Thoughts from the clouds
Yesterday I got an interesting question. How does subnet peering interact with ExpressRoute? A quick look into the official docs for Subnet peering checks and limitations didn’t give any answers, and Copilot wasn’t very helpful either: So let’s dive in! What was subnet peering again? I wrote a blog post some time ago here, feel … Continue reading Subnet peering and ExpressRoute
Azure Virtual WAN is one of the networking options offered by Azure, and routing inside of Virtual WAN has become a sort of dark art with the many supported options. Some years ago Routing Intent (also known as Routing Policies) was introduced to simplify routing, but at times you need to go back to the … Continue reading Virtual WAN static routes redistribution
This post will explore the new support in Azure Application Gateway for Containers (AGC) for Web Application Firewall (WAF) as documented in https://aka.ms/agc/waf. This blog is part of a series: Before we start, kudos need to go to the great Christof Claessens, author of this extremely useful Azure Monitor Workbook to triage WAF logs. Is WAF a big … Continue reading Application Gateway for Containers: Web Application Firewall support (5)
In my recent blog series Private Link reality bites I briefly mentioned the possibility of inspecting Service Endpoints with Azure Firewall, and many have asked for more details on that configuration. Here we go! First things first: what the heck am I talking about? Most Azure services such as Azure Storage, Azure SQL and many … Continue reading Azure Firewall and Service Endpoints
Right when VNet Flow Logs were launched I blogged about some recipes that help to extract insights out of the different information fields contained in the Flow Logs. After working with VNet Flow Logs and Traffic Analytics for a while now, I thought I could share some additional tips and tricks, this time focusing on … Continue reading VNet Flow Logs Recipes (part 2): fine-tune your security rules
This post will explore the new support in Azure Application Gateway for Containers (AGC) for the overlay network option in Azure Kubernetes Service (AKS) as documented in https://aka.ms/agc/overlay, as well as whether you can see traffic between AGC and AKS with VNet Flow Logs. This blog is part of a series: What am I talking … Continue reading Application Gateway for Containers: a not-so-gentle intro (4)
I would like to credit for this blog post to Abhishek Sharma, talking to him gave me the main inspiration for some of the concepts you are going to see below. Heartfelt thanks go as well to Niti Gupta, a kickass Microsoft engineer who can make Azure Monitor Workbooks really dance and who gave me … Continue reading Grafana and VNet Flow Logs
Azure Kubernetes Fleet Manager is a very interesting solution that allows you to deploy code to multiple clusters at the same time. I am not going to stir up the debate here of whether this approach is better or worse than GitOps or CD pipeline parametrization, but instead I am going to look in detail … Continue reading Azure Fleet load balancing: not what you think
This post will take you one step further from the hello-world configuration that I described in the first post by adding TLS end-to-end, a scenario described in the public docs here. This blog is part of a series: TL;DR If you don’t have much time the diagram below, which is an extended version of the … Continue reading Application Gateway for Containers: a not-so-gentle intro (3)
I haven’t had a look at the Azure Application Gateway for Containers for a while now, and after I was recently asked about it I decided to go for another dive. I believe I found a couple of interesting things that would be worthy to share, so here we go. This blog post is part … Continue reading Application Gateway for Containers: a not-so-gentle intro (1)
Cloudtrooper 