway

      To justify using Expressroute to "securely" extend the corporate LAN/WAN infrastructure to the cloud.

      Create Internal vNet Endpoints for SQL Databases and Storage Devices to allow private accessible only via Expressroute Gateway.

      Needed to secure sensitive PII, HIPAA, and Company Confidential Databases and storage devices

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual Networks (VNET)  ·  Flag idea as inappropriate…  ·  Admin →
    19. Complete Network map

      Complete Network map - NICs connected to subnet - connected to vnet and NSG rule name

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual Networks (VNET)  ·  Flag idea as inappropriate…  ·  Admin →
    20. Backup and restore each network resource configuration settings

      Network resources configuration like VNET, Traffic Manager, Load Balancer, VPN GW, App GW, UDR, NSG, be able to backup and restore by each compornent.
      This would help if configuration ever gets lost, accidentally changes it, corrupt, or we want to recreate a new component and keep some favorite settings.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual Networks (VNET)  ·  Flag idea as inappropriate…  ·  Admin →
    • Don't see your idea?

    Feedback and Knowledge Base