Do not let ExpressRoute, VPN and SDWAN traffic bypass your firewall

by erjosito

I have recently expanded my SDWAN in hub-and-spoke networks design guide to include SDWAN-to-firewall routing. Initially I didn’t have this point, but recent conversations have made me realize that not everybody understand this. The main difficulty in this topic is related to the fact that you cannot inspect the effective routes of your Virtual Network … Continue reading Do not let ExpressRoute, VPN and SDWAN traffic bypass your firewall

Azure network monitoring with synthetic traffic

by erjosito

Wow, that was a mouthful. But it describes what I would like to discuss in this post. Networks are at the basis of every IT infrastructure, so when they don’t work, everybody notices (and when they do work, nobody notices). Hence, monitoring computer networks to detect and fix problems as quickly as possible is a … Continue reading Azure network monitoring with synthetic traffic

Taxonomy of Azure PaaS service access

by erjosito

Azure PaaS service networking is quite a complex landscape to navigate. Documentation in Azure about this topic is located in different areas (under Networking and each specific PaaS service), and sometimes using inconsistent terminology. My goal in this blog post is setting a classification of PaaS services that can be used to navigate this complexity. … Continue reading Taxonomy of Azure PaaS service access

Designing your SDWAN and Firewall into Azure Hub and Spoke

by erjosito

Designing network connectivity in public cloud can very quickly become a daunting task. Of course, public cloud providers do offer native networking services, and with those it is fairly easy. This should always be your primary route (pun intended). For example, in the case of Azure, using Virtual WAN and its native integration with both … Continue reading Designing your SDWAN and Firewall into Azure Hub and Spoke

Get certificates with Azure Key Vault extension to your Linux VMs

by erjosito

Certificate management is one of those IT disciplines that is nobody’s dream, and still it can have quite a dramatic (negative) impact in your web presence if not done properly, such as users being told by the browser that your site is not secure. Azure has a nice little tool to manage certificates and bring … Continue reading Get certificates with Azure Key Vault extension to your Linux VMs

DRY Terraform code for Private Link and DNS

by erjosito

After last week’s almost-philosophical post on network complexity, let’s move on to more mundane tasks. Today I will focus on how to write efficient Terraform code to connect private endpoints and DNS, without having to copy/paste literally hundreds of lines. First things first: what the heck am I talking about? Private endpoints are a way … Continue reading DRY Terraform code for Private Link and DNS

Is Computer Networking too complex?

by erjosito

This question has been bothering me for quite some time now. Other technology areas constantly look to reduce complexity: take for example one of the most difficult fields out there, data science. Some years ago you needed a degree to even start with it, and now you can build and deploy models while sipping your … Continue reading Is Computer Networking too complex?

Monitoring Azure Networks with Alerts

by erjosito

Monitoring is one of those underrated disciplines: everybody tells you to do it, but nobody tells you exactly how. As a consequence, there are many different approaches and few concrete recommendations. Before continuing, a word of caution: I am not going to cover introductory topics in this post. If you are not familiar with Virtual … Continue reading Monitoring Azure Networks with Alerts

Cilium Network Policy in AKS

by erjosito

If you are following the Azure Kubernetes Service space, I am sure you noticed that Azure CNI powered by Cilium is Generally Available. But is this a big thing? What does it mean for you? Well, yes, it is big indeed. It is like changing the wheels of your car to new ones: Cilium is … Continue reading Cilium Network Policy in AKS