Thoughts from the clouds
An old Cherokee proverb says: “Listen to the whispers and you won’t have to hear the screams”. Routing problems are hard: Hard to uncover, because sometimes they will not become apparent until something happens. For example, when your backup routes disappear, and you only notice when the primary routes are gone too. And hard in … Continue reading Listen to the Whispers of BGP
In a previous blog we had a setup with a Network Virtual Appliance (NVA) for Internet egress and hybrid connectivity based on Azure Virtual Network Gateways. There is another fairly typical use case with regards to traffic between on-premises an Azure: firewalling it with an NVA: In some situations customers will combine the role of … Continue reading Using Route Server to firewall onprem traffic with an NVA
This is not a topology I would define as “best practice”, or one that I see in every Azure deployment out there, but I would certainly not describe it as exotic either. In this design, organizations want to leverage Azure as Internet breakout for their on-premises systems. Potentially because they do not have a good … Continue reading Azure as Internet breakout from on-premises with Route Server
Hey there! I have recently published a new Azure Sample: ACI in VNet with Sidecar Containers. It has generated a bit of controversy (there is a reason why I picked such a crowded image for the post title), so let me add some color to it. But let me give you the TL;DR first: the … Continue reading New Azure Sample: ACI in VNet with Init and Sidecar Containers
You probably know Azure Virtual WAN, an Azure technology that abstracts hybrid networking by providing Microsoft-managed Virtual Hubs that use the Microsoft backbone to talk to each other. And you might know as well that those hubs can become Secured Virtual Hubs, including firewalling functionality powered by Azure Firewall. Virtual WAN secure hubs are great, … Continue reading Virtual WAN: secure hubs in multiple regions
Hey there! As you might have read, some time ago I wrote a pretty detailed “A day in the life of a packet” post series on how networking works in detail in Azure RedHat Openshift (ARO). Some of the feedback around those blog posts was that they are far too technical, and hard to read … Continue reading Azure RedHat Openshift and Hybrid Networking
In this part of this blog series we will have a look at how Azure Redhat Openshift works with Azure Private Link, as well as how DNS resolutions works including DNS forwarding to resolve on-premises private zones. You can find the other parts of the blog series here: Part 1: Intro and SDN Plugin Part … Continue reading A day in the life of a Packet in Azure Redhat Openshift (part 4)
This is part 3 of a blog series around networking in Azure Redhat Openshift, and we will see how pods talk to each other inside of the cluster and to other systems in the virtual Network or on-premises. Other posts in the series: Part 1: Intro and SDN Plugin Part 2: Internet and Intra-cluster Communication … Continue reading A day in the life of a packet in Azure Redhat Openshift (part 3)
In this part 2 of my blog series around ARO networking we will have a look and how inbound and outbound Internet connectivity works, as well as connectivity between different pods in the cluster. Other posts in the series: Part 1: Intro and SDN Plugin Part 2: Internet and Intra-cluster Communication Part 3: Inter-Project and … Continue reading A day in the life of a packet in Azure Redhat Openshift (part 2)
I have been wanting to look into this for a while now, and I finally found a good excuse to do it. You might have read my series of posts on AKS networking, the goal of this is doing something similar with Azure Redhat Openshift (ARO). This is part 1 of a blog series around … Continue reading A day in the life of a packet in Azure Redhat Openshift (part 1)
Cloudtrooper 