Wired for Hybrid - What's New in Azure Networking - April 2024 edition
Published Apr 22 2024 10:05 PM 1,834 Views
Microsoft

Hello Folks,

 

Azure Networking is the foundation of your infrastructure in Azure. Each month we bring you an update on What’s new in Azure Networking.

 

In this blog post, we’ll cover what's new with Azure Networking in April 2024.  In this blog post, we will cover the following announcements and how they can help you.

 

  • Listener TLS certificates management in the Azure portal
  • Application Gateway for Containers
  • Application Gateway (v2) IPv6 support
  • Microsoft open sources Retina: A cloud-native container networking observability platform
  • Azure Virtual Network encryption now in additional regions

Listener TLS certificates management in the Azure portal

 

PierreRoman_0-1713848287132.png

 

 

With this GA release, you can more easily manage TLS certificates for your Application Gateway workloads in the Azure Portal.

 

The Azure Application Gateway is a proxy load balancer that operates at Layer-7, the application layer of the OSI model. Now it supports Layer-4 proxy with TCP and TLS protocols as well. This provides scalable, highly available, and secure application delivery. One of its key features is the ability to secure client traffic through TLS termination, which requires TLS server certificates for listeners. For large gateways with multiple HTTPS or TLS listeners, this means managing multiple .PFX certificates.

 

  • For certificate management in the portal, you can list and manage your certificates.
    • Expiry
    • Common Name
    • Thumbprint
    • Issuer Name
    • Each certificate includes the following details for quick identification:

 

Managing certificates in any organization can be a challenge. This is a great addition for reducing friction for admins responsible for secure workloads utilizing certificates.

 

References:

 

General availability: Application Gateway for Containers

 

Application Gateway for Containers is GA.  With this release, you get application (layer 7) load balancing and dynamic traffic management capabilities for workloads running in a Kubernetes cluster.

 

Application Gateway for Containers is the evolution of the Application Gateway Ingress Controller (AGIC), a Kubernetes application that enables Azure Kubernetes Service (AKS) customers to use Azure's native Application Gateway application load-balancer. In its current form, AGIC monitors a subset of Kubernetes Resources for changes and applies them to the Application Gateway, utilizing Azure Resource Manager (ARM).

PierreRoman_1-1713848287137.png

 

 

  1. Features - Public preview and GA has added support for Custom Health Probes, URL Redirect, URL / Header Rewrite.
  2. Controller High Availability – Have peace of mind if a node goes down, changes within your cluster will continue to be propagated to the network.
  3. Gateway API v1 – Bring the familiarity and role based access control provided by Gateway API to your network configuration.
  4. Additional Region Availability – Take advantage of Application Gateway for Containers in a region closest to you.
  5. SLA for Production Workloads – Feel confident in running your production workloads with Application Gateway for Containers.

 

References:

 

 

Application Gateway (v2) IPv6 support

 

We are announcing that IPv6 support for Azure Application Gateway (v2) is now generally available.

 

With the addition of IPv6 support, you can take advantage of the increased address space and improved routing efficiency that IPv6 provides. This is especially important for customers who are running out of IPv4 addresses or who need to support IPv6 clients.

 

To get started with IPv6 support for Azure Application Gateway (v2), simply create a new Application Gateway and select both IPv4 and IPv6 frontends during the creation process. You can also find more information about IPv6 support in our documentation.

 

PierreRoman_2-1713848287143.png

 

References:

 

Microsoft open sources Retina: A cloud-native container networking observability platform

 

PierreRoman_3-1713848287151.png

 

 

Retina is an open-source Kubernetes Network Observability platform designed to assist with DevOps, SecOps, and compliance use cases. It acts as a centralized hub for monitoring the health, security, and performance of applications and networks within Kubernetes clusters. The platform caters to Cluster Network Administrators, Cluster Security Administrators, and DevOps Engineers.

 

  • Provides actionable network insights for cloud-native applications: Retina offers users a way to see how their containerized microservices interact on the network, helping them troubleshoot issues like latency, packet drops and many more.
  • Non-intrusive and easy to use: Retina works with existing applications without requiring any code changes and provides users with simple ways to observe and troubleshoot network issues.
  • Supports diverse environments: Designed to be adaptable, Retina works seamlessly with any CNI's (container network interface), OS, or cloud provider, making it a valuable tool across different environments.

 

Resources:

 

Azure Virtual Network encryption now in additional regions

 

PierreRoman_4-1713848287156.jpeg

 

 

Whenever Azure customer traffic moves between datacenters, Microsoft applies a data-link layer encryption method using the IEEE 802.1AE MAC Security Standards (MACsec). This encryption is implemented to secure the traffic outside physical boundaries not controlled by Microsoft or on behalf of Microsoft. This method is applied from point-to-point across the underlying network hardware. Virtual network encryption enables you to encrypt traffic between Virtual Machines and Virtual Machines Scale Sets within the same virtual network. It also encrypts traffic between regionally and globally peered virtual networks. Virtual network encryption enhances existing encryption in transit capabilities in Azure.

 

With Virtual Network encryption, customers can enable encryption of traffic between Virtual Machines and Virtual Machines Scale Sets within the same virtual network and between regionally and globally peered virtual networks. This new feature enhances the existing encryption in transit capabilities in Azure.

 

Azure Virtual Network encryption is available in the following additional regions:

  • West Us
  • West US 2
  • East US 2
  • US East
  • Europe North
  • Europe West
  • France Central
  • India Central
  • UAE North
  • East Asia
  • Japan West
  • Japan East

 

Resources:

 

That’s it for this month.

 

Cheers

 

Pierre

 

Co-Authors
Version history
Last update:
‎Apr 22 2024 10:19 PM
Updated by: