Hello Folks,
Azure Networking is the foundation of your infrastructure in Azure. Each month we bring you an update on What’s new in Azure Networking.
In this blog post, we’ll cover what's new with Azure Networking in May 2023.
Cross-region service endpoints for Azure Storage
Cross-region service endpoints for Azure Storage is now generally available for Azure Blob and Data Lake Storage in all Azure regions.
Virtual Network (VNet) service endpoints provide secure and direct connectivity to Azure services over an optimized route over the Azure backbone network. Some of the advantages you will benefit from are:
- Integrate cross-region service endpoints into your disaster recovery plan by creating virtual networks (VNets) in the paired region in advance.
- Enable service endpoints for Azure Storage within these virtual networks.
- Configure network rules to grant access from the alternative virtual networks to your primary storage account.
- apply these network rules to your geo-redundant storage accounts, ensuring access to RA-GRS instances during a regional failover.
Announcement:
Documentation:
Learning opportunities:
- Design and implement private access to Azure Services
- Secure and isolate access to Azure resources by using network security groups and service endpoints
- Configure network routing and endpoints
Azure CNI Overlay
Azure CNI Overlay is a solution for running production-grade workloads in Kubernetes.
It assigns IP addresses from a user-defined overlay private address space instead of using IP addresses from the VNET.
It uses the routing of these private address spaces as a native virtual network feature. This means that cluster nodes do not need to perform any extra encapsulation to make the overlay container network work. Azure CNI Overlay is a most viable solution for running production-grade workloads in Kubernetes.
Announcement:
Documentation:
Learning opportunities:
- Design an Azure Kubernetes Service network with Azure CNI
- Azure Kubernetes Service (AKS) cluster architecture and operations
IP Protection SKU for Azure DDoS Protection
The IP Protection SKU for Azure DDoS Protection provides cost-effective, enterprise-grade DDoS protection designed to meet the needs of SMBs. You can defend against L3/L4 DDoS attacks with always-on monitoring and adaptive tuning that ensure your application is always protected.
It provides the same capabilities as the Network Protection SKU though Network Protection offers additional features.
Announcement:
Documentation:
Learning opportunities:
Retirement notice: Public Peering
No new ExpressRoute Public Peering connections have been allowed since 2018, and because Azure Services are available over Microsoft Peering, which provides improved routing flexibility at no additional cost to you, Public Peering will be retired on 31st March 2024.
Please transition to using Microsoft Peering by that date.
Announcement:
Documentation:
Retirement notice: Application Gateway V1
Application Gateway V1 retires on 28 April 2026, This gives you almost 3 years to plan and transition to Application Gateway V2 by that date. We are encouraged to make the switch earlier to gain the benefits of Application Gateway V2. Alongside the Application Gateway V1 features you already use:
- Additional features - Autoscaling, zone redundancy, URL rewrite, mutual authentication mTLS , Azure Kubernetes Service Ingress Controller, Keyvault integration
- Increased performance – 5x Better TLS offload performance compared to V1
- Enhanced security – Faster update of security rules, WAF custom rules and policy associations, bot protection
Announcement:
Documentation:
- What is Azure Application Gateway?
- How an application gateway works
- Migrate Azure Application Gateway and Web Application Firewall from V1 to V2
That’s it for this month. Please subscribe to never miss any of our content.
- Follow Pierre Roman - @WiredCanuck - https://twitter.com/wiredcanuck
- Michael Bender - @MichaelBender - https://twitter.com/MichaelBender
- Azure networking - @AzNetEng - https://twitter.com/AzNetEng
Cheers!
Pierre