hybrid-cloud-networking

仓库: wshobson/agents
安装量: 3K
排名: #728

安装

npx skills add https://github.com/wshobson/agents --skill hybrid-cloud-networking

Hybrid Cloud Networking

Configure secure, high-performance connectivity between on-premises and cloud environments using VPN, Direct Connect, and ExpressRoute.

Purpose

Establish secure, reliable network connectivity between on-premises data centers and cloud providers (AWS, Azure, GCP).

When to Use Connect on-premises to cloud Extend datacenter to cloud Implement hybrid active-active setups Meet compliance requirements Migrate to cloud gradually Connection Options AWS Connectivity 1. Site-to-Site VPN IPSec VPN over internet Up to 1.25 Gbps per tunnel Cost-effective for moderate bandwidth Higher latency, internet-dependent resource "aws_vpn_gateway" "main" { vpc_id = aws_vpc.main.id tags = { Name = "main-vpn-gateway" } }

resource "aws_customer_gateway" "main" { bgp_asn = 65000 ip_address = "203.0.113.1" type = "ipsec.1" }

resource "aws_vpn_connection" "main" { vpn_gateway_id = aws_vpn_gateway.main.id customer_gateway_id = aws_customer_gateway.main.id type = "ipsec.1" static_routes_only = false }

  1. AWS Direct Connect Dedicated network connection 1 Gbps to 100 Gbps Lower latency, consistent bandwidth More expensive, setup time required

Reference: See references/direct-connect.md

Azure Connectivity 1. Site-to-Site VPN resource "azurerm_virtual_network_gateway" "vpn" { name = "vpn-gateway" location = azurerm_resource_group.main.location resource_group_name = azurerm_resource_group.main.name

type = "Vpn" vpn_type = "RouteBased" sku = "VpnGw1"

ip_configuration { name = "vnetGatewayConfig" public_ip_address_id = azurerm_public_ip.vpn.id private_ip_address_allocation = "Dynamic" subnet_id = azurerm_subnet.gateway.id } }

  1. Azure ExpressRoute Private connection via connectivity provider Up to 100 Gbps Low latency, high reliability Premium for global connectivity GCP Connectivity
  2. Cloud VPN IPSec VPN (Classic or HA VPN) HA VPN: 99.99% SLA Up to 3 Gbps per tunnel
  3. Cloud Interconnect Dedicated (10 Gbps, 100 Gbps) Partner (50 Mbps to 50 Gbps) Lower latency than VPN Hybrid Network Patterns Pattern 1: Hub-and-Spoke On-Premises Datacenter ↓ VPN/Direct Connect ↓ Transit Gateway (AWS) / vWAN (Azure) ↓ ├─ Production VPC/VNet ├─ Staging VPC/VNet └─ Development VPC/VNet

Pattern 2: Multi-Region Hybrid On-Premises ├─ Direct Connect → us-east-1 └─ Direct Connect → us-west-2 ↓ Cross-Region Peering

Pattern 3: Multi-Cloud Hybrid On-Premises Datacenter ├─ Direct Connect → AWS ├─ ExpressRoute → Azure └─ Interconnect → GCP

Routing Configuration BGP Configuration On-Premises Router: - AS Number: 65000 - Advertise: 10.0.0.0/8

Cloud Router: - AS Number: 64512 (AWS), 65515 (Azure) - Advertise: Cloud VPC/VNet CIDRs

Route Propagation Enable route propagation on route tables Use BGP for dynamic routing Implement route filtering Monitor route advertisements Security Best Practices Use private connectivity (Direct Connect/ExpressRoute) Implement encryption for VPN tunnels Use VPC endpoints to avoid internet routing Configure network ACLs and security groups Enable VPC Flow Logs for monitoring Implement DDoS protection Use PrivateLink/Private Endpoints Monitor connections with CloudWatch/Monitor Implement redundancy (dual tunnels) Regular security audits High Availability Dual VPN Tunnels resource "aws_vpn_connection" "primary" { vpn_gateway_id = aws_vpn_gateway.main.id customer_gateway_id = aws_customer_gateway.primary.id type = "ipsec.1" }

resource "aws_vpn_connection" "secondary" { vpn_gateway_id = aws_vpn_gateway.main.id customer_gateway_id = aws_customer_gateway.secondary.id type = "ipsec.1" }

Active-Active Configuration Multiple connections from different locations BGP for automatic failover Equal-cost multi-path (ECMP) routing Monitor health of all connections Monitoring and Troubleshooting Key Metrics Tunnel status (up/down) Bytes in/out Packet loss Latency BGP session status Troubleshooting

AWS VPN

aws ec2 describe-vpn-connections aws ec2 get-vpn-connection-telemetry

Azure VPN

az network vpn-connection show az network vpn-connection show-device-config-script

Cost Optimization Right-size connections based on traffic Use VPN for low-bandwidth workloads Consolidate traffic through fewer connections Minimize data transfer costs Use Direct Connect for high bandwidth Implement caching to reduce traffic Reference Files references/vpn-setup.md - VPN configuration guide references/direct-connect.md - Direct Connect setup Related Skills multi-cloud-architecture - For architecture decisions terraform-module-library - For IaC implementation

返回排行榜