Cross Solution Network Architectures
This is a repo of cross solution network connectivity designs with Azure PaaS services, Azure Kubernetes Services(AKS) and on-premise connectivity. These designs are based on real world experiences working with partners,customers and cross solution Cloud Solution Architects (CSAs) in various Azure Design Sessions (ADS). This repo will contain downloadable artifacts including bicep automated deployments, architecture diagrams, postman collections and tools to test applications for various designs. Learn about tools of trades from various Subject Matter Expert (SME) CSAs to validate designs,connectivity, view application and traffic flows.
Design Areas
DevOps and Automation
- Automated deployments architecture
- Azure DevOps
- GitOps for Application deployment
- CI/CD pipelines using Github Actions
Advanced Linux Networking
- VXLAN with two linux hosts (As good as it gets!)
- Linux bridge
- Linux namespaces
- Linux firewall with iptables
- Dynamic Routing (Zebra,Quagga,BIRD - BGP Routing on linux)
- Openswan VPN (IPsec Tunnels)
- Macsec encryption on Linux
- The perfect NVA with linux
- IPtables and eBPF
- Cluster Networking - IPVLAN, MACVLAN, TUN/TAP drivers
Azure Kubernetes Services (AKS) Networking Series
- Download Multi-tab Visio and PDF
- Docker Networking
- Single Host
- Multi Host
- kind Cluster (Kubernetes In Docker)
- Bicep automated deployment
- Basic/Kubenet Networking
- Advanced/Azure CNI Networking
- AKS Private Cluster
- Ingress Controllers
- AKS Egress with Azure firewall/NVA
- AKS Multiple Nodepool Design
- Core DNS and Azure DNS Integrations
- Kubernetes Network Model - Multus, Flannel,Weave, Calico, Cilium
- Kubernetes Service Mesh (Istio, Linkerd and Consul)
Azure Database Services
- Download Multi-tab Visio and PDF
- Azure Data Factory (ADF)
- SQL Managed Instance
- Single Region
- Multi region with Replication - DR Scenario
- Database failover with application connectivity
- Azure SQL Database (PaaS Service)
- Azure Synapse
- OSS databases - mysql and postgres
Azure API Management(APIM) Networking Series
- APIM Big Picture view
- Default mode
- External network mode
- Internal network mode
- Internal network mode with Azure Application Gateway
- Internal network mode with AKS Backend API
- APIM with Azure firewall/NVA
- APIM Identity - AAD and B2C Integration
- APIM Multi-region Architecture
- Self hosted gateway
- LetsEncrypt Certificates and APIM Custom Domain
- Azure Private DNS Zones integration
- Network Troubleshooting
- Download Postman Collection
- Download Multi-tab Visio and PDF of all APIM Networking Architectures
Azure App-service Networking
- Private Endpoint Integration
- Service Endpoint
- VNET Integration
- NAT Gateway Integration
- Azure Private DNS Zone Planning
- APP Services with Custom Domain and Private Endpoints
- Azure App-Service with firewall for outbound traffic filtering
Tools of Trade (Work in progress)
-
VSCode Extentions
-
Database
- SQl Server Management Studio (SSMS)
- Azure Data Management Studio
-
Networking
- Microsoft Whiteboard
- Linux Networking
- Wireshark/tcpdump
- dig
- hping, tcptraceroute
-
Application
- python
- html
- node.js
- mysql
-
DevOps
- github
- Azure DevOps (ADO) project boards
- Visual Studio Code (vscode)
- Postman
Build Sample Applications (Work in progress)
- Simple CRUD API Application
- Simple http server
- Simple 3-tier application for AKS
Contributors
Special thank you to my colleagues
- David O'Keefe
- Shaun Croucher
- Xavier Elizondo
- Heather Tze
- Daniel Mauser
- Sowmyan Soman Chullikkattil
- Mike Richter
- Sumit Sengupta
- Mike Shelton
- Tommy Falgout
- Devanshi Joshi