Microsoft Azure peering service integration into Cisco ACI

BertrandAbegaKpama64056 · ‎04-30-2024

We would like to integrate Microsoft azure peering service.

 We would like our Pod5 and Pod6 to be able to communicate with the Microsoft azure peering service.

The two Pods are interconnected with each other through the IPN network. We have inter-Pod Network.

Our idea is to place a FW checkpoint in pod5 and another in pod6 so that traffic from here to MAPS and from MAPS to passes through the FW.
 
Is that possible ?
How can we do it ?

Thank you very

AshSe · ‎11-14-2024

Hello @BertrandAbegaKpama64056

Integrating Microsoft Azure Peering Service (MAPS) with your infrastructure, specifically with Pod5 and Pod6, and ensuring that traffic passes through firewalls (FW) in each pod, is indeed possible. Here’s a step-by-step guide on how you can achieve this:

Step 1: Understand Azure Peering Service

Azure Peering Service provides reliable and high-performance public internet connectivity to Microsoft services. It involves setting up a direct connection between your on-premises network and Microsoft’s network.

Step 2: Network Design

You have two pods (Pod5 and Pod6) interconnected through an inter-Pod Network (IPN). You want to place a firewall in each pod to manage traffic to and from MAPS.

Step 3: Prerequisites

Azure Subscription: Ensure you have an active Azure subscription.
Public IP Addresses: Obtain public IP addresses for your firewalls.
Firewall Appliances: Ensure you have Check Point firewalls deployed in Pod5 and Pod6.
BGP Configuration: Prepare for BGP (Border Gateway Protocol) configuration as it is used for routing in MAPS.

Step 4: Configure Azure Peering Service

Create a Peering Service:

Go to the Azure portal.
Navigate to "Create a resource" and search for "Peering Service".
Follow the wizard to create a new Peering Service, specifying the required details such as the service provider, peering location, and your public IP prefixes.

Register Your Prefixes:

Register the public IP prefixes that will be used for the peering service. These prefixes should be the ones assigned to your firewalls.

Step 5: Configure Firewalls

Deploy Check Point Firewalls:

Ensure that Check Point firewalls are properly deployed in Pod5 and Pod6.
Configure the firewalls with the public IP addresses registered in the Azure Peering Service.

Set Up Routing:

Configure BGP on your firewalls to establish a connection with Azure’s routers.
Ensure that the firewalls are set to route traffic to and from the MAPS through the IPN network.

Firewall Rules:

Define firewall rules to allow traffic between your on-premises network and Azure services.
Ensure that the rules are set to inspect and allow traffic to and from the MAPS.

Step 6: Validate Connectivity

Test Connectivity:

Verify that the BGP sessions are established between your firewalls and Azure.
Test the connectivity from Pod5 and Pod6 to Azure services through the MAPS.

Monitor Traffic:

Use monitoring tools to ensure that traffic is flowing as expected and passing through the firewalls.
Check for any anomalies or issues in the traffic flow.

Step 7: Optimize and Secure

Optimize Routing:

Fine-tune your BGP settings and routing policies to ensure optimal path selection and performance.

Enhance Security:

Implement additional security measures such as intrusion detection/prevention systems (IDS/IPS) on your firewalls.
Regularly update firewall rules and policies to adapt to new threats.

HTH

AshSe

Please rate this post if it was helpful; your feedback is appreciated!