Thoughts from the clouds
This probably one of the least enticing blog post titles I have ever had. I will try to explain in a few paragraphs what this is going to be about, so that you can decide whether reading further or carrying on with your life. Reliability is one of the most important non-functional requirements for any … Continue reading Private global load balancing in Azure with anycast (no BGP)
Some weeks ago, Microsoft released documentation about the Virtual Network Routing Appliance (VNRA) without a lot of context, what generated a healthy confusion in the Azure Networking practitioner community. In the Azure updates page, the following was written: Azure Virtual Network routing appliance offers private connectivity for workloads across virtual networks. Using specialized hardware, it … Continue reading What is the Azure Virtual Network Routing Appliance?
Azure Networking is already a complex enough topic, and if you add to the mix the moving parts of data analytics services the results are always interesting, to say the least. On top of that, documentation is not always created to explain in detail what is actually happening or why, adding insult to injury. Consequently, … Continue reading Connecting Microsoft Fabric to on-premises databases with Private Link
If you have been reading some of my blog posts, you probably know that I have been working on Azure networking for a while. Part of that work has consisted of helping customers to create network architectures based on their requirements. Last week I got a similar ask from a colleague for a large-scale hub-and-spoke … Continue reading Which Azure network design is cheaper?
Yesterday I got an interesting question. How does subnet peering interact with ExpressRoute? A quick look into the official docs for Subnet peering checks and limitations didn’t give any answers, and Copilot wasn’t very helpful either: So let’s dive in! What was subnet peering again? I wrote a blog post some time ago here, feel … Continue reading Subnet peering and ExpressRoute
This post will explore the functionality in Azure Application Gateway for Containers (AGC) to integrate with an Istio service mesh in Kubernetes. This blog is part of a series: If you are here, you probably know what Application Gateway for Containers (AGC) is, if not, please refer to the previous posts in this series. You might not … Continue reading Application Gateway for Containers: Istio integration (6)
Azure Virtual WAN is one of the networking options offered by Azure, and routing inside of Virtual WAN has become a sort of dark art with the many supported options. Some years ago Routing Intent (also known as Routing Policies) was introduced to simplify routing, but at times you need to go back to the … Continue reading Virtual WAN static routes redistribution
This post will explore the new support in Azure Application Gateway for Containers (AGC) for Web Application Firewall (WAF) as documented in https://aka.ms/agc/waf. This blog is part of a series: Before we start, kudos need to go to the great Christof Claessens, author of this extremely useful Azure Monitor Workbook to triage WAF logs. Is WAF a big … Continue reading Application Gateway for Containers: Web Application Firewall support (5)
After a good while without posting anything, I finally decided to slowly recommence again. This first post is about a little BGP trick that may help you increase the scale of Azure Route Server. Typically the maximum number of 8 BGP peers should be enough for most designs, but if you happen to need to … Continue reading Going beyond 8 peers in Azure Route Server
In my recent blog series Private Link reality bites I briefly mentioned the possibility of inspecting Service Endpoints with Azure Firewall, and many have asked for more details on that configuration. Here we go! First things first: what the heck am I talking about? Most Azure services such as Azure Storage, Azure SQL and many … Continue reading Azure Firewall and Service Endpoints
Cloudtrooper 