Background: A customer asked if it was possible to use what they called a ‘bridge-hub’ virtual network (this virtual network would only contain an Azure firewall), and have spokes virtual networks connect to that ‘bridge-hub’ and then use a VPN gateway hosted in another virtual network, which in turn connected to on-prem. The goal being to get the virtual network not peered to the virtual network containing the VPN gateway to be able to route to/from on-prem.

Problem Statement: Not posted in such a long time, posting this to ensure I haven’t forgotten how to use Hugo and Github Pages.!

Background: A colleague asked me an interesting question about an Azure Virtual WAN scenario their customer was facing. The customer is using Azure Virtual WAN with a single virtual WAN hub, which was placed in the West Europe region, and this hub had been deployed before Azure Virtual WAN routing intent was available (https://docs.microsoft.com/en-us/azure/virtual-wan/virtual-wan-routing-preference-overview). The customer had deployed a number of virtual networks in West Europe and was using a tiered vnet model in West Europe https://learn.

Question: When does network traffic stay on the Microsoft network? Does Azure to Azure traffic stay on the Microsoft network? What about Azure to other Microsoft services, such as Microsoft 365? For a video discussion of the same topic see https://www.youtube.com/watch?v=ssrAPwOKw4g Background: There seems to be some confusion as to when, and when not, traffic originating in Azure stays within the Azure backbone (from now on I’ll refer to this as the Microsoft Network) network.

Problem Statement: Not posted in such a long time, posting this to ensure I haven’t forgotten how to use Hugo and Github Pages.!

Problem Statement: My blog is hosted on Wordpress and I want to migrate it to Github Pages using Hugo and enable version control for my blog posts and ensure I bring across all the content from my Wordpress blog. The above problem statement is a bit of a mouthful so let’s break it down into smaller chunks: Blog hosted on Wordpress.com and was costing in the region of £80 per year.

Problem Statement: I have Terraform modules in a single repository that enable me to deploy a hub virtual network, firewall and VPN gateway. How can I deploy this code to multiple Azure regions using Terraform Cloud? Answer: There is more than one way to achieve this: A Github repository dedicated to each region and a Terraform Cloud workspace for each region Publish the modules to terraform cloud private registry, reference those modules in a repository dedicated for each region and a terraform cloud workspace for each region Use a single repo for everything with different directories containing a root module for each environment and a terraform workspace for each region I’m sure there are other options as well as the above

What is Snyk? Find and automatically fix vulnerabilities in your code, open source dependencies, containers, and infrastructure as code — all powered by Snyk’s industry-leading security intelligence. What are Terraform cloud Run Tasks? Run Tasks allow you to directly integrate third-party tools and services at certain stages in the Terraform Cloud run lifecycle I am using Synk to scan my terraform code during the plan phase to catch potential problems with my code.

So you want to learn all about IPv6. Some good resources I have come across are: Online Courses: APNIC ipv6 Fundamentals APNIC ipv6 Planning RIPE NCC ipv6 Fundamentals Books: IPv6 Fundamentals: A Straightforward Approach to Understanding IPv6, 2nd Edition

Overview Following on from my previous post titled ‘Firewall Options for the cost conscious Azure lab owner’ in this post I’m going to go talk about the deployment of OPNsense firewalls in Azure, a note about the costs of running the required components and some basic configuration of the OPNsense firewalls to get things working. Deployment Using the code in this repository https://github.com/dmauser/opnazure/ you can create some fairly cost effective firewalls in Azure.