IPvlan with Docker in Azure

Today I was looking at IPvlan on a docker container in Azure along a colleague, and we found that there are plenty of documentation and blogs out there that might be confusing when running this setup on Azure. What is this IPvlan thing, I hear you ask? Docker has a good explanation here, but let … Continue reading IPvlan with Docker in Azure

Azure Networking is not like your on-onprem network

I often get asked about the differences between Azure Networking and a traditional, on-premises network. I have been hit with a flu the last few days, so I had some time to think about this, and I decided to start writing whatever thoughts were not actually the result of the fever. In this post I … Continue reading Azure Networking is not like your on-onprem network

Workload identity on AKS with Python: boring

I finally decided to carve out an afternoon to test workload identity on AKS. I had done some preliminary reading, and my conclusion was that there had to be some voodoo magic and quantum entanglement at play there to make it work, so I braced myself for failure. The goal of the exercise was clear: … Continue reading Workload identity on AKS with Python: boring

Azure DNS Private Resolver without VNet Peerings

As you might already know, Azure DNS Private Resolver is an Azure service that support DNS forwarding between Azure and on-premises DNS servers. It is very useful to provide Azure DNS resolution to on-premises clients (for example to access private endpoints), or to provide on-premises DNS resolution to Azure clients (to access on-prem resources). Last … Continue reading Azure DNS Private Resolver without VNet Peerings

Pimp your serial console with tmux

I have a short one for today, which I just found out with a colleague when troubleshooting Kubernetes: we only had connectivity to a VM over the console, but we needed to execute two commands at the same time: generate some traffic on one side, and have some tcpdump running on the other. First of … Continue reading Pimp your serial console with tmux

Azure Route Server: to encap or not to encap, that is the question

Azure Route Server is a very powerful tool that thas been recently brought to the Azure Networking toolset: it offers a BGP API so that virtual machines can communicate with a VNet to learn and advertise routes. I have written some articles about Route Server in the past on how to achieve certain scenarios, but … Continue reading Azure Route Server: to encap or not to encap, that is the question

“You are doing your design reviews wrong”

I have the privilege of working in a team in Microsoft with very talented individuals, where we help Microsoft customers to overcome technical challenges with their Azure deployments. One of the most common engagements that we do for organizations using Azure is helping them to verify that their Azure designs fulfill their functional and non-functional … Continue reading “You are doing your design reviews wrong”

Test like a champ with Azure Connection Monitor

If you work in Azure, you probably know about Connection Monitor, a tool that generates synthetic traffic to test connectivity and measure response times. You configure sources (Virtual Machines) to generate traffic that can be addressed to destinations such as other Virtual Machines or any external endpoint outside of Azure. Alerts can be automatically generated … Continue reading Test like a champ with Azure Connection Monitor

Cisco ACI and Microsoft Azure

Sometimes you meet an old friend you haven’t seen for many years, and although both of you might have evolved differently during that time, most often than not you find the common ground and the reasons why you loved each other. Before I get any more sentimental, that is a bit of what I have … Continue reading Cisco ACI and Microsoft Azure