We can't find the internet
Attempting to reconnect
Something went wrong!
Hang in there while we get back on track
Hub-spoke virtual networks in Azure - Bastiaan Wassenaar - NDC Oslo 2024
Learn how to design and implement Azure hub-spoke networks, covering Private Endpoints, DNS configuration, network security, and best practices for enterprise deployments.
-
Service Endpoints allow secure direct connections to Azure services over Microsoft’s backbone network instead of public internet, with no additional cost
-
Private Endpoints create secure private IP connections to Azure services within your VNet, but come with costs for the endpoint itself and traffic
-
Private DNS zones are crucial for name resolution when using Private Endpoints - they need to be linked to VNets where resolution is needed
-
Hub-spoke network topology requires careful planning around:
- DNS configuration and resolution
- Non-overlapping IP ranges
- Proper peering setup (one-way vs two-way)
- Cost implications of peering traffic
-
When implementing hub-spoke:
- Hub typically contains shared services and networking appliances like Azure Firewall
- Spokes need route tables to forward traffic through the hub
- Custom DNS configuration often needed when using Azure Firewall
-
Network changes involving DNS typically require VM reboots to take effect
-
Virtual Network Manager helps manage complex networking scenarios across subscriptions and regions
-
Identity and zero trust approaches should be considered alongside network security
-
Planning is critical as networking decisions impact:
- Cost
- Performance
- Scalability
- Security
- Operational complexity
-
Team coordination between security, networking and development teams is essential for successful implementation