Thoughts from the clouds
Wow, that was a long title. Let me give you another one: if you haven’t tested your High Availability (HA) or Disaster Recovery (DR) plans, you shouldn’t rely on them. This is of course regardless of whether your infrastructure runs on your premises, on public cloud, or anywhere else. In this post I am going … Continue reading You want to use AS-path as your virtual hub routing preference
If you have ever used Azure, you probably have used one of these Virtual Network Gateways too: whether it is to connect your branches and headquarters with Azure via IPsec VPN or ExpressRoute, or to provide connectivity to your mobile workers or external partners through Point-to-Site VPNs. In this post I will go deep on … Continue reading Virtual Network Gateways routing in Azure
I have had some questions around a common theme asked by some large Azure customers. These refrains might sound familiar to you: “I have run out of IPv4 addresses“, “My network team can only allocate so many IPs for Azure“, “How can I reuse IP space in Azure?“. If they do, I have a hack … Continue reading Overlapping IP addresses in a hub-and-spoke network (feat. AVNM & ARS)
As you might already know, Azure DNS Private Resolver is an Azure service that support DNS forwarding between Azure and on-premises DNS servers. It is very useful to provide Azure DNS resolution to on-premises clients (for example to access private endpoints), or to provide on-premises DNS resolution to Azure clients (to access on-prem resources). Last … Continue reading Azure DNS Private Resolver without VNet Peerings
You probably know Azure Virtual WAN: it is an Azure service that provides any-to-any connectivity across regions out of the box, or a “global transit network architecture”, as they describe here: Essentially Virtual WAN is a set of Microsoft-managed virtual hubs peered to each other, where you would connect your VNets and/or branches (ExpressRoute, Site-to-Site … Continue reading Azure Virtual WAN Hub Routing Preference
I see more and more organizations deploying workloads across different clouds, and some times those workloads need to communicate between each other. There are multiple options to connect clouds together, the cheapest being an encrypted network tunnel over the public Internet, also known as IPsec VPN. All clouds support deploying your favorite network vendor as … Continue reading Tunnels Between Clouds
Azure can be used to offer Point-To-Site (P2S) connectivity for individual users, that by leveraging a VPN client on their systems (Windows, Linux or Mac) can get connectivity to Azure resources. This P2S connectivity is often limited to Azure resources, but by leveraging the Azure Route Server, additional access is offered. For example, if an … Continue reading Sending Internet Traffic from P2S Clients Through an NVA
In a previous blog we had a setup with a Network Virtual Appliance (NVA) for Internet egress and hybrid connectivity based on Azure Virtual Network Gateways. There is another fairly typical use case with regards to traffic between on-premises an Azure: firewalling it with an NVA: In some situations customers will combine the role of … Continue reading Using Route Server to firewall onprem traffic with an NVA
This is not a topology I would define as “best practice”, or one that I see in every Azure deployment out there, but I would certainly not describe it as exotic either. In this design, organizations want to leverage Azure as Internet breakout for their on-premises systems. Potentially because they do not have a good … Continue reading Azure as Internet breakout from on-premises with Route Server
Some times User-Defined Routes can cause traffic issues in Azure due to asymmetries, learn how to identify those problems and fix them!
Cloudtrooper 