Microsoft Azure Gateway Load Balancer Deep Dive

Поделиться
HTML-код
  • Опубликовано: 26 ноя 2024
  • НаукаНаука

Комментарии • 49

  • @gofmaned
    @gofmaned Месяц назад

    Great explanation. I need to configure some NVA with GWLB. But couldn't understand why such a complex design is needed. Now it is clear to me. Tnak you!

  • @NTFAQGuy
    @NTFAQGuy  3 года назад +2

    Hey everyone, welcome to this video diving into a really cool load balancer solution related to NVAs. Please make sure to read the description for the chapters and key information about this video and others.
    ⚠️ P L E A S E N O T E ⚠️
    🔎 If you are looking for content on a particular topic search the channel. If I have something it will be there!
    🕰️ I don't discuss future content so please don't ask 😇
    Thanks for watching!
    ☁️🤙💪

  • @notoriousft
    @notoriousft 3 года назад +1

    I was just studying load balancers, firewalls today. Thanks John.

  • @csande572
    @csande572 2 года назад +1

    John, thank you for adding in the underlying GRE used for chaining as well as the VxLAN for GWLB to NVA. As you stated this knowledge may not necessarily be needed but it goes a long way for me, as the more I understand how it functions in the background the clearer it becomes as to how it really all ties together. Another great video. I have enjoyed many and appreciate your skills in presenting the technical details in such a clear and easy to understand manner.

  • @jonathanclyde4725
    @jonathanclyde4725 3 года назад +2

    This could be very nice thing for governance too; azure policy to require chaining to be enabled on public ips and public load balancers, as opposed to just not allowing them to be created

  • @patricksigrist4831
    @patricksigrist4831 3 года назад +2

    Thank you John.
    It’s really amazing at what speed you create videos for newly released Azure features. It‘s very much appreciated!
    And I love your trademark “super quickly” and ‘for a second”

    • @NTFAQGuy
      @NTFAQGuy  3 года назад

      hehe, my pleasure :-D

  • @MattRootsTube
    @MattRootsTube 3 года назад +1

    Reminds me of Palo Alto firewall Virtual Wires in the physical world, except the PA firewall is the NVA performing the analysis of the traffic on the vWire. Interesting feature for the SDWAN world; thanks for the overview.

  • @omartin2009
    @omartin2009 3 года назад

    man, a lot of things have changed since I've been doing active/active FW designs with VIPs etc... !!! This is great innovation, thanks for sharing your wealth of knowledge!

    • @NTFAQGuy
      @NTFAQGuy  3 года назад

      hehe, yeah, solves some big issues!

    • @omartin2009
      @omartin2009 3 года назад

      @@NTFAQGuy huge! The vxlan business I'd have to dig back but I love the video you've done. Thanks again!

  • @ItIsFullyFaltu
    @ItIsFullyFaltu 3 года назад

    Thanks a lot.. u explained the packetflow in detail. thats wat we want.. thanks a lot John

  • @gauravgoel2597
    @gauravgoel2597 2 года назад

    Thank you so much for this wonderful video. It really helped me clear the doubts I had for Azure Gateway Load Balancer. I must say you were able to cover everything essential to understand the Azure GLBs in half an hour really effectively. This was my first video of yours and I've loved every bit of it.

    • @NTFAQGuy
      @NTFAQGuy  2 года назад

      Glad it was helpful!

  • @cma9br
    @cma9br 3 года назад

    Good new network feature. Thank you John!

  • @blkh2040
    @blkh2040 3 года назад +1

    Thank you for the deep dive - very helpful.

  • @ToivoVoll
    @ToivoVoll 3 года назад +1

    Thank you for the video, this is really good stuff, and very relevant to us. The GLB definitely addresses a major pain point.

    • @NTFAQGuy
      @NTFAQGuy  3 года назад

      Glad you enjoyed it!

  • @OMNS777
    @OMNS777 3 года назад

    As always John! On point. Much appreciated!!

  • @1chrisandrew1
    @1chrisandrew1 3 года назад

    This is awesome - and thank you for sharing your Linux NVA setup

    • @NTFAQGuy
      @NTFAQGuy  3 года назад

      Very welcome 🤙

  • @z0nerider
    @z0nerider 3 года назад

    I was waiting for this video to be released...

  • @ryancallan2759
    @ryancallan2759 3 года назад

    John, great video as always - Because this is an internal load balancer, can you confirm that this doesn't help when it comes to using those NVAs as VPN device? so if we wanted to establish a site-to-site VPN or point-to-site, then we can not take advantage of this feature?

    • @NTFAQGuy
      @NTFAQGuy  3 года назад

      This is not the initial connection point.

  • @markkuijper1802
    @markkuijper1802 3 года назад

    Hi John. Great video as always. Two questions:
    1. How does Azure Firewall relate to this ?
    (I would like to chain public IP's to Azure Firewall and not use NVA's / IaaS)
    2. Can I chain just "any" public Azure IP to this (more specific public IP's of tenant specific PaaS services like Azure SQL, Azure storage account, etc.) ?
    (If so this would be great to chain "any public IP" in once tenant to a central security device independent of the Azure service and its configuration)

    • @NTFAQGuy
      @NTFAQGuy  3 года назад +1

      Not aware az fw uses this yet and it’s early preview so interaction with other paas not really known

  • @christianibiri
    @christianibiri 3 года назад

    Awesome!!!!!

  • @hammerinheeb
    @hammerinheeb 2 года назад

    Is it required to have the NVA send the packets back? What if I just want a copy here, and that's it? Is there a setting that allows that? Just learning about this, and this was an AWESOME video, thanks John!

    • @NTFAQGuy
      @NTFAQGuy  2 года назад

      its a bump in the wire. Technically does not have to send back providing something else is splitting

    • @hammerinheeb
      @hammerinheeb 2 года назад

      @@NTFAQGuy Thanks John! Still a bit confused though. So I can just have my NVA sit behind this GWLB, and ingest a copy of all packets and not send them back out? It seems there are 2 tunnels here as you explained. I want to just get a copy of every packet and not worry about routing them back to the destination via my NVA, but of course the packets would still need to go their original destination....if that is possible. Again, thanks! I see packet mirroring is one of the features of this as described by the docs in Azure, I just don't see how that works.

    • @NTFAQGuy
      @NTFAQGuy  2 года назад

      @@hammerinheeb it is part of the path. It is not mirroring so if it does not send back packets they are lost. Something would have to mirror before sending or most likely nva need to send the packets on as bump in the wire

  • @liamobrien1506
    @liamobrien1506 3 года назад

    Great video! Will the gateway also chain with Application Gateway?

    • @NTFAQGuy
      @NTFAQGuy  3 года назад

      Not today to my knowledge but not tried

    • @Marcelk86
      @Marcelk86 3 года назад

      @@NTFAQGuy AFAIK it will work as the chaining is configured at the PIP level?

    • @NTFAQGuy
      @NTFAQGuy  3 года назад

      @@Marcelk86 it may, not tried. Sometimes there are funny combinations that break. I may try it at some point.

  • @amishel2006
    @amishel2006 3 года назад

    How does GWLB fit into existing Virual Wan, where traffic inspection is required for all packets traversing the vhub?

    • @NTFAQGuy
      @NTFAQGuy  3 года назад

      Vwan has its own secured version

  • @juanpabloguerra9512
    @juanpabloguerra9512 2 года назад

    This is great for public traffic. How about hybrid scenarios where incoming traffic to VMs is private? Can I chain the gw lh to a private std lb or instance level private IP?
    Thanks for the amazing explanation

    • @NTFAQGuy
      @NTFAQGuy  2 года назад

      i talked about its front end can have a private ip

  • @felipeccardoso
    @felipeccardoso 3 года назад

    Are the consumers can have only private ips and chain to Gateway Load Balancer?

    • @NTFAQGuy
      @NTFAQGuy  3 года назад

      I don't understand your question. The GWLB is chained to a public SLB or instance IP as I cover in the video.

    • @felipeccardoso
      @felipeccardoso 3 года назад

      @@NTFAQGuy Example: If I have a virtual machine without a public ip, can I direct all internet traffic to NVAs that are backends for Gateway Load Balancer? No need for UDR configured, just via Chain between the VM's network card (only private IP configured) and the Gateway Load Balancer?

    • @NTFAQGuy
      @NTFAQGuy  3 года назад +1

      It seems to let you :-)

  • @Feed2Brain
    @Feed2Brain 3 года назад

    Great feature from Azure with Great explanation from #johnsavillstechnicaltraining Thanks you very much :) . Happy Learning

    • @NTFAQGuy
      @NTFAQGuy  3 года назад

      Glad it was helpful!