Wired for Hybrid – What’s New in Azure Networking – June 2023 Edition

Hello Folks,

Azure Networking is the foundation of your infrastructure in Azure. Each month we bring you an update on What's new in Azure Networking.

In this blog post, we'll cover what's new with Azure Networking in June 2023.  I know it's now July, but I was in Europe for PSConf.EU, Michael was on vacation, and I did not want to publish on the Friday before a long weekend. So here we are a week late.

PierreRoman_0-1688601015117.png

Standard Public Azure Load Balancer now support testing reachability using IPv4 and IPv6 ping and traceroute.

Testing reachability of a load balancer front-end is useful for connectivity issues. To get more details and learn how to use ping and traceroute for testing a front-end of an existing Standard public load balancer, please read the following article.  Test reachability of Azure Load Balancer front-ends with ping and traceroute

  • Standard Load Balancer supports using Ping and Traceroute/tracert over ICMPv4/v6 to test availability of workloads
  • Support On-Prem clients and Cloud VMs.
  • Traffic does not pass to workloads in backend pools. The load balancer handles send/receive of requests.
  • Turned on by default and cannot be disabled.

PierreRoman_1-1688601015122.png

The “Load balancer per VM” limit is now removed for customers using Standard Load Balancer. Previously this limit was 2 load balancers per (1 public and 1 internal). Now with this limit removed, you can associate as many load balancers as possible per with either types (public or internal) up to the Azure Load Balancer's limits.

Learn more about Azure Load Balancer's limits.

PierreRoman_2-1688601015127.png

Just like on-prem, it's common to update Azure configuration daily (sometimes hourly) to meet the growing application needs, and respond to a changing threat landscape.

These changes are often managed by multiple administrators spread across geographies.  Therefore, the configuration can grow sub optimally, impacting performance and security.

It's a challenging task for any IT team to optimize firewall rules without impacting applications and causing serious downtime. Policy analytics help address these challenges faced by IT teams by providing visibility into traffic flowing through the firewall with features such as firewall flow logs, rule to flow match, rule hit rate, and single rule analysis. IT admins can refine Azure Firewall rules in a few simple steps through the Azure portal.

References:

PierreRoman_3-1688601015131.png

A managed identity generated by Azure Active Directory (Azure AD) allows your Azure Front Door instance to access other Azure AD-protected resources easily and securely, such as Azure Key Vault. Azure manages the identity resource, so you don't have to create or rotate any secrets.

References:

PierreRoman_4-1688601015139.png

Azure Front Door now supports upgrading from Standard to Premium tier without any downtime.

Azure Front Door Premium supports advanced security capabilities and has increased quota limits, such as managed Web Application Firewall rules and private connectivity to your origin using Private Link.

Resources:

PierreRoman_5-1688601015140.png

Web traffic load balancer that enables you to manage traffic to your web applications.  Traditional load balancers operate at the layer 4 (OSI layer 4 – TCP and UDP) and route traffic based on source IP address and port, to a destination IP address and port.

Application Gateway makes routing decisions based on additional attributes of an HTTP request, for example URI path or host headers.

For example, you can route traffic based on the incoming URL. So, if /images is in the incoming URL, you can route traffic to a specific set of servers (known as a pool) configured for images. If /video is in the URL, that traffic is routed to another pool that's optimized for videos.

Private link configuration for App new enables incoming traffic to an Azure App Gateway frontend and can be secured to clients running in another Azure Virtual , Azure subscription, or Azure subscription linked to a different Azure Active Directory tenant through Azure Private Link.

Resources:

Cheers

Pierre

 

This article was originally published by Microsoft's Networking Blog. You can find the original article here.