Wired for Hybrid - What's New in Azure Networking – May 2023

Microsoft

May 31, 2023

Hello Folks,

Azure Networking is the foundation of your infrastructure in Azure. Each month we bring you an update on What’s new in Azure Networking.

In this blog post, we’ll cover what's new with Azure Networking in May 2023.

Cross-region service endpoints for Azure Storage

Cross-region service endpoints for Azure Storage is now generally available for Azure Blob and Data Lake Storage in all Azure regions.

Virtual Network (VNet) service endpoints provide secure and direct connectivity to Azure services over an optimized route over the Azure backbone network. Some of the advantages you will benefit from are:

Integrate cross-region service endpoints into your disaster recovery plan by creating virtual networks (VNets) in the paired region in advance.
Enable service endpoints for Azure Storage within these virtual networks.
Configure network rules to grant access from the alternative virtual networks to your primary storage account.
apply these network rules to your geo-redundant storage accounts, ensuring access to RA-GRS instances during a regional failover.

Announcement:

Generally available: Cross-region service endpoints for Azure Storage.

Documentation:

Learning opportunities:

Azure CNI Overlay

Azure CNI Overlay is a solution for running production-grade workloads in Kubernetes.

It assigns IP addresses from a user-defined overlay private address space instead of using IP addresses from the VNET.

It uses the routing of these private address spaces as a native virtual network feature. This means that cluster nodes do not need to perform any extra encapsulation to make the overlay container network work. Azure CNI Overlay is a most viable solution for running production-grade workloads in Kubernetes.

Announcement:

General Availability: Azure CNI Overlay

Documentation:

Configure Azure CNI networking in Azure Kubernetes Service (AKS)

Learning opportunities:

IP Protection SKU for Azure DDoS Protection

The IP Protection SKU for Azure DDoS Protection provides cost-effective, enterprise-grade DDoS protection designed to meet the needs of SMBs. You can defend against L3/L4 DDoS attacks with always-on monitoring and adaptive tuning that ensure your application is always protected.

It provides the same capabilities as the Network Protection SKU though Network Protection offers additional features.

Announcement:

General availability: IP Protection SKU for Azure DDoS Protection

Documentation:

Learning opportunities:

Retirement notice: Public Peering

No new ExpressRoute Public Peering connections have been allowed since 2018, and because Azure Services are available over Microsoft Peering, which provides improved routing flexibility at no additional cost to you, Public Peering will be retired on 31st March 2024.

Please transition to using Microsoft Peering by that date.

Announcement:

Retirement notice: Migrate from Public Peering by March 31, 2024

Documentation:

Azure Peering Service overview

Retirement notice: Application Gateway V1

Application Gateway V1 retires on 28 April 2026, This gives you almost 3 years to plan and transition to Application Gateway V2 by that date. We are encouraged to make the switch earlier to gain the benefits of Application Gateway V2. Alongside the Application Gateway V1 features you already use:

Additional features - Autoscaling, zone redundancy, URL rewrite, mutual authentication mTLS , Azure Kubernetes Service Ingress Controller, Keyvault integration
Increased performance – 5x Better TLS offload performance compared to V1
Enhanced security – Faster update of security rules, WAF custom rules and policy associations, bot protection