Thoughts from the clouds
Virtually every expert out there recommends following an Infrastructure-as-Code approach to manage Azure Networks, and even more so when dealing with traffic segmentation features such as firewall rulesets and network security groups (those tend to change more frequently than other resources). And yet, there is surprisingly little guidance on how to do so, and about … Continue reading Deploy (Azure) Network-as-Code as a champ
Today I was looking at IPvlan on a docker container in Azure along a colleague, and we found that there are plenty of documentation and blogs out there that might be confusing when running this setup on Azure. What is this IPvlan thing, I hear you ask? Docker has a good explanation here, but let … Continue reading IPvlan with Docker in Azure
Wow, that was a long title. Let me give you another one: if you haven’t tested your High Availability (HA) or Disaster Recovery (DR) plans, you shouldn’t rely on them. This is of course regardless of whether your infrastructure runs on your premises, on public cloud, or anywhere else. In this post I am going … Continue reading You want to use AS-path as your virtual hub routing preference
Update: as Srinivas describes in the comments, ingesting Flow Logs with Azure Data Explorer may lead to duplicate records. In every network you want to know what traffic is using it. Networking devices offer multiple options to report on traffic, such as Netflow, sFlow or IPFIX. However, these options are often not available in public … Continue reading Getting visibility into your Azure Traffic with NSG Flow Logs
This one is going to be about a setup I recently tested with a customer: an Azure Data Factory pipeline needs to send email notifications via Azure Logic Apps, and it needs to do so by securing the network between the Integration Runtime and the Logic App that sends the email. The challenge here is … Continue reading Calling Logic Apps from Data Factory securely
Would you like a compliance report for Azure best practices on your Azure resources, like the following screenshot shows (in this case for Azure Kubernetes Service)? If so, keep reading! Where is this coming from? You might have read some previous posts where I describe the work that the FastTrack for Azure team (where I … Continue reading Are you following Azure best practices? Sure?
If you have ever used Azure, you probably have used one of these Virtual Network Gateways too: whether it is to connect your branches and headquarters with Azure via IPsec VPN or ExpressRoute, or to provide connectivity to your mobile workers or external partners through Point-to-Site VPNs. In this post I will go deep on … Continue reading Virtual Network Gateways routing in Azure
I often get asked about the differences between Azure Networking and a traditional, on-premises network. I have been hit with a flu the last few days, so I had some time to think about this, and I decided to start writing whatever thoughts were not actually the result of the fever. In this post I … Continue reading Azure Networking is not like your on-prem network
If you are reading my blog you probably know what Virtual WAN and Azure Kubernetes Service are. You probably know as well that you can configure AKS so that egress traffic is sent through an Azure Firewall by using Azure routing as described in the article Control Egress Traffic in AKS. That article explains how … Continue reading Filtering AKS egress traffic with Virtual WAN
NOTE: custom routing and some of the features described in this article, such as manipulating propagation labels, are not supported if using Virtual WAN Routing Intent, a functionality required for cross-region communication over multiple secured hubs. Some organizations use Virtual Routing and Forwarding (VRF) tables in their networks to segment traffic at the routing level. … Continue reading VRFs and Virtual WAN
Cloudtrooper 