Listen to the Whispers of BGP

An old Cherokee proverb says: “Listen to the whispers and you won’t have to hear the screams”. Routing problems are hard: Hard to uncover, because sometimes they will not become apparent until something happens. For example, when your backup routes disappear, and you only notice when the primary routes are gone too. And hard in … Continue reading Listen to the Whispers of BGP

Using Route Server to firewall onprem traffic with an NVA

In a previous blog we had a setup with a Network Virtual Appliance (NVA) for Internet egress and hybrid connectivity based on Azure Virtual Network Gateways. There is another fairly typical use case with regards to traffic between on-premises an Azure: firewalling it with an NVA: In some situations customers will combine the role of … Continue reading Using Route Server to firewall onprem traffic with an NVA

Azure as Internet breakout from on-premises with Route Server

This is not a topology I would define as “best practice”, or one that I see in every Azure deployment out there, but I would certainly not describe it as exotic either. In this design, organizations want to leverage Azure as Internet breakout for their on-premises systems. Potentially because they do not have a good … Continue reading Azure as Internet breakout from on-premises with Route Server

New Azure Sample: ACI in VNet with Init and Sidecar Containers

Hey there! I have recently published a new Azure Sample: ACI in VNet with Sidecar Containers. It has generated a bit of controversy (there is a reason why I picked such a crowded image for the post title), so let me add some color to it. But let me give you the TL;DR first: the … Continue reading New Azure Sample: ACI in VNet with Init and Sidecar Containers

Connecting your NVAs to ExpressRoute with Azure Route Server

In a previous blog post I have described the features of the new Azure Route Server I am most excited about, as well as a possible setup to create a hub and spoke design with firewall NVAs (Network Virtual Appliance) across multiple regions here. In this one I will focus on how to integrate the … Continue reading Connecting your NVAs to ExpressRoute with Azure Route Server

Route Server Multi-Region Design

In my previous blog I wrote my view on the characteristics of the new Azure Route Server that I am most excited about. In this one I would like to give you a glimpse of how it works with a design that I see in many organizations: a multi-region setup, with Network Virtual Appliances acting … Continue reading Route Server Multi-Region Design

Azure Route Server: super powers for your Network Virtual Appliance

Amongst the many Ignite announcements this year, my favourite is the new Azure Route Server, in public preview now, since it has the potential to dramatically change how networks are built in Azure. If you are thinking “here he comes with his BGP thing again”… You are right! Let me explain: In public cloud there … Continue reading Azure Route Server: super powers for your Network Virtual Appliance

Using Azure Container Instances to create Let’s Encrypt Certificates

You might have been confronted with the challenge that certificate management sometimes presents. Your website should be secure, but digital certificates can be expensive. Not only in terms of money, but they bring along a certain complexity too. Luckily there are two technologies that can help you to overcome both challenges: Let’s Encrypt is a non-profit … Continue reading Using Azure Container Instances to create Let’s Encrypt Certificates

Virtual WAN: secure hubs in multiple regions

You probably know Azure Virtual WAN, an Azure technology that abstracts hybrid networking by providing Microsoft-managed Virtual Hubs that use the Microsoft backbone to talk to each other. And you might know as well that those hubs can become Secured Virtual Hubs, including firewalling functionality powered by Azure Firewall. Virtual WAN secure hubs are great, … Continue reading Virtual WAN: secure hubs in multiple regions