Thoughts from the clouds
Yesterday I got an interesting question. How does subnet peering interact with ExpressRoute? A quick look into the official docs for Subnet peering checks and limitations didn’t give any answers, and Copilot wasn’t very helpful either: So let’s dive in! What was subnet peering again? I wrote a blog post some time ago here, feel … Continue reading Subnet peering and ExpressRoute
Azure Virtual WAN is one of the networking options offered by Azure, and routing inside of Virtual WAN has become a sort of dark art with the many supported options. Some years ago Routing Intent (also known as Routing Policies) was introduced to simplify routing, but at times you need to go back to the … Continue reading Virtual WAN static routes redistribution
In my recent blog series Private Link reality bites I briefly mentioned the possibility of inspecting Service Endpoints with Azure Firewall, and many have asked for more details on that configuration. Here we go! First things first: what the heck am I talking about? Most Azure services such as Azure Storage, Azure SQL and many … Continue reading Azure Firewall and Service Endpoints
Welcome to this new series of blog posts in which I will be explaining some not-so-well-known facts about Azure Private Link and some associated technologies! This idea is born from the fact that I have been helping some colleagues and customers lately with some questions around Private Link, and that has made me realize that … Continue reading Private Link reality bites – Private endpoints are an illusion
First of all, my apologies for the radio silence, there have been some private projects going on during the Summer months that have kept me away from blogging. With that out of the way: what the heck is subnet peering? You probably know VNet peering, but is “subnet peering” now a thing? Well, not yet, … Continue reading Azure Subnet Peering
I have recently expanded my SDWAN in hub-and-spoke networks design guide to include SDWAN-to-firewall routing. Initially I didn’t have this point, but recent conversations have made me realize that not everybody understand this. The main difficulty in this topic is related to the fact that you cannot inspect the effective routes of your Virtual Network … Continue reading Do not let ExpressRoute, VPN and SDWAN traffic bypass your firewall
Today I was looking at IPvlan on a docker container in Azure along a colleague, and we found that there are plenty of documentation and blogs out there that might be confusing when running this setup on Azure. What is this IPvlan thing, I hear you ask? Docker has a good explanation here, but let … Continue reading IPvlan with Docker in Azure
Wow, that was a long title. Let me give you another one: if you haven’t tested your High Availability (HA) or Disaster Recovery (DR) plans, you shouldn’t rely on them. This is of course regardless of whether your infrastructure runs on your premises, on public cloud, or anywhere else. In this post I am going … Continue reading You want to use AS-path as your virtual hub routing preference
Update: as Srinivas describes in the comments, ingesting Flow Logs with Azure Data Explorer may lead to duplicate records. In every network you want to know what traffic is using it. Networking devices offer multiple options to report on traffic, such as Netflow, sFlow or IPFIX. However, these options are often not available in public … Continue reading Getting visibility into your Azure Traffic with NSG Flow Logs
If you have ever used Azure, you probably have used one of these Virtual Network Gateways too: whether it is to connect your branches and headquarters with Azure via IPsec VPN or ExpressRoute, or to provide connectivity to your mobile workers or external partners through Point-to-Site VPNs. In this post I will go deep on … Continue reading Virtual Network Gateways routing in Azure
Cloudtrooper 