Azure Networking: The Art of The Possible and the why

The purpose of this repo is to deliver layered, reusable and github friendly network architecture diagrams for Cloud Solutions Architects to run effective Azure design and skilling sessions. The repository will include tips and tools for effective story telling that explain the why behind the design options based on requirements and the art of the possible. The design areas include - Azure Networking, Hybrid connectivity architectures, routing, firewalling, load balancing, multi-region, secure design, cross functional networking areas and AKS networking. The content is based on real customer and partner design sessions with collaboration from cross-functional architects. The networking complexity is broken down into layers with one diagram per design area using draw.io now diagrams.net. This repo will include configuration snippets to reduce the lab prep time and the need to leave the labs running for demos.

Youtube Channel

Playlist - Azure Networking Series(The Art of The Possible)

1. Part-1: Creating Network Diagrams Using draw.io
2. Part-2: Hub-spoke-design (Single Region)
3. Part-3: Hub-spoke-design (Multi Region)
4. Part-4: Azure Virtual WAN (vWAN)
5. Part-5: Load Balancing in Azure (to be uploaded...stay tuned)
6. Part-6: Load Balancing demos
7. Part-7: DNS Options in Azure
8. Part-8: NVA High Availability Options in Azure

Scope: Reusable and Layered Network Diagrams

Target Audience: Cloud Solution Architects, Network Architects, Cloud Infrastructure Architects, Solution Engineers

Scope

• Build Reusable and github friendly network architecture diagram templates
• Layered diagrams to run effective Azure Design and skilling sessions
• Real world use cases dervied from working with Microsoft customers
• Level 100 to level 500 scenarios in one diagram
• Understand the why behind the design decision
• Minimize lab time
• Growth mindset

Scheduled Sessions

Part 1 (Hub-Spoke with ARS(Azure Route Server), Azure Virtual WAN, Load Balancing, DNS in Azure, NVA HA and Private Endpoint)

Future sessions coming soon, stay tuned....

Part 2 (Networking in Cross Functional Solution Areas) (AKS, Azure Data Factory, APIM, App Services)

Part 3 (Advanced Networking and Security) (IPv6, AzFW, DDoS, ExpressRoute Designs, AVS, AVD)

--

Join us for live sessions

We have limited spots available so if you are interested to join live sesssion please fillout a form with your role, email ID and session of interest. We will serve the request on the first come first serve basis. This will be a virtual teams meeting. Join us to learn, connect with your peers in the industry and share your use cases and design variations. If you are a partner and would like to be a guest speaker to present a story do let me know. Note: We are also looking to do in-person session at the Microsoft Technology Center (MTC) in Burlington,MA in the future so stay tuned...

Part 1: Upcoming sessions:

Note: Invites will go out two weeks before the session

Design Areas (Core Networking Part 1)

Azure Hub-Spoke Design

Download draw.io diagram. More information on how to open .drawio files here.

In this session we walk through the Hub-spoke architecure design. This design includes the following layers.

• Hybrid Connectivity Architecture with hub-spoke design
• Site-to-site, Point-to-Site and ExR connected Branches
• Default traffic Flows
• Variation of the default design based on requirements
• Use case for AzFw
• Use case for ARS (Azure Route server)
• Use case for NVA (Pros and Cons)
• VPN Gateway Active Active design challange
• Multi-region design
• Configuration snippets
• Concepts
• Limitations

vWAN (Azure Virtual WAN)

Download draw.io diagram. More information on how to open .drawio files here.

In this session we walk through the vWAN architectures. This design includes the following layers:

• Hybrid Connectivity Architecture
• Single region default flows with Azure vWAN
• Multi region default flows with Azure vWAN
• Secured vWAN
• BGP Endpoint feature use case
• Use case for routing intent
• Use case for NVA in indirect spokes
• Use case for Custom Routing
• Multiregion with ExR Boe-tie design

Load balancing in Azure

Download draw.io diagram. More information on how to open .drawio files here.

In this session we walk through the load balancing architectures. This design includes the following layers

• Azure load balancer (layer 4)
• Azure application Gateway (layer 7)
• Cross Region Load Balancer
• Azure Traffic Manager (Global)
• Azure Front door (AFD)
• Azure Gateway Load Balancer
• Multi-region design
• Use case for Private endpoint with AFD

DNS in Azure

Download draw.io diagram. More information on how to open .drawio files here.

In this session we walk through the DNS options in Azure.his design includes the following layers

• DNS Options in Azure
• Default DNS configuration
• Custom DNS
• Hybrid DNS
• Private DNS Zones
• Azure Private DNS Resolver

NVA High availability

Download draw.io diagram. More information on how to open .drawio files here.

This design includes the following layers:

• NVA LB Sandwich design
• Challenge: Preserving flow symettry
• North South flows
• East West Flows
• Packet Captures
• Use case Floating IP
• Use case for HA Ports
• Configuration Snippets

Private Endpoints

Download draw.io diagram. More information on how to open .drawio files here.

This design includes the following layers:

• Service Endpoint
• Private Endpoint
• Private Link Service
• VNET Integration vs Private Endpoint
• Use case with Azure Front Door (AFD) with Private Endpoint
• Use case with AKS

Upcoming designs (Work In Progress...)

Design Areas (Cross Functional - Part 2)

Networking in Azure Kubernetes Service (AKS)

This design includes the following layers

• Azure CNI
• Azure Kubenet
• Azure CNI Overlay
• IPv6 in AKS
• Azure Data platform integration (Example: SQL MI integration, SQL DB, Cosmos DB, OSS DB (mysql, postgreSQL), blob storage)
• Multi-region with Relational DB(SQLMI, SQL DB, OSS DB) (Single Master) (Shopping cart)
• Multi-region with Non-relational or NoSQL (Cosmos DB, MongoDB) (Multi Master) (catalog db)

Networking with Azure Data Factory

This design includes the following layers

• Azure ADF (Data movement and orchestration)
• Azure Synapse
• Azure Datalake or blob storage
• SQL MI (source and destination)
• Third Party Cloud (GCP)
• Hybrid SQL Server On-premise
• Cosmos DB, SQL DB (source and destination)
• OSS Databases (postgreSQL, mysql, mariadb)

Azure API Management (APIM)

Azure App Service Networking

Design Areas (Part 3 - Upcoming)

Azure VMWare Solutions - Network design

• AVS with NVA in Azure VNET (with ARS)
• Multi-region design with NVA in Azure NVET (with ARS)
• AVS with NVA behind NSX
• Azure Site Recovery (From AVS to Azure)
• HCX Scenarios

Azure Virtual Desktop - Network design

IPv6 in Azure

AzFW deep dive

ExpressRoute designs

Tooling - Draw.io (now diagrams.net)

Features

Draw.io is feature rich. I've listed my top 10 favorite features that are useful for drawing network architecture diagrams

1. Add Shapes: View -> Shapes -> Add Shapes -> Azure.
2. Add Layers: View -> Layers. Create layers and show hide layers.
3. Add Scratchpad: View -> Scratchpad
4. View Outline: View -> Outline
5. Flow animation: Select Flow -> Flow animation
6. Sketch Style (hand drawn style)
7. Whiteboard: Extras-> Theme-> Sketch
8. Curved lines for flows
9. vscode integration
10. Group shapes using CTRL-G

Installation

There are three options to open the draw.io diagrams.

1. Use the desktop app Download the desktop app from the microsoft store.

   Dowload drawio file from github and open in the desktop app. File -> Raw -> Save link as.

2. Use the web browser to open the file online using the link here

3. Integrate with vscode using the

Acknowledgement

Special thank you to my colleagues

• David O'Keefe
• Shaun Croucher
• Xavier Elizondo
• Heather Tze
• Mays Algebary
• Daniel Mauser
• Jose Moreno
• Sowmyan Soman Chullikkattil
• Mike Richter
• Mike Shelton
• Tommy Falgout