Networking
The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.
Virtual Network:
Traffic Manager:
Network Watcher:
If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.
-
ICMP Support for Azure Websites, Roles, Cloud Services
Need support for ICMP features like Ping in Azure Websites, Azure Mobile Services thru node.js, Web/Worker Roles/Cloud Services.
874 votesUnfortunately ICMP presents risks and problems for our underlying network infrastructure. However, we do understand the utility of being able to ping and we ourselves use TCP level applications to ping between services or the Internet, such as TCPING.
-
Support Multicast within Virtual Networks
Allow Multicast operations within the virtual networks for IaaS
139 votes -
Rename VNET
Be able to rename a VNET (changing name only) without having to suppress all VM's and recreate them after...
114 votesName is a unique identifier, hence not allowed to be modified, this is true for all top level resources not just VNet.
— Narayan [MSFT]
-
Allow basic port forwarding in Network Security Groups
It'd be really nice if Network Security Groups allowed basic port forwarding without the use of Azure Load Balancers. Being able to use an alternate public port for RDP, for example 23456, and directing the traffic to the native port (3389) in the Azure environment via the network group would make things simpler than having to create a load balancer to sit in front of the NSG and VM.
107 votesHi Will,
Thanks for sharing this idea – right now we’re not planning on adding this feature since the role of the NSG is exclusively to filter traffic.
-Allegra [MSFT]
-
Allow Multiple network interfaces on all VM sizes
While it is great that Azure now supports multiple network interfaces, this is restricted to standard sizes above large.
Often the requirement for multiple nics is on a machine that is a crossing point between networks, using a standard tier large VM for this type of traffic is serious overkill!
There is a need to have a small, ideally basic tier VM that can have two nics attached.
I realise this may be in the pipeline, since multiple nics are so new to Azure, but it would be very helpful in creating cost effective solutions on Azure if this could…
100 votesMultiple NICs uses up networking resources in the backend, and is not charged separately, hence it is bundled with VM sizes. Multi-NICs will be available only with advertised VM sizes for the foreseeable future.
-
Specify Firewall Exceptions by Host Name Resolution
The current mechanism of specifying firewall exceptions is problematic for those without static IP addresses. Allowing permitted IP addresses to be specified by host name resolution would allow customers to use a dynamic DNS service and eliminate the need to manually update firewall rules when a new address is assigned.
79 votesThank you for the suggestion. Layer 7 functionality is out of scope for NSG at this time. Please take a look at WAF options, including Application Gateway, to see if they can meet your needs. We’re also looking at ways to expose endpoints within the vnet itself.
-
Move Azure Network to Resources Groups or Subscription
Would be great if we can move networks to new Resources Groups or move networks to another subscription. We have 4 subscriptions to organize the costs, but now we can't move the Networks.
64 votes -
Our team has tens of developers who have MSDN account. We'd like to share same VNet which connects to our on-premise network.
Each developer has free-tier Azure usage within their MSDN account, but they can not start virtual machines in the on-premise-connected VNet using the free tier.
To start virtual machines with their account and to access them from on-premise network, It seems that they have to make their own VNet and connect it to the on-premise-connected VNet. It is not convenient.
I believe that If the owner of the on-premise-connected VNet could allow other accounts to create virtual machines within the VNet, lots of developers will be happy for that.
29 votesVirtual Network scope is restricted to a subscription for manageability.
-
Allow Subnet and VNETs to reside in different resource groups
In our design, we are attempting to share a single vnet to be used by each department/tenant. In this model, each tenant gets a small subnet provisioned from the overall vnet address space. Unfortunately, we must create the subnet separately since it is owned by the vnet which belongs to another resource group.
Alternatively, you could allow subnets to have their own resource group similar to nics.
24 votes -
Route table associated to a Virtual Network
It would be great if a route table can be assigned to Virtual Network level and added to the priority sequence like System Routes -> BGP Routes -> UDR at Virtual Network -> UDR at subnet level
This will allow to move all common routes to be placed at virtual network level and then subnet specific to subnet level.
Or allow nesting of UDR where two route tables can be assigned to one subnet which may be a cummulative routes of combined both.
20 votesHello,
We are not planning on supporting UDR at the VNet level as this introduces additional security concerns. You can currently assign a route table to multiple subnets on a VNet to achieve this affect.
-Allegra [MSFT]
-
Decouple vNIC count from VM Size
For people wanting to use Virtual Firewall Appliances, the amount of vNICs a Virtual Server type offers is the key consideration for how many backend subnets one can place behind the firewall.
The existing Azure practice of scaling of a VM type/size to get additional vNICs is therefore problematic for the following reasons.We have to oversize our VM to get the amount of vNICs required. We pay for more CPU and RAM resources than we actually require.
Firewall vendors often license the appliances based on CPU Count. Because we had to oversize our VM, we now have to purchase…
19 votes -
Allow to assign custom routes on the VNET level (instead of only subnets)
We configured a custom gateway on Azure. Unfortunately it's not possible to add routes on a VNET level so these routes get applied to all existing and future subnets automatically.
Basically it would be sufficient to be able to assign UDRs to VNETs.
9 votesHi Thomas,
This is not something we’re currently planning due to security concerns it raises.
- Allegra [MSFT]
-
Create peering to a VNET before the VNET exists
An example:
Terraform script that creates a complete test environment.
As part of that creation, it needs to access to another vnet that acts as a gateway via peering otherwise the deployment will fail.
The peering from the remote vnet can't be configured until the new vnet exists.That means either breaking the Terraform script into multiple parts, watching the deployment and adding the peering once the new vnet exists or giving the script the ability to create the remote peering which breaks the permissions model.
The ability to create a peering to a VNET before it is created in…
4 votesHi Gary,
VNet Peering is a property of the VNet. It cannot exist until the VNet exists.
Apologies for the inconvenience as we are not planning to change this design.
-Anavi N [MSFT]
-
New Small size template with multiple NICs
It is not allowed to have more than 2 NIC for small size VM. Create new VM template group with NICs as central resource or add Small size templates to existing groups with more NICs.
3 votes -
Allow multiple routes with weighting for the same address prefix
I'd like to be able to add the same address prefix multiple times in a route table with weighting differing next hops for DR reasons.
3 votesThanks for sharing your feedback
For Highly Available configuration, we recommnend using Standard Load Balancer with HA ports configuration.
UDR with same prefix would require an orchestration to swich the preference in order to change the routing behavior, this might give you un-expected downtimes.
-
Add & Support Multicast in VNET
We have a need for VNET to support Multicast for various applications (IaaS)
2 votes -
Virtual Network Gateway Hours - Pay only for what you use
I just notice, Virtual network gateway hours is not pay when use. Once you create the gateway and extend the Azure virtual network to your premise, it starts to charge no matter what it's connect or disconnect.
From pricing detail, $0.05 per connection-hour (~$38/month).
So, even I shutdown my premise router overnight, I still need to spend min $38 monthly. It is not really "Pay only for what you use".
1 voteHi, Alex,
There are two charges related to the Azure VPN service: the compute resource charge at $0.05/hour, and the egress data volume charge. Both are based on resource consumption, Unfortunately, even if the VPN tunnels are not connected, the gateway compute resource is still being consumed.
The charge is based on business review and common industry practice. We will consider providing the functionality to “STOP” a gateway if the customer is certain that the gateway will not be in use. If this is the request, please open another item and we will track that feature ask accordingly.
Thanks,
Yushun [MSFT] -
Allow Virtual Machines from different subscriptions to belong to the same Virtual Network
We have multiple subscriptions for development and testing and it would be useful if we could have Virtual Machines from those different subscriptions attached to the same Virtual Network.
1 voteWe will soon have ways to inter connect different VNets on the same subscription, but subscription remains to be the trust boundary for a customer, hence Vnets will have to stay within subscription scope, at least in the near term.
-
Virtual Network Gateway
I believe that route based Virtual Network Gateways are created as GatewaySKU = Basic by the new Azure Portal but billed as GatewaySKU = Standard.
I created a new Virtual Network Gateway through the new Azure Portal and then checked the GatewaySKU via Azure PowerShell. It showed the SKU being Basic but according to the Portal I was being billed the Standard GatewaySKU rate.
I was able to fix the billing by first changing the GatewaySKU via PowerShell to Standard and then immediately back to Basic.
1 voteYou should not be seeing this behavior. If it happens again, please open a support ticket through the Azure Portal so that we may investigate why this is happening.
Thanks,
Bridget [MSFT] -
Affinity Group Missing
Hi Gents,
The Affinity Group - or my vnet is missing when creating a cloud service. How do you expect me to assign my cloud services to my vnet (Affinity Group) if it is missing from the Azure Portal?
I had to use power shell and am now running into address issues.
1 voteVNet is scoped to a region. It accepts deployments that are tied to an affinity group, as long the affinity group is in the same region as the VNet. The new Ibiza portal does not support cloud services concept.
- Don't see your idea?