Wired for Hybrid – What’s New in Azure Networking – May 2023

Hello Folks,

Azure Networking is the foundation of your infrastructure in Azure. Each month we bring you an update on What's new in Azure Networking.

In this blog post, we'll cover what's new with Azure Networking in May 2023.

Cross-region service endpoints for Azure Storage

PierreRoman_0-1685504203712.png

Cross-region service endpoints for Azure is now generally available for Azure Blob and in all Azure regions.

Virtual (VNet) service endpoints provide secure and direct connectivity to Azure services over an optimized route over the Azure backbone . Some of the advantages you will benefit from are:

  • Integrate cross-region service endpoints into your disaster plan by creating virtual networks (VNets) in the paired region in advance.
  • Enable service endpoints for Azure within these virtual networks.
  • Configure rules to grant access from the alternative virtual networks to your primary storage account.
  • apply these network rules to your geo-redundant storage accounts, ensuring access to RA-GRS instances during a regional .

Announcement:

Documentation:

Learning opportunities:

Azure CNI Overlay

PierreRoman_1-1685504203716.png

Azure CNI Overlay is a solution for running production-grade workloads in Kubernetes.

It assigns IP addresses from a user-defined overlay private address space instead of using IP addresses from the VNET.

It uses the routing of these private address spaces as a native virtual network feature. This means that cluster nodes do not need to perform any extra encapsulation to make the overlay container network work. Azure CNI Overlay is a most viable solution for running production-grade workloads in Kubernetes.

Announcement:

Documentation:

Learning opportunities:

IP Protection SKU for Azure DDoS Protection

PierreRoman_2-1685504203721.png

The IP Protection SKU for Azure DDoS Protection provides cost-effective, enterprise-grade DDoS protection designed to meet the needs of SMBs. You can defend against L3/L4 DDoS attacks with always-on monitoring and adaptive tuning that ensure your application is always protected.

It provides the same capabilities as the Network Protection SKU though Network Protection offers additional features.

Announcement:

Documentation:

Learning opportunities:

Retirement notice: Public Peering

PierreRoman_3-1685504203722.png

No new ExpressRoute Public Peering connections have been allowed since 2018, and because Azure Services are available over Microsoft Peering, which provides improved routing flexibility at no additional cost to you, Public Peering will be retired on 31st March 2024.

Please transition to using Microsoft Peering by that date.

Announcement:

Documentation:

Retirement notice: Application Gateway V1

PierreRoman_4-1685504203725.png

Application Gateway V1 retires on 28 April 2026, This gives you almost 3 years to plan and transition to Application Gateway V2 by that date.  We are encouraged to make the switch earlier to gain the benefits of Application Gateway V2. Alongside the Application Gateway V1 features you already use:

  • Additional features – Autoscaling, zone redundancy, URL rewrite, mutual authentication mTLS Azure Kubernetes Service Ingress Controller, Keyvault integration
  • Increased performance – 5x Better offload performance compared to V1
  • Enhanced security – Faster update of security rules, WAF custom rules and policy associations, bot protection

Announcement:

Documentation:

That's it for this month.  Please subscribe to never miss any of our content.

Cheers!

Pierre

 

This article was originally published by Microsoft's ITOps Talk Blog. You can find the original article here.