NEW AZURE REFERENCE ARCHITECTURE: Deploy highly available network virtual appliances – PIP-UDR NVAs without SNAT


How's that for a detailed title? Regardless, we have a new Reference Architecture (on the Azure Architecture Center) to announce from AzureCAT Keith Mayer. It was edited by Nanette Ray and Mike Wasson.

This architecture uses two Azure virtual machines to host the NVA firewall in an active-passive configuration that supports automated failover, but it does not require Source Network Address Translation (SNAT). 

The complete solution is available on GitHub:

The GitHub repo offers a JSON template, a PowerShell script, the prerequisites, and full deployment instructions.

This new architecture is one of five related architectures available in that Docs Reference Architecture article. Select the best architecture, based on your needs for resources and configurations:

Solution Benefits Considerations
Ingress with layer 7 NVAs All NVA nodes are active Requires an NVA that can terminate connections and use SNAT
Requires a separate set of NVAs for traffic coming from the Internet and from Azure
Can only be used for traffic originating outside Azure
Egress with layer 7 NVAs All NVA nodes are active Requires an NVA that can terminate connections and implements source network address translation (SNAT)
Ingress-Egress with layer 7 NVAs All nodes are active
Able to handle traffic originated in Azure
Requires an NVA that can terminate connections and use SNAT
Requires a separate set of NVAs for traffic coming from the Internet and from Azure
PIP-UDR switch Single set of NVAs for all traffic
Can handle all traffic (no limit on port rules)
Active-passive
Requires a failover process
PIP-UDR without SNAT Single set of NVAs for all traffic
Can handle all traffic (no limit on port rules)
Does not require configuring SNAT for inbound requests
Active-passive
Requires a failover process
Probing and failover logic run outside the virtual network

 

You can find a library of 20+ Reference Architectures on the Azure Architecture Center.

 

Learn more

 

AzureCAT Guidance

"Hands-on solutions, with our heads in the Cloud!"

 

Skip to main content