Thoughts from the clouds
Azure Virtual WAN is one of the networking options offered by Azure, and routing inside of Virtual WAN has become a sort of dark art with the many supported options. Some years ago Routing Intent (also known as Routing Policies) was introduced to simplify routing, but at times you need to go back to the … Continue reading Virtual WAN static routes redistribution
This post will explore the new support in Azure Application Gateway for Containers (AGC) for Web Application Firewall (WAF) as documented in https://aka.ms/agc/waf. This blog is part of a series: Before we start, kudos need to go to the great Christof Claessens, author of this extremely useful Azure Monitor Workbook to triage WAF logs. Is WAF a big … Continue reading Application Gateway for Containers: Web Application Firewall support (5)
After a good while without posting anything, I finally decided to slowly recommence again. This first post is about a little BGP trick that may help you increase the scale of Azure Route Server. Typically the maximum number of 8 BGP peers should be enough for most designs, but if you happen to need to … Continue reading Going beyond 8 peers in Azure Route Server
In my recent blog series Private Link reality bites I briefly mentioned the possibility of inspecting Service Endpoints with Azure Firewall, and many have asked for more details on that configuration. Here we go! First things first: what the heck am I talking about? Most Azure services such as Azure Storage, Azure SQL and many … Continue reading Azure Firewall and Service Endpoints
Right when VNet Flow Logs were launched I blogged about some recipes that help to extract insights out of the different information fields contained in the Flow Logs. After working with VNet Flow Logs and Traffic Analytics for a while now, I thought I could share some additional tips and tricks, this time focusing on … Continue reading VNet Flow Logs Recipes (part 2): fine-tune your security rules
I would like to credit for this blog post to Abhishek Sharma, talking to him gave me the main inspiration for some of the concepts you are going to see below. Heartfelt thanks go as well to Niti Gupta, a kickass Microsoft engineer who can make Azure Monitor Workbooks really dance and who gave me … Continue reading Grafana and VNet Flow Logs
This post will take you one step further from the hello-world configuration that I described in the first post by adding TLS end-to-end, a scenario described in the public docs here. This blog is part of a series: TL;DR If you don’t have much time the diagram below, which is an extended version of the … Continue reading Application Gateway for Containers: a not-so-gentle intro (3)
Welcome to the sixth post in the Private Link Reality Bites series! Before we begin, let me recap the existing episodes of the series: This question is as old as Private Link itself. Countless blog posts have already been written about it, not to mention this brief answer in the Private Link FAQ. Still, there are some … Continue reading Private Link reality bites – service endpoints vs private link
Welcome to the fourth post in the Private Link Reality Bites series! Before we begin, let me recap the existing episodes of the series: After the last post on Network Address Translation (NAT) for private endpoints, in this one we are going to dive into how to do the same with Azure Firewall proxy technology: … Continue reading Private Link reality bites: Azure Firewall app rules
Welcome to the third post in the Private Link Reality Bites series! Before we begin, let me recap the existing episodes of the series: Big shoutout here to my esteemed colleague and oracle for Azure Networking Daniel Mauser. If you don’t know his GitHub site, make sure you check it out! Thanks as well to … Continue reading Private Link reality bites: what’s my source IP?
Cloudtrooper 