CLI-based analysis of an ExpressRoute private peering

Quite frequently I see Azure connectivity diagrams that do not reflect accurately the topology of Azure Virtual Networks connnected to on-premises data centers via ExpressRoute. Additionally, I got the question last week of how to do some basic BGP troubleshooting in the involved networking devices in a way which is understandable by network administrators (read … Continue reading CLI-based analysis of an ExpressRoute private peering

VNet peering settings, those familiar strangers

Hey everybody! In this post I would like to talk about some of the settings that you can configure in VNet Peerings, and how those actually work. Even if you have been using VNet peerings for years now, I bet I have some surprises for you. TL;DR: Do not rely in the VirtualNetwork service tag … Continue reading VNet peering settings, those familiar strangers

Sending Internet Traffic from P2S Clients Through an NVA

Azure can be used to offer Point-To-Site (P2S) connectivity for individual users, that by leveraging a VPN client on their systems (Windows, Linux or Mac) can get connectivity to Azure resources. This P2S connectivity is often limited to Azure resources, but by leveraging the Azure Route Server, additional access is offered. For example, if an … Continue reading Sending Internet Traffic from P2S Clients Through an NVA

Azure Route Server and NVAs running on Scale Sets

There are a couple of ways in which you can deploy NVAs in Azure, from a redundancy perspective: 1+1 (active/passive): least scalable solution, your maximum throughput will be equivalent of the one of the active NVA, while you normally have to pay for 2 VMs and 2 NVA licenses 1+1 (active/active): 2 NVAs forwarding traffic … Continue reading Azure Route Server and NVAs running on Scale Sets

Mounting Azure Files shares from OpenShift

Azure Files is a very convenient storage option when you need persistent state in Azure Kubernetes Service or Azure Red Hat OpenShift. It is cheap, it doesn’t count against the maximum number of disks that can be attached to each worker node, and it supports many pods mounting the same share at the same time. … Continue reading Mounting Azure Files shares from OpenShift

Using Trident to Automate Azure NetApp Files from OpenShift

Some time ago I wrote this post about different storage options in Azure Red Hat OpenShift. One of the options discussed was using Azure NetApp Files for persistent storage of your pods. As discussed in that post, Azure NetApp Files has some advantages: ReadWriteMany support Does not count against the limit of Azure Disks per … Continue reading Using Trident to Automate Azure NetApp Files from OpenShift

Cisco ACI and Microsoft Azure

Sometimes you meet an old friend you haven’t seen for many years, and although both of you might have evolved differently during that time, most often than not you find the common ground and the reasons why you loved each other. Before I get any more sentimental, that is a bit of what I have … Continue reading Cisco ACI and Microsoft Azure

Azure Traffic Analytics and Breach Detection

Azure Traffic Analytics and NSG flow logs are one of Azure’s best kept secrets. In short, you can log every single network flow going through your Network Security Groups (NSGs), including the number of packets and its ingress/egress bandwidth. Traffic Analytics already makes a great job at showing interesting stuff: the scenarios documented in the … Continue reading Azure Traffic Analytics and Breach Detection

Deploying ExpressRoute with Megaport in 1 hour

I have heard some organizations complaining that deploying a fully functional ExpressRoute circuit takes too long: days, or even weeks. Does this always have to be like that? I recently got access to Megaport‘s service portal: Megaport is one of Azure ExpressRoute providers, and they can provision virtual routers dynamically and connect them to Azure … Continue reading Deploying ExpressRoute with Megaport in 1 hour

Listen to the Whispers of BGP

An old Cherokee proverb says: “Listen to the whispers and you won’t have to hear the screams”. Routing problems are hard: Hard to uncover, because sometimes they will not become apparent until something happens. For example, when your backup routes disappear, and you only notice when the primary routes are gone too. And hard in … Continue reading Listen to the Whispers of BGP