Hello Folks,

 

Azure Networking is the foundation of your infrastructure in Azure. Each month we bring you an update on What’s new in Azure Networking.

 

In this blog post, we’ll cover what's new with Azure Networking in June 2023.  I know it’s now July, but I was in Europe for PSConf.EU, Michael was on vacation, and I did not want to publish on the Friday before a long weekend. So here we are a week late.

 

 

 

 

Inbound ICMPv4 & ICMPv6 pings are now supported on Azure Load Balancer

 

 

 

Standard Public Azure Load Balancer now support testing reachability using IPv4 and IPv6 ping and traceroute.

Testing reachability of a load balancer front-end is useful for troubleshooting connectivity issues. To get more details and learn how to use ping and traceroute for testing a front-end of an existing Standard public load balancer, please read the following article.  Test reachability of Azure Load Balancer front-ends with ping and traceroute

 

• Standard Load Balancer supports using Ping and Traceroute/tracert over ICMPv4/v6 to test availability of workloads
• Support On-Prem clients and Cloud VMs.
• Traffic does not pass to workloads in backend pools. The load balancer handles send/receive of requests.
• Turned on by default and cannot be disabled.

 

Azure Load Balancer per VM limit removal

 

 

 

The “Load balancer per VM” limit is now removed for customers using Standard Load Balancer. Previously this limit was 2 load balancers per VM (1 public and 1 internal). Now with this limit removed, you can associate as many load balancers as possible per VM with either types (public or internal) up to the Azure Load Balancer’s limits.

Learn more about Azure Load Balancer’s limits. 

 

Policy analytics for Azure Firewall

 

 

 

Just like on-prem, it’s common to update Azure Firewall configuration daily (sometimes hourly) to meet the growing application needs, and respond to a changing threat landscape.

These changes are often managed by multiple administrators spread across geographies.  Therefore, the firewall configuration can grow sub optimally, impacting firewall performance and security.

It’s a challenging task for any IT team to optimize firewall rules without impacting applications and causing serious downtime. Policy analytics help address these challenges faced by IT teams by providing visibility into traffic flowing through the firewall with features such as firewall flow logs, rule to flow match, rule hit rate, and single rule analysis. IT admins can refine Azure Firewall rules in a few simple steps through the Azure portal.

References:

• Azure Firewall Policy Analytics
• Optimize performance and strengthen security with Policy Analytics for Azure Firewall
• Monitor Azure Firewall logs and metrics
• Overview of Azure Firewall logs and metrics

 

Azure Front Door integration with managed identities

 

 

A managed identity generated by Azure Active Directory (Azure AD) allows your Azure Front Door instance to access other Azure AD-protected resources easily and securely, such as Azure Key Vault. Azure manages the identity resource, so you don't have to create or rotate any secrets.

 

References:

• What are managed identities for Azure resources?
• Use managed identities to access Azure Key Vault certificates
• Implement managed identities

 

Azure Front Door upgrade from standard to premium

 

Azure Front Door now supports upgrading from Standard to Premium tier without any downtime.

Azure Front Door Premium supports advanced security capabilities and has increased quota limits, such as managed Web Application Firewall rules and private connectivity to your origin using Private Link.

 

Resources:

• Learn more about the difference between Standard and Premium tiers.
• Upgrade from Azure Front Door Standard to Premium
• Introduction to Azure Front Door
• Load balance your web service traffic with Front Door

 

 

Private Link support for Application Gateway

 

 

 

Web traffic load balancer that enables you to manage traffic to your web applications.  Traditional load balancers operate at the layer 4 (OSI layer 4 - TCP and UDP) and route traffic based on source IP address and port, to a destination IP address and port.

 

Application Gateway makes routing decisions based on additional attributes of an HTTP request, for example URI path or host headers.

 

For example, you can route traffic based on the incoming URL. So, if /images is in the incoming URL, you can route traffic to a specific set of servers (known as a pool) configured for images. If /video is in the URL, that traffic is routed to another pool that's optimized for videos.

 

Private link configuration for App Gateway new enables incoming traffic to an Azure App Gateway frontend and can be secured to clients running in another Azure Virtual Network, Azure subscription, or Azure subscription linked to a different Azure Active Directory tenant through Azure Private Link.

 

Resources:

• What is Azure Application Gateway?
• Configure Azure Application Gateway Private Link

 

Cheers

 

Pierre