I have recently had a couple of recent conversations that have made me reconsider the way we traditionally implement the hub and spoke Virtual Network design in Azure, which has some limitations. The idea is to introduce a relatively simple but powerful modification to the design that achieves these objectives: TL,DR: The main modification introduced … Continue reading Azure Hub And Spoke 2.0
I have had some questions around a common theme asked by some large Azure customers. These refrains might sound familiar to you: “I have run out of IPv4 addresses“, “My network team can only allocate so many IPs for Azure“, “How can I reuse IP space in Azure?“. If they do, I have a hack … Continue reading Overlapping IP addresses in a hub-and-spoke network (feat. AVNM & ARS)
I often need to learn how certain platforms work, and to achieve that there is no better way than deploying a sample workload and run some tests with it: for example for the “A day in the life of a packet on AKS” series that I wrote some years ago when AKS was something new … Continue reading Yet Another Demo App
As you might know, Azure Bastion enables management connectivity to virtual machines without having to assign them public IP addresses, and without having to maintain jump hosts in your Virtual Network. Up to recently, the virtual machines needed to be immediately peered to the VNet where Azure Bastion was deployed, but with IP-based connections Azure … Continue reading Azure Bastion routing in Virtual WAN
You probably know Azure Virtual WAN: it is an Azure service that provides any-to-any connectivity across regions out of the box, or a “global transit network architecture”, as they describe here: Essentially Virtual WAN is a set of Microsoft-managed virtual hubs peered to each other, where you would connect your VNets and/or branches (ExpressRoute, Site-to-Site … Continue reading Azure Virtual WAN Hub Routing Preference
You might have read my previous intro post to the AAD Application Proxy, where I went over a quick intro to this service and a comparison with other reverse proxies available in the Azure portfolio. I finished that post with a very generic diagram describing how to combine multiple proxies to get different capabilities, for … Continue reading AAD Application Proxy: Where is my WAF?
You might have come across a post from my good friend Adam on SDWAN Design options in Azure, where he details seven design alternatives when incorporating SDWAN to an Azure network. While I was reading Adam’s great summary, I was wondering whether I could summarize his design options and recommendations using the 3-tier cloud netowrk … Continue reading Where do I put my SDWAN?
Today I came across a concept while not being too new in Azure, I had not met before: Private Link Scopes. This is something that specific services do, more concretely Azure Arc and Azure Monitor (see here for the official docs on how to configure this for Azure Monitor). In the case of the latter, … Continue reading Private Link and Azure Monitor: what is an AMPLS?
Are you looking for a multi-cloud network architecture? Keep reading!
As you might have read, one of the new kids on the block in Azure Networking is the Gateway Load Balancer. You can refer to Microsoft docs for more details on what it does and why it was created, suffice to say that it is essentially a way to insert an NVA in a network … Continue reading What language does the Azure Gateway Load Balancer speak?