Azure Networking is not like your on-onprem network

I often get asked about the differences between Azure Networking and a traditional, on-premises network. I have been hit with a flu the last few days, so I had some time to think about this, and I decided to start writing whatever thoughts were not actually the result of the fever. In this post I … Continue reading Azure Networking is not like your on-onprem network

Filtering AKS egress traffic with Virtual WAN

If you are reading my blog you probably know what Virtual WAN and Azure Kubernetes Service are. You probably know as well that you can configure AKS so that egress traffic is sent through an Azure Firewall by using Azure routing as described in the article Control Egress Traffic in AKS. That article explains how … Continue reading Filtering AKS egress traffic with Virtual WAN

VRFs and Virtual WAN

Some organizations use Virtual Routing and Forwarding (VRF) tables in their networks to segment traffic at the routing level. Transporting that concept to Azure can be challenging, since virtualizing an Azure network is not easy. If you think about it, your Azure network is already its own VRF in a way, it is a slice … Continue reading VRFs and Virtual WAN

Azure Hub And Spoke 2.0

I have recently had a couple of recent conversations that have made me reconsider the way we traditionally implement the hub and spoke Virtual Network design in Azure, which has some limitations. The idea is to introduce a relatively simple but powerful modification to the design that achieves these objectives: TL,DR: The main modification introduced … Continue reading Azure Hub And Spoke 2.0

Overlapping IP addresses in a hub-and-spoke network (feat. AVNM & ARS)

I have had some questions around a common theme asked by some large Azure customers. These refrains might sound familiar to you: “I have run out of IPv4 addresses“, “My network team can only allocate so many IPs for Azure“, “How can I reuse IP space in Azure?“. If they do, I have a hack … Continue reading Overlapping IP addresses in a hub-and-spoke network (feat. AVNM & ARS)

Combining Azure Firewall and Flow Log analysis

As you might already know, there are a couple of ways of filtering traffic in Azure Virtual Networks: Network Security Groups (NSGs) and Azure Firewall. NSGs offer unlimited performance for Layer 4 filtering, while Azure Firewall is more powerful with features like deep packet inspection or application-level intelligence. However, even if these solutions follow a … Continue reading Combining Azure Firewall and Flow Log analysis

Azure Bastion routing in Virtual WAN

As you might know, Azure Bastion enables management connectivity to virtual machines without having to assign them public IP addresses, and without having to maintain jump hosts in your Virtual Network. Up to recently, the virtual machines needed to be immediately peered to the VNet where Azure Bastion was deployed, but with IP-based connections Azure … Continue reading Azure Bastion routing in Virtual WAN

Azure Virtual WAN Hub Routing Preference

You probably know Azure Virtual WAN: it is an Azure service that provides any-to-any connectivity across regions out of the box, or a “global transit network architecture”, as they describe here: Essentially Virtual WAN is a set of Microsoft-managed virtual hubs peered to each other, where you would connect your VNets and/or branches (ExpressRoute, Site-to-Site … Continue reading Azure Virtual WAN Hub Routing Preference

Azure Firewall’s sidekick to join the BGP superheroes

Azure Firewall is a fantastic product: oversimplifying, an architecture that scales out great, provides traffic forwarding and security in Azure, and is very easy to integrate in a network. Some times you need to manipulate the default routing of Azure VNets, and Azure Route Server offers an invaluable tool for that. However, Azure Route Server … Continue reading Azure Firewall’s sidekick to join the BGP superheroes

Where do I put my SDWAN?

You might have come across a post from my good friend Adam on SDWAN Design options in Azure, where he details seven design alternatives when incorporating SDWAN to an Azure network. While I was reading Adam’s great summary, I was wondering whether I could summarize his design options and recommendations using the 3-tier cloud netowrk … Continue reading Where do I put my SDWAN?