NEW AZURE REFERENCE ARCHITECTURE: Deploy highly available network virtual appliances - PIP-UDR NVAs without SNAT

How's that for a detailed title? Regardless, we have a new Reference Architecture (on the Azure Architecture Center) to announce from AzureCAT Keith Mayer. It was edited by Nanette Ray and Mike Wasson.

• PIP-UDR NVAs without SNAT

This architecture uses two Azure virtual machines to host the NVA firewall in an active-passive configuration that supports automated failover, but it does not require Source Network Address Translation (SNAT). 

The complete solution is available on GitHub:

• ha-nva-fo

The GitHub repo offers a JSON template, a PowerShell script, the prerequisites, and full deployment instructions.

This new architecture is one of five related architectures available in that Docs Reference Architecture article. Select the best architecture, based on your needs for resources and configurations:

Solution	Benefits	Considerations
Ingress with layer 7 NVAs	All NVA nodes are active	Requires an NVA that can terminate connections and use SNATRequires a separate set of NVAs for traffic coming from the Internet and from AzureCan only be used for traffic originating outside Azure
Egress with layer 7 NVAs	All NVA nodes are active	Requires an NVA that can terminate connections and implements source network address translation (SNAT)
Ingress-Egress with layer 7 NVAs	All nodes are activeAble to handle traffic originated in Azure	Requires an NVA that can terminate connections and use SNATRequires a separate set of NVAs for traffic coming from the Internet and from Azure
PIP-UDR switch	Single set of NVAs for all trafficCan handle all traffic (no limit on port rules)	Active-passiveRequires a failover process
PIP-UDR without SNAT	Single set of NVAs for all trafficCan handle all traffic (no limit on port rules)Does not require configuring SNAT for inbound requests	Active-passiveRequires a failover processProbing and failover logic run outside the virtual network

 

You can find a library of 20+ Reference Architectures on the Azure Architecture Center.

 

Learn more

• Virtual network traffic routing: Custom routes
• Tutorial: Route network traffic with a route table using the Azure portal
• Azure Functions documentation
• Azure Virtual Network Appliances

 

AzureCAT Guidance

"Hands-on solutions, with our heads in the Cloud!"