英文:
Hub VNET in cloud-only environment approach
问题
我最近被告知,Hub VNET 仅在存在与本地网络的考虑时才会被使用。
我感到非常惊讶,正如许多人在讨论中也感到惊讶。
我之前的印象是,如果我有一个仅限于 AZURE 云的环境,我仍然可以采用 Hub Spoke 方法。这是不是不正确的?如果需要进行对等连接或跨 VNET 访问,那么什么是首选的非 Hub Spoke 方法?
我了解 VNET 对等连接和其他访问其他 VNET 中资源的方法,还有 API 和私有链接。
英文:
I was told recently that the Hub VNET is only used in case there is on-premise networking to/from considerations.
I am quite surprised as were many, at the table.
I was under the impression if I have, say, a AZURE Cloud only env. that I could still have a Hub Spoke approach. Or is this not so? What would be the preferred non-Hub Spoke approach if there is peering or inter-VNET access required?
I am aware of VNET Peering and other methods to access resources in other VNETs, API's and Private Link.
答案1
得分: 0
以下是已翻译的部分:
"The hub-spoke approach works great in some scenarios in cloud-only environments - although in most of docs or architectural patterns Microsoft shows it together with on-prem connectivity."
在云环境中,集线器-辐射方法在某些情况下运作良好,尽管在大多数文档或架构模式中,Microsoft都将其与本地连接一起展示。
"I used it frequently when we shared some resources like ACR, Log Analytics or simply to host a jump host (with Bastion) to access resources in other networks."
我经常使用它,当我们共享一些资源,如ACR、日志分析,或者仅仅是为了托管跳转主机(使用堡垒机)来访问其他网络中的资源。
"One of the most common scenarios is also the Azure Monitor Private Link Scope, where the hub-spoke topology is recommended:"
其中一个最常见的情况也是Azure监视器私有链接范围,建议使用集线器-辐射拓扑结构:
https://learn.microsoft.com/en-us/azure/azure-monitor/logs/private-link-design#hub-and-spoke-networks
英文:
The hub-spoke approach works great in some scenarios in cloud-only environments - although in most of docs or architectural patterns Microsoft shows it together with on-prem connectivity.
I used it frequently when we shared some resources like ACR, Log Analytics or simply to host a jump host (with Bastion) to access resources in other networks.
One of the most common scenarios is also the Azure Monitor Private Link Scope, where the hub-spoke topology is recommended:
https://learn.microsoft.com/en-us/azure/azure-monitor/logs/private-link-design#hub-and-spoke-networks
答案2
得分: 0
在仅使用Azure云环境的情况下,你仍然可以采用集线器-辐射(Hub-Spoke)的方法,这也是推荐的方法。
虽然你可以通过交叉对等连接不同的辐射来形成一个辐射之间交换数据的网状结构(在非集线器场景下),但随着辐射数量的增加,这将变得非常复杂。你将不得不在每个虚拟网络(VNet)中配置1:n的对等连接。
在集线器-辐射模型中,你必须通过集线器虚拟网络(Hub VNet)路由辐射与辐射之间的流量,但这里的优势在于,集线器虚拟网络成为了环境的单一入口点,你可以在这里部署其他所有VNet都可以共享和使用的资源(比如自定义DNS服务器、防火墙)。
英文:
In an Azure Cloud only environment, you can still have a Hub-Spoke approach and this is the recommended one.
While you can cross-peer different spokes to form a Mesh for spokes to exchange data (in a non-Hub scenario), this will become complicated as the number of spokes increases. You will have to configure 1:n Peering in every VNet.
With Hub-Spoke model, you have to route spoke-spoke traffic via Hub Vnet, but the advantage here is that the Hub Vnet becomes the single point entry for the environment and you can deploy resources here that would be shared and used by all other VNets (such as custom DNS server, Firewall)
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论