Networking
The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.
Virtual Network:
Traffic Manager:
Network Watcher:
If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.
-
ICMP Support for Azure Websites, Roles, Cloud Services
Need support for ICMP features like Ping in Azure Websites, Azure Mobile Services thru node.js, Web/Worker Roles/Cloud Services.
874 votesUnfortunately ICMP presents risks and problems for our underlying network infrastructure. However, we do understand the utility of being able to ping and we ourselves use TCP level applications to ping between services or the Internet, such as TCPING.
-
Support Multicast within Virtual Networks
Allow Multicast operations within the virtual networks for IaaS
139 votes -
Rename VNET
Be able to rename a VNET (changing name only) without having to suppress all VM's and recreate them after...
114 votesName is a unique identifier, hence not allowed to be modified, this is true for all top level resources not just VNet.
— Narayan [MSFT]
-
Allow basic port forwarding in Network Security Groups
It'd be really nice if Network Security Groups allowed basic port forwarding without the use of Azure Load Balancers. Being able to use an alternate public port for RDP, for example 23456, and directing the traffic to the native port (3389) in the Azure environment via the network group would make things simpler than having to create a load balancer to sit in front of the NSG and VM.
107 votesHi Will,
Thanks for sharing this idea – right now we’re not planning on adding this feature since the role of the NSG is exclusively to filter traffic.
-Allegra [MSFT]
-
Allow Multiple network interfaces on all VM sizes
While it is great that Azure now supports multiple network interfaces, this is restricted to standard sizes above large.
Often the requirement for multiple nics is on a machine that is a crossing point between networks, using a standard tier large VM for this type of traffic is serious overkill!
There is a need to have a small, ideally basic tier VM that can have two nics attached.
I realise this may be in the pipeline, since multiple nics are so new to Azure, but it would be very helpful in creating cost effective solutions on Azure if this could…
100 votesMultiple NICs uses up networking resources in the backend, and is not charged separately, hence it is bundled with VM sizes. Multi-NICs will be available only with advertised VM sizes for the foreseeable future.
-
Specify Firewall Exceptions by Host Name Resolution
The current mechanism of specifying firewall exceptions is problematic for those without static IP addresses. Allowing permitted IP addresses to be specified by host name resolution would allow customers to use a dynamic DNS service and eliminate the need to manually update firewall rules when a new address is assigned.
79 votesThank you for the suggestion. Layer 7 functionality is out of scope for NSG at this time. Please take a look at WAF options, including Application Gateway, to see if they can meet your needs. We’re also looking at ways to expose endpoints within the vnet itself.
-
Move Azure Network to Resources Groups or Subscription
Would be great if we can move networks to new Resources Groups or move networks to another subscription. We have 4 subscriptions to organize the costs, but now we can't move the Networks.
64 votes -
Our team has tens of developers who have MSDN account. We'd like to share same VNet which connects to our on-premise network.
Each developer has free-tier Azure usage within their MSDN account, but they can not start virtual machines in the on-premise-connected VNet using the free tier.
To start virtual machines with their account and to access them from on-premise network, It seems that they have to make their own VNet and connect it to the on-premise-connected VNet. It is not convenient.
I believe that If the owner of the on-premise-connected VNet could allow other accounts to create virtual machines within the VNet, lots of developers will be happy for that.
29 votesVirtual Network scope is restricted to a subscription for manageability.
-
Allow Subnet and VNETs to reside in different resource groups
In our design, we are attempting to share a single vnet to be used by each department/tenant. In this model, each tenant gets a small subnet provisioned from the overall vnet address space. Unfortunately, we must create the subnet separately since it is owned by the vnet which belongs to another resource group.
Alternatively, you could allow subnets to have their own resource group similar to nics.
24 votes -
Route table associated to a Virtual Network
It would be great if a route table can be assigned to Virtual Network level and added to the priority sequence like System Routes -> BGP Routes -> UDR at Virtual Network -> UDR at subnet level
This will allow to move all common routes to be placed at virtual network level and then subnet specific to subnet level.
Or allow nesting of UDR where two route tables can be assigned to one subnet which may be a cummulative routes of combined both.
20 votesHello,
We are not planning on supporting UDR at the VNet level as this introduces additional security concerns. You can currently assign a route table to multiple subnets on a VNet to achieve this affect.
-Allegra [MSFT]
-
Decouple vNIC count from VM Size
For people wanting to use Virtual Firewall Appliances, the amount of vNICs a Virtual Server type offers is the key consideration for how many backend subnets one can place behind the firewall.
The existing Azure practice of scaling of a VM type/size to get additional vNICs is therefore problematic for the following reasons.We have to oversize our VM to get the amount of vNICs required. We pay for more CPU and RAM resources than we actually require.
Firewall vendors often license the appliances based on CPU Count. Because we had to oversize our VM, we now have to purchase…
19 votes -
Allow to assign custom routes on the VNET level (instead of only subnets)
We configured a custom gateway on Azure. Unfortunately it's not possible to add routes on a VNET level so these routes get applied to all existing and future subnets automatically.
Basically it would be sufficient to be able to assign UDRs to VNETs.
9 votesHi Thomas,
This is not something we’re currently planning due to security concerns it raises.
- Allegra [MSFT]
-
Create peering to a VNET before the VNET exists
An example:
Terraform script that creates a complete test environment.
As part of that creation, it needs to access to another vnet that acts as a gateway via peering otherwise the deployment will fail.
The peering from the remote vnet can't be configured until the new vnet exists.That means either breaking the Terraform script into multiple parts, watching the deployment and adding the peering once the new vnet exists or giving the script the ability to create the remote peering which breaks the permissions model.
The ability to create a peering to a VNET before it is created in…
4 votesHi Gary,
VNet Peering is a property of the VNet. It cannot exist until the VNet exists.
Apologies for the inconvenience as we are not planning to change this design.
-Anavi N [MSFT]
-
New Small size template with multiple NICs
It is not allowed to have more than 2 NIC for small size VM. Create new VM template group with NICs as central resource or add Small size templates to existing groups with more NICs.
3 votes -
Allow multiple routes with weighting for the same address prefix
I'd like to be able to add the same address prefix multiple times in a route table with weighting differing next hops for DR reasons.
3 votesThanks for sharing your feedback
For Highly Available configuration, we recommnend using Standard Load Balancer with HA ports configuration.
UDR with same prefix would require an orchestration to swich the preference in order to change the routing behavior, this might give you un-expected downtimes.
-
Add & Support Multicast in VNET
We have a need for VNET to support Multicast for various applications (IaaS)
2 votes -
After I configured a Point-to-Site connection to a VNet using native Azure certificate authentication. I can't ping from Client to Azure VM.
After I configured a Point-to-Site connection to a VNet using native Azure certificate authentication. I can't ping from Client to Azure VM.
Help me!1 voteIn order to provide assistance, we need additional information. Please open a support ticket through the Azure Support Portal.
Regards,
Ali Zaman -
enable secondary private ip access internet
programs using second ip cannot access internet
please allow second ip have same nat rule like primary ip1 voteWe will not be adding this functionality for secondary private IPs. To have internet connectivity, we reccomend adding a public IP address or using a Load balancer: https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-multiple-ip-addresses-powershell#add
-
Allow Virtual Machines from different subscriptions to belong to the same Virtual Network
We have multiple subscriptions for development and testing and it would be useful if we could have Virtual Machines from those different subscriptions attached to the same Virtual Network.
1 voteWe will soon have ways to inter connect different VNets on the same subscription, but subscription remains to be the trust boundary for a customer, hence Vnets will have to stay within subscription scope, at least in the near term.
-
Azure VM NIC in Promiscuous Mode
Some of the legacy system virtualization software require VM NICs to be configured in "Promiscuous Mode" to operate correctly.
https://stromasys.atlassian.net/wiki/display/DocCHAXPv47W/Networking
This feature would help us run those platforms on Azure. Can Azure VMs enable this feature? There is very little documentation on this aspect - Is promiscuous mode available and supported?
1 vote
- Don't see your idea?