The Doppler Quarterly Winter 2019 - Page 38

inability to choose and select a subset of Public IPs against which networking teams need firewall rules, and instead, having to resort to FQDN-based traffic rules. Now, Public IP prefixes provide a contiguous range of IP addresses for Azure public endpoints that enable you to associate Azure resources with public IP addresses from a known fixed range. This simplifies firewall rules, as IP addresses are assigned to new resources. 6. VNet for Containers simplifies a key requirement for container-based workloads — namely, the need for a mature CNI-based (container networking interface) overlay to administer and manage communications across pods and to access additional services provided by the cloud provider. Azure VNet for Containers extends the existing software-defined networking stack to Kubernetes, removing the need for third-party networking overlays, such as calico. Existing virtual network Azure Firewall Containers NSG Pod Pod Pod Pod Internet Service Endpoints SQL On-Premises Azure Services Figure 10: Azure Virtual Network Capabilities to Pods 36 | THE DOPPLER | WINTER 2019