Microsoft Ignite 2019  – What’s New In Azure Networking?

Speaker: Yousef Khalidi, CVP Microsoft Azure Networking


  • 6 Pbs of capacity in a single region.
  • 30 billion packets/second on the Azure WAN
  • ExpressRoute up to 100 Gbps per circuit
  • 160+ edge locations in addition to the 54 regions bringing the Azure WAN entry points closer to you
  • FPGA hardware provide jitter free networking

Satellite Connectivity

ExpressRoute now supports satellites. Handy for remote or mobile locations, ships, planes, remote mines, oil rigs, etc.

Edge Site

External: customer

Internal: Azure WAN


  • WAN
  • Azure ExpressRoute POP
  • Front Door, CDN, etc (global services)

Functions of Azure Networks

  • Connect & extend
  • Protect
  • Deliver
  • Monitor

Azure Peering Service Preview

Business quality connectivity to Microsoft clouds.

Connectivity Partners:

  • Local and geo peering tech
  • High capacity peers
  • Optimize Internet traffic routing

A bunch of launch connectivity partners. Looking for more carriers to join.

Azure Virtual WAN

“Completing the screnario”.


  • ExpressRoute
  • Point to site VPN
  • Path selection from branch


  • Hub/any-to-any connectivity – use vWAN as your Internet access point from on-prem.
  • Azure Firewall integration

Cisco SD-WAN partnership with Azure WAN and Office 365.



  • Fast Path
  • ExpressRoute Local – no egress charges
  • Continued expansion of ER locations


MACsec encryption:

  • Secures physical links at ExpressRoute sites
  • Bring-your-own-key, store keys in Azure Key Vault
  • Available on ER Direct

ExpressRoute for Satellites


  • Direct private access to Azure.
  • Connect to Azure from anywhere.
  • 3 partners today: Viasat, SES, Intelsat.

From customer point of view, it looks like normal ExpressRoute.


High throughput VPN: 10 Gbps GA

  • New gateway SKUs
  • Up to 10 Gbps aggregate
  • Up to 10,000 P2S connections
  • Ikev1 + IKEv2 on VpnGw1-5 GA

VPN Gateway packet capture Preview

Custom IKE traffic scenarios (coming soon)


  • Dual stacked for max flexibility.
  • Native IPv6 all the way to the VMs.
  • Private IPv6 addresses for VMs and NICs.

Zero-Trust Networking

A journey with Azure Networking featuring:

  • Azure Firewall
  • WAF
  • Azure Private Link
  • Azure DDos Protection

Private Link Preview

  • Goal is to enable all PaaS services.
  • Built-in data exfiltration protection.
  • Predictable IP for addressing PaaS services.

Azure Firewall Manager


  • Central deployment and configuration
    • Multiple firewall instances
    • Optimized for devops with hierarchical policies
  • Automated routing
  • Advanced security with 3rd party SECaaS


  • Virtual network support, split routing

Partnerships to route traffic via Azure WAN to the Internet:

  • zScaler
  • iBoss
  • CheckPoint coming soon

You route from on-prem via Azure WAN, then to partner service to Internet. However, Office 365 should go directly – MS automatically does that.

Azure Bastion is GA

  • RDP/SSH from Azure Portal without NAT rules.
  • No public IPs required.
  • Supports VMs, VMSS, DevTest Labs.

IMO, still not ready for consumption without local SSH/RDP client support.

Azure WAF


  • Microsoft Threat Intelligence
    • Protect apps against automated attacjs.
    • Managed good/bad bots with Azure BotManager rule set
  • Site and UDI path specific WAF policies
    • Customise WAF policies at retional WAF for finer grained protection at each host/listener or URL path level
  • Geo-filtering on regional WAF
    • Enhanced custom rule matching criterion includes filtering by country.

Application Gateway


  • Integration with AKS as ingress controller
  • Azure Key Vault integration
  • Enhanced metrics

Coming soon:

  • Wildcard listener
    • No need to create a listener for each domain

Azure Front Door


  • Single or multi-region app and API acceleration
    • Improve HTTP performance and reduce page load times.
  • Load balancing at the edge and fast-failover
    • Build always-on application experiences that fail-fast (safely)
  • Integrated SSL, WAF and DDoS

Azure CDN


  • Reduced Azure egress pricing
    • Egress is free from storage, compute, media services to Azure CDN from Microsoft.


  • Easy to use and highly customizable rules engine
    • Few click onboard
    • Use rules engine to customise CDN.

Internet Analyzer Preview

Easily measure and compare end user experience for your application.

  • Cloud migration
  • CDN and app acceleration
  • Perform A/B measurements

Azure Monitor


  • Traffic Analytics – accelerated processing from hours to minutes.
  • Enhanced troubleshooting.


  • Network Insights – single health console for the entire cloud network

Multi-Edge Edge Compute Demo

There’s an Azure Edge box on stage. It has a SIM and connects via a private LTE connection (MEC). A robot is controlled via the edge box. This is a tech preview at the moment.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.