Thoughts from the clouds
Wow, that was a long title. Let me give you another one: if you haven’t tested your High Availability (HA) or Disaster Recovery (DR) plans, you shouldn’t rely on them. This is of course regardless of whether your infrastructure runs on your premises, on public cloud, or anywhere else. In this post I am going … Continue reading You want to use AS-path as your virtual hub routing preference
If you have ever used Azure, you probably have used one of these Virtual Network Gateways too: whether it is to connect your branches and headquarters with Azure via IPsec VPN or ExpressRoute, or to provide connectivity to your mobile workers or external partners through Point-to-Site VPNs. In this post I will go deep on … Continue reading Virtual Network Gateways routing in Azure
I have had some questions around a common theme asked by some large Azure customers. These refrains might sound familiar to you: “I have run out of IPv4 addresses“, “My network team can only allocate so many IPs for Azure“, “How can I reuse IP space in Azure?“. If they do, I have a hack … Continue reading Overlapping IP addresses in a hub-and-spoke network (feat. AVNM & ARS)
You probably know Azure Virtual WAN: it is an Azure service that provides any-to-any connectivity across regions out of the box, or a “global transit network architecture”, as they describe here: Essentially Virtual WAN is a set of Microsoft-managed virtual hubs peered to each other, where you would connect your VNets and/or branches (ExpressRoute, Site-to-Site … Continue reading Azure Virtual WAN Hub Routing Preference
One of the most common and yet complex networking designs in Azure is interconnecting Azure IaaS workloads deployed in a Virtual Network, vSphere virtual machines in an Azure VMware Solution private cloud, and on-premises networks. My esteemed colleague Robin Heringa kindly gave me access to an AVS cluster, so armed with the fantastic possibilities that … Continue reading Azure VMware Solution networking voodoo
After some questions in my previous blog post CLI-based analysis of an ExpressRoute private peering I decided to write an addition that includes what Expressroute Global Reach looks like for the CLI lover. In essence, Global Reach allows to use Microsoft’s backbone network for onprem-to-onprem communication. But how does it do it exactly? I have … Continue reading ExpressRoute Global Reach under the covers
Some time ago I posted a blog commenting on a possible design for interconnecting multiple Azure regions by means of Network Virtual Appliances (NVAs) and the Azure Route Server (ARS), where I used an overlay tunnel between the NVAs with VXLAN as encap protocol. I have received multiple questions to whether it would be possible … Continue reading Multi-region design with Azure Route Server without an overlay
Quite frequently I see Azure connectivity diagrams that do not reflect accurately the topology of Azure Virtual Networks connnected to on-premises data centers via ExpressRoute. Additionally, I got the question last week of how to do some basic BGP troubleshooting in the involved networking devices in a way which is understandable by network administrators (read … Continue reading CLI-based analysis of an ExpressRoute private peering
I have heard some organizations complaining that deploying a fully functional ExpressRoute circuit takes too long: days, or even weeks. Does this always have to be like that? I recently got access to Megaport‘s service portal: Megaport is one of Azure ExpressRoute providers, and they can provision virtual routers dynamically and connect them to Azure … Continue reading Deploying ExpressRoute with Megaport in 1 hour
An old Cherokee proverb says: “Listen to the whispers and you won’t have to hear the screams”. Routing problems are hard: Hard to uncover, because sometimes they will not become apparent until something happens. For example, when your backup routes disappear, and you only notice when the primary routes are gone too. And hard in … Continue reading Listen to the Whispers of BGP
Cloudtrooper 