An Overview of Microsoft Azure New Networking CapabilitiesBRK2465
Download
Report
Transcript An Overview of Microsoft Azure New Networking CapabilitiesBRK2465
Hyper-scale
Enterprise
Grade
Hybrid
Azure compute regions
Azure compute regions
Microsoftconnectivity
Azure datacenter
regions
Internet
by country
Microsoft’s network is one of the largest in the world
Internet users
■ 500,000,000+
■ 100,000,000 – 499,999,999
■ 50,000,000 – 99,999,999
■ 25,000,000 – 49,999,999
■ 5,000,000 – 24,999,999
■ 100,000 – 4,999,999
■*Operated
50,000by
– 999,999
21Vianet
■ 0 – 49,999
Classic vs. Hyper-scale networks
Large L2
Domains
L3 at all
Layers
HW-based
Service
Software
Service
Simple Tree
Design
L2
Diversity and manual provisioning
Complex hardware and lack of
automated operations
High complexity and human error
L3
Clos-based
design
Agility
Efficiency
Availability
Automated provisioning, integrated
process
Simplify requirements, optimized
design, and unify infrastructure
Resilient, automated monitoring and
remediation, low human involvement
Building the right abstractions to enable Scale and Agility
Abstract
Proprietary
Hardware
Appliance
Application
Plane
Control
Plane
Physical
Transport
Plane
Azure
FrontEnd
Management, Control, and Data planes
Management
Plane
Compose compute & storage roles and
networks
Controller
Control
Plane
Tenant
Commodity
Hardware
Tell & Program
Instead of Discover and react
Example: ACLs
Management
Switch
Control
Data
Create a tenant
Plumb tenant ACLs to switches
Apply ACLs to these flows
Users
Azure
Virtual Network
Internet
Backend
Connectivity
ExpressRoute
VPN Gateways
Azure DNS
DNS
New
Traffic Manager
www.contoso.com
Internet
LB
VM1
VM2
IP1
IP2
MicrosoftAzure
•
•
IP1
Internet
IP2
IP3
IP4
•
Internet
Reserved IP
•
•
Internet
Webrole.1.contoso.cloudapp.net
130.26.5.120
Webrole.0.contoso.cloudapp.net
130.26.10.80
Contoso App
with 2 virtual
machines
VM Instance 1
VM Instance 2
On Premises
10.0/16
Internet
Direct Internet
Connectivity
VPN &
ExpressRoute
Azure
VPN
GW
Backend
10.3/16
Mid-tier
10.2/16
Virtual Network
Frontend
10.1/16
Internet
Virtual Machine
NIC2
10.3.3.33
NIC1
10.2.2.22
Default
10.1.1.11
VIP
133.44.55.66
Internet
Backend
Subnet
Mgmt
Subnet
Virtual Network
Frontend
Subnet
Cloud Services
&
Virtual Machines
VM
Firewall
NSG
Virtual
Network
Isolation
ACLs
DDoS
Protection
Internet
On Premises 10.0/16
Internet
ExpressRoute
and VPNs
VPN
GW
Backend
10.3/16
Virtual Network
Mid-tier
10.2/16
Frontend
10.1/16
Azure Virtual Network
Internet
Cross-premises connectivity
ADC &
Load
Balancer
Internet
Microsoft Azure
Customer
On Premises
Compress/Optimize
Internet Connectivity
•
•
•
•
Consumers
Access over public IP
DNS resolution
Connect from anywhere
Secure point-to-site
connectivity
•
•
•
•
Developers
POC Efforts
Small scale deployments
Connect from anywhere
Secure site-to-site
VPN connectivity
ExpressRoute private
connectivity
• SMB, Enterprises
• Connect to Azure compute
•
•
•
•
SMB & Enterprises
Mission critical workloads
Backup/DR, media, HPC
Connect to Microsoft services
WAN
WAN
WAN
ExpressRoute provides a private,
dedicated, high-throughput network
connection to Microsoft
Customer’s
network
Partner
Edge
Customer’s
connection
Traffic to Office 365 Services
Traffic to public IP addresses in Azure
Traffic to Virtual Networks
Microsoft
Edge
Microsoft
Microsoft
Public
internet
Customer site 3
Customer site 2
Customer site
Exchange
Customer site 1
Public
internet
Atlanta
Chicago
Chicago (Gov Cloud)*
Dallas
LA
NY
Seattle
Silicon Valley
Washington DC
Washington DC (Gov Cloud)*
Amsterdam
Dublin*
London
Sao Paulo
Chennai*
Hong Kong
Mumbai*
Melbourne*
Osaka*
Singapore
Sydney
Tokyo
Internet
VPN Gateway
(Internet Edge)
Services on public IPs
ExpressRoute
Contoso virtual networks/VMs
Virtual
Network
Gateway SKU
ExpressRoute
GW
Throughput
VPN GW
ExpressRoute
Coexistence
VPN GW
Throughput
VPN GW
Max IPsec Tunnels
Cost (USD) /
Hour
Basic
500 Mbps
No
100 Mbps
10
$0.04
Standard
1000 Mbps
Yes
100 Mbps
10
$0.19
Performance
2000 Mbps
Yes
200 Mbps
30
$0.49
Q3 CY 2015
•
•
StorageAccount
•
•
•
VirtualMachine
NetworkSecurityGroup
VirtualNetwork
NetworkSecurityRule
Subnet
NetworkInterfaceCard
LoadBalancer
AvailabilitySet
PublicIPAddress
•
•
•
VMExtension
TrafficManager
VirtualNetworkGateway
•
•
•
•
User Defined Routes on subnets to direct flows to appliances
Network Security Groups to secure subnets
Network Virtual Appliances for security, routing and ADC
Secure cross-premises connectivity with ExpressRoute and
VPN Gateways
Front End – through firewalls
Middle Tier (exposed to FE and Infra)
ExpressRoute
Infrastructure (protected)
http://aka.ms/learnhybrid
http://aka.ms/hybrid-storage-ebook
http://aka.ms/azure-fundamentals-ebook
@MS_ITPro
NO PURCHASE NECESSARY. Open only to event attendees.
Winners must be present to win. Game ends May 9th, 2015.
For Official Rules, see The Cloud and Enterprise Lounge or
myignite.com/challenge
http://myignite.microsoft.com