AAD Application Proxy: Where is my WAF?

You might have read my previous intro post to the AAD Application Proxy, where I went over a quick intro to this service and a comparison with other reverse proxies available in the Azure portfolio. I finished that post with a very generic diagram describing how to combine multiple proxies to get different capabilities, for … Continue reading AAD Application Proxy: Where is my WAF?

Where do I put my SDWAN?

You might have come across a post from my good friend Adam on SDWAN Design options in Azure, where he details seven design alternatives when incorporating SDWAN to an Azure network. While I was reading Adam’s great summary, I was wondering whether I could summarize his design options and recommendations using the 3-tier cloud netowrk … Continue reading Where do I put my SDWAN?

Private Link and Azure Monitor: what is an AMPLS?

Today I came across a concept while not being too new in Azure, I had not met before: Private Link Scopes. This is something that specific services do, more concretely Azure Arc and Azure Monitor (see here for the official docs on how to configure this for Azure Monitor). In the case of the latter, … Continue reading Private Link and Azure Monitor: what is an AMPLS?

What language does the Azure Gateway Load Balancer speak?

As you might have read, one of the new kids on the block in Azure Networking is the Gateway Load Balancer. You can refer to Microsoft docs for more details on what it does and why it was created, suffice to say that it is essentially a way to insert an NVA in a network … Continue reading What language does the Azure Gateway Load Balancer speak?

Sending Internet Traffic from P2S Clients Through an NVA

Azure can be used to offer Point-To-Site (P2S) connectivity for individual users, that by leveraging a VPN client on their systems (Windows, Linux or Mac) can get connectivity to Azure resources. This P2S connectivity is often limited to Azure resources, but by leveraging the Azure Route Server, additional access is offered. For example, if an … Continue reading Sending Internet Traffic from P2S Clients Through an NVA

Using Route Server to firewall onprem traffic with an NVA

In a previous blog we had a setup with a Network Virtual Appliance (NVA) for Internet egress and hybrid connectivity based on Azure Virtual Network Gateways. There is another fairly typical use case with regards to traffic between on-premises an Azure: firewalling it with an NVA: In some situations customers will combine the role of … Continue reading Using Route Server to firewall onprem traffic with an NVA

Azure as Internet breakout from on-premises with Route Server

This is not a topology I would define as “best practice”, or one that I see in every Azure deployment out there, but I would certainly not describe it as exotic either. In this design, organizations want to leverage Azure as Internet breakout for their on-premises systems. Potentially because they do not have a good … Continue reading Azure as Internet breakout from on-premises with Route Server

Route Server Multi-Region Design

In my previous blog I wrote my view on the characteristics of the new Azure Route Server that I am most excited about. In this one I would like to give you a glimpse of how it works with a design that I see in many organizations: a multi-region setup, with Network Virtual Appliances acting … Continue reading Route Server Multi-Region Design

A Day in the Life of a Packet in AKS (part 2): kubenet and ingress controller

Hey again, to complete the previous post on the Azure CNI, here it goes using kubenet instead. To make it a bit more interesting we are going to explore a bunch of additional stuff: Deploying AKS with kubenet in your own vnet (note that this is not well documented or supported by Microsoft at the … Continue reading A Day in the Life of a Packet in AKS (part 2): kubenet and ingress controller