Hey everyone, welcome to this video diving into a really cool load balancer solution related to NVAs. Please make sure to read the description for the chapters and key information about this video and others. ⚠️ P L E A S E N O T E ⚠️ 🔎 If you are looking for content on a particular topic search the channel. If I have something it will be there! 🕰️ I don't discuss future content so please don't ask 😇 Thanks for watching! ☁️🤙💪

I was just studying load balancers, firewalls today. Thanks John.

Thank you John. It’s really amazing at what speed you create videos for newly released Azure features. It‘s very much appreciated! And I love your trademark “super quickly” and ‘for a second”

@NTFAQGuy

2 жыл бұрын

hehe, my pleasure :-D

John, thank you for adding in the underlying GRE used for chaining as well as the VxLAN for GWLB to NVA. As you stated this knowledge may not necessarily be needed but it goes a long way for me, as the more I understand how it functions in the background the clearer it becomes as to how it really all ties together. Another great video. I have enjoyed many and appreciate your skills in presenting the technical details in such a clear and easy to understand manner.

As always John! On point. Much appreciated!!

@NTFAQGuy

2 жыл бұрын

My pleasure!

Thanks a lot.. u explained the packetflow in detail. thats wat we want.. thanks a lot John

Thank you for the deep dive - very helpful.

@NTFAQGuy

2 жыл бұрын

My pleasure!

Thank you so much for this wonderful video. It really helped me clear the doubts I had for Azure Gateway Load Balancer. I must say you were able to cover everything essential to understand the Azure GLBs in half an hour really effectively. This was my first video of yours and I've loved every bit of it.

@NTFAQGuy

2 жыл бұрын

Glad it was helpful!

Thank you for the video, this is really good stuff, and very relevant to us. The GLB definitely addresses a major pain point.

@NTFAQGuy

2 жыл бұрын

Glad you enjoyed it!

This is awesome - and thank you for sharing your Linux NVA setup

@NTFAQGuy

2 жыл бұрын

Very welcome 🤙

Good new network feature. Thank you John!

@NTFAQGuy

2 жыл бұрын

You're welcome!

Reminds me of Palo Alto firewall Virtual Wires in the physical world, except the PA firewall is the NVA performing the analysis of the traffic on the vWire. Interesting feature for the SDWAN world; thanks for the overview.

This could be very nice thing for governance too; azure policy to require chaining to be enabled on public ips and public load balancers, as opposed to just not allowing them to be created

man, a lot of things have changed since I've been doing active/active FW designs with VIPs etc... !!! This is great innovation, thanks for sharing your wealth of knowledge!

@NTFAQGuy

2 жыл бұрын

hehe, yeah, solves some big issues!

@omartin2009

2 жыл бұрын

@@NTFAQGuy huge! The vxlan business I'd have to dig back but I love the video you've done. Thanks again!

Awesome!!!!!

I was waiting for this video to be released...

@NTFAQGuy

2 жыл бұрын

Great

John, great video as always - Because this is an internal load balancer, can you confirm that this doesn't help when it comes to using those NVAs as VPN device? so if we wanted to establish a site-to-site VPN or point-to-site, then we can not take advantage of this feature?

@NTFAQGuy

2 жыл бұрын

This is not the initial connection point.

Hi John. Great video as always. Two questions: 1. How does Azure Firewall relate to this ? (I would like to chain public IP's to Azure Firewall and not use NVA's / IaaS) 2. Can I chain just "any" public Azure IP to this (more specific public IP's of tenant specific PaaS services like Azure SQL, Azure storage account, etc.) ? (If so this would be great to chain "any public IP" in once tenant to a central security device independent of the Azure service and its configuration)

@NTFAQGuy

2 жыл бұрын

Not aware az fw uses this yet and it’s early preview so interaction with other paas not really known

Great feature from Azure with Great explanation from #johnsavillstechnicaltraining Thanks you very much :) . Happy Learning

@NTFAQGuy

2 жыл бұрын

Glad it was helpful!

Great video! Will the gateway also chain with Application Gateway?

@NTFAQGuy

2 жыл бұрын

Not today to my knowledge but not tried

@Marcelk86

2 жыл бұрын

@@NTFAQGuy AFAIK it will work as the chaining is configured at the PIP level?

@NTFAQGuy

2 жыл бұрын

@@Marcelk86 it may, not tried. Sometimes there are funny combinations that break. I may try it at some point.

This is great for public traffic. How about hybrid scenarios where incoming traffic to VMs is private? Can I chain the gw lh to a private std lb or instance level private IP? Thanks for the amazing explanation

@NTFAQGuy

2 жыл бұрын

i talked about its front end can have a private ip

Is it required to have the NVA send the packets back? What if I just want a copy here, and that's it? Is there a setting that allows that? Just learning about this, and this was an AWESOME video, thanks John!

@NTFAQGuy

2 жыл бұрын

its a bump in the wire. Technically does not have to send back providing something else is splitting

@hammerinheeb

2 жыл бұрын

@@NTFAQGuy Thanks John! Still a bit confused though. So I can just have my NVA sit behind this GWLB, and ingest a copy of all packets and not send them back out? It seems there are 2 tunnels here as you explained. I want to just get a copy of every packet and not worry about routing them back to the destination via my NVA, but of course the packets would still need to go their original destination....if that is possible. Again, thanks! I see packet mirroring is one of the features of this as described by the docs in Azure, I just don't see how that works.

@NTFAQGuy

2 жыл бұрын

@@hammerinheeb it is part of the path. It is not mirroring so if it does not send back packets they are lost. Something would have to mirror before sending or most likely nva need to send the packets on as bump in the wire

How does GWLB fit into existing Virual Wan, where traffic inspection is required for all packets traversing the vhub?

@NTFAQGuy

2 жыл бұрын

Vwan has its own secured version

Are the consumers can have only private ips and chain to Gateway Load Balancer?

@NTFAQGuy

2 жыл бұрын

I don't understand your question. The GWLB is chained to a public SLB or instance IP as I cover in the video.

@felipeccardoso

2 жыл бұрын

@@NTFAQGuy Example: If I have a virtual machine without a public ip, can I direct all internet traffic to NVAs that are backends for Gateway Load Balancer? No need for UDR configured, just via Chain between the VM's network card (only private IP configured) and the Gateway Load Balancer?

@NTFAQGuy

2 жыл бұрын

It seems to let you :-)