{"id":21661,"date":"2019-11-05T17:30:31","date_gmt":"2019-11-05T17:30:31","guid":{"rendered":"https:\/\/aidanfinn.com\/?p=21661"},"modified":"2019-11-05T17:30:31","modified_gmt":"2019-11-05T17:30:31","slug":"microsoft-ignite-2019-whats-new-in-azure-networking","status":"publish","type":"post","link":"https:\/\/aidanfinn.com\/?p=21661","title":{"rendered":"Microsoft Ignite 2019 \u00a0&#8211; What\u2019s New In Azure Networking?"},"content":{"rendered":"<p>Speaker: Yousef Khalidi, CVP Microsoft Azure Networking<\/p>\n<h2>Numbers<\/h2>\n<ul>\n<li>6 Pbs of capacity in a single region.<\/li>\n<li>30 billion packets\/second on the Azure WAN<\/li>\n<li>ExpressRoute up to 100 Gbps per circuit<\/li>\n<li>160+ edge locations in addition to the 54 regions bringing the Azure WAN entry points closer to you<\/li>\n<li>FPGA hardware provide jitter free networking<\/li>\n<\/ul>\n<h2>Satellite Connectivity<\/h2>\n<p>ExpressRoute now supports satellites. Handy for remote or mobile locations, ships, planes, remote mines, oil rigs, etc.<\/p>\n<h2>Edge Site<\/h2>\n<p>External: customer<\/p>\n<p>Internal: Azure WAN<\/p>\n<p>Features:<\/p>\n<ul>\n<li>WAN<\/li>\n<li>Azure ExpressRoute POP<\/li>\n<li>Front Door, CDN, etc (global services)<\/li>\n<\/ul>\n<h2>Functions of Azure Networks<\/h2>\n<ul>\n<li>Connect &amp; extend<\/li>\n<li>Protect<\/li>\n<li>Deliver<\/li>\n<li>Monitor<\/li>\n<\/ul>\n<h2>Azure Peering Service Preview<\/h2>\n<p>Business quality connectivity to Microsoft clouds.<\/p>\n<p>Connectivity Partners:<\/p>\n<ul>\n<li>Local and geo peering tech<\/li>\n<li>High capacity peers<\/li>\n<li>Optimize Internet traffic routing<\/li>\n<\/ul>\n<p>A bunch of launch connectivity partners. Looking for more carriers to join.<\/p>\n<h2>Azure Virtual WAN<\/h2>\n<p>\u201cCompleting the screnario\u201d.<\/p>\n<p>GA:<\/p>\n<ul>\n<li>ExpressRoute<\/li>\n<li>Point to site VPN<\/li>\n<li>Path selection from branch<\/li>\n<\/ul>\n<p>Preview:<\/p>\n<ul>\n<li>Hub\/any-to-any connectivity \u2013 use vWAN as your Internet access point from on-prem.<\/li>\n<li>Azure Firewall integration<\/li>\n<\/ul>\n<p>Cisco SD-WAN partnership with Azure WAN and Office 365.<\/p>\n<h2>ExpressRoute<\/h2>\n<p>GA:<\/p>\n<ul>\n<li>Fast Path<\/li>\n<li>ExpressRoute Local \u2013 no egress charges<\/li>\n<li>Continued expansion of ER locations<\/li>\n<\/ul>\n<p>Preview:<\/p>\n<p>MACsec encryption:<\/p>\n<ul>\n<li>Secures physical links at ExpressRoute sites<\/li>\n<li>Bring-your-own-key, store keys in Azure Key Vault<\/li>\n<li>Available on ER Direct<\/li>\n<\/ul>\n<h2>ExpressRoute for Satellites<\/h2>\n<p>GA.<\/p>\n<ul>\n<li>Direct private access to Azure.<\/li>\n<li>Connect to Azure from anywhere.<\/li>\n<li>3 partners today: Viasat, SES, Intelsat.<\/li>\n<\/ul>\n<p>From customer point of view, it looks like normal ExpressRoute.<\/p>\n<h2>VPN<\/h2>\n<p>High throughput VPN: 10 Gbps GA<\/p>\n<ul>\n<li>New gateway SKUs<\/li>\n<li>Up to 10 Gbps aggregate<\/li>\n<li>Up to 10,000 P2S connections<\/li>\n<li>Ikev1 + IKEv2 on VpnGw1-5 GA<\/li>\n<\/ul>\n<p>VPN Gateway packet capture Preview<\/p>\n<p>Custom IKE traffic scenarios (coming soon)<\/p>\n<h2>IPv6<\/h2>\n<ul>\n<li>Dual stacked for max flexibility.<\/li>\n<li>Native IPv6 all the way to the VMs.<\/li>\n<li>Private IPv6 addresses for VMs and NICs.<\/li>\n<\/ul>\n<h2>Zero-Trust Networking<\/h2>\n<p>A journey with Azure Networking featuring:<\/p>\n<ul>\n<li>Azure Firewall<\/li>\n<li>WAF<\/li>\n<li>Azure Private Link<\/li>\n<li>Azure DDos Protection<\/li>\n<\/ul>\n<h2>Private Link Preview<\/h2>\n<ul>\n<li>Goal is to enable all PaaS services.<\/li>\n<li>Built-in data exfiltration protection.<\/li>\n<li>Predictable IP for addressing PaaS services.<\/li>\n<\/ul>\n<h2>Azure Firewall Manager<\/h2>\n<p>Preview<\/p>\n<ul>\n<li>Central deployment and configuration\n<ul>\n<li>Multiple firewall instances<\/li>\n<li>Optimized for devops with hierarchical policies<\/li>\n<\/ul>\n<\/li>\n<li>Automated routing<\/li>\n<li>Advanced security with 3<sup>rd<\/sup> party SECaaS<\/li>\n<\/ul>\n<p>Roadmap:<\/p>\n<ul>\n<li>Virtual network support, split routing<\/li>\n<\/ul>\n<p>Partnerships to route traffic via Azure WAN to the Internet:<\/p>\n<ul>\n<li>zScaler<\/li>\n<li>iBoss<\/li>\n<li>CheckPoint coming soon<\/li>\n<\/ul>\n<p>You route from on-prem via Azure WAN, then to partner service to Internet. However, Office 365 should go directly \u2013 MS automatically does that.<\/p>\n<h2>Azure Bastion is GA<\/h2>\n<ul>\n<li>RDP\/SSH from Azure Portal without NAT rules.<\/li>\n<li>No public IPs required.<\/li>\n<li>Supports VMs, VMSS, DevTest Labs.<\/li>\n<\/ul>\n<p>IMO, still not ready for consumption without local SSH\/RDP client support.<\/p>\n<h2>Azure WAF<\/h2>\n<p>Preview:<\/p>\n<ul>\n<li>Microsoft Threat Intelligence\n<ul>\n<li>Protect apps against automated attacjs.<\/li>\n<li>Managed good\/bad bots with Azure BotManager rule set<\/li>\n<\/ul>\n<\/li>\n<li>Site and UDI path specific WAF policies\n<ul>\n<li>Customise WAF policies at retional WAF for finer grained protection at each host\/listener or URL path level<\/li>\n<\/ul>\n<\/li>\n<li>Geo-filtering on regional WAF\n<ul>\n<li>Enhanced custom rule matching criterion includes filtering by country.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2>Application Gateway<\/h2>\n<p>GA<\/p>\n<ul>\n<li>Integration with AKS as ingress controller<\/li>\n<li>Azure Key Vault integration<\/li>\n<li>Enhanced metrics<\/li>\n<\/ul>\n<p>Coming soon:<\/p>\n<ul>\n<li>Wildcard listener\n<ul>\n<li>No need to create a listener for each domain<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2>Azure Front Door<\/h2>\n<p>GA<\/p>\n<ul>\n<li>Single or multi-region app and API acceleration\n<ul>\n<li>Improve HTTP performance and reduce page load times.<\/li>\n<\/ul>\n<\/li>\n<li>Load balancing at the edge and fast-failover\n<ul>\n<li>Build always-on application experiences that fail-fast (safely)<\/li>\n<\/ul>\n<\/li>\n<li>Integrated SSL, WAF and DDoS<\/li>\n<\/ul>\n<h2>Azure CDN<\/h2>\n<p>GA:<\/p>\n<ul>\n<li>Reduced Azure egress pricing\n<ul>\n<li>Egress is free from storage, compute, media services to Azure CDN from Microsoft.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>Preview<\/p>\n<ul>\n<li>Easy to use and highly customizable rules engine\n<ul>\n<li>Few click onboard<\/li>\n<li>Use rules engine to customise CDN.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2>Internet Analyzer Preview<\/h2>\n<p>Easily measure and compare end user experience for your application.<\/p>\n<ul>\n<li>Cloud migration<\/li>\n<li>CDN and app acceleration<\/li>\n<li>Perform A\/B measurements<\/li>\n<\/ul>\n<h2>Azure Monitor<\/h2>\n<p>GA<\/p>\n<ul>\n<li>Traffic Analytics \u2013 accelerated processing from hours to minutes.<\/li>\n<li>Enhanced troubleshooting.<\/li>\n<\/ul>\n<p>Preview<\/p>\n<ul>\n<li>Network Insights \u2013 single health console for the entire cloud network<\/li>\n<\/ul>\n<h2>Multi-Edge Edge Compute Demo<\/h2>\n<p>There\u2019s an Azure Edge box on stage. It has a SIM and connects via a private LTE connection (MEC). A robot is controlled via the edge box. This is a tech preview at the moment.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Speaker: Yousef Khalidi, CVP Microsoft Azure Networking Numbers 6 Pbs of capacity in a single region. 30 billion packets\/second on the Azure WAN ExpressRoute up to 100 Gbps per circuit 160+ edge locations in addition to the 54 regions bringing the Azure WAN entry points closer to you FPGA hardware provide jitter free networking Satellite &hellip; <a href=\"https:\/\/aidanfinn.com\/?p=21661\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;Microsoft Ignite 2019 \u00a0&#8211; What\u2019s New In Azure Networking?&#8221;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":18386,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[5],"tags":[170,398,80],"class_list":["post-21661","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-azure","tag-azure","tag-microsoft-ignite-2019","tag-networking"],"aioseo_notices":[],"jetpack_featured_media_url":"https:\/\/aidanfinn.com\/wp-content\/uploads\/2015\/06\/12809137181.png","amp_enabled":true,"_links":{"self":[{"href":"https:\/\/aidanfinn.com\/index.php?rest_route=\/wp\/v2\/posts\/21661","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/aidanfinn.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/aidanfinn.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/aidanfinn.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/aidanfinn.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=21661"}],"version-history":[{"count":2,"href":"https:\/\/aidanfinn.com\/index.php?rest_route=\/wp\/v2\/posts\/21661\/revisions"}],"predecessor-version":[{"id":21663,"href":"https:\/\/aidanfinn.com\/index.php?rest_route=\/wp\/v2\/posts\/21661\/revisions\/21663"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/aidanfinn.com\/index.php?rest_route=\/wp\/v2\/media\/18386"}],"wp:attachment":[{"href":"https:\/\/aidanfinn.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=21661"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/aidanfinn.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=21661"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/aidanfinn.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=21661"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}