AgentSkillsCN

azure-networking

Azure 网络服务,包括虚拟网络、专用终结点、负载均衡器、应用网关、Front Door 以及 DNS。涵盖中心辐射型拓扑、专用终结点模式,以及网络安全层级。

SKILL.md
--- frontmatter
name: azure-networking
description: Azure Networking Services including Virtual Networks, Private Endpoints, Load Balancers, Application Gateway, Front Door, and DNS. Covers hub-spoke topology, private endpoint patterns, and network security layers.

Azure Networking Services

Services

ServiceUse WhenMCP ToolsCLI
Virtual NetworkPrivate networking, subnets-az network vnet
Private EndpointsPrivate PaaS access-az network private-endpoint
Load BalancerLayer 4 load balancing-az network lb
Application GatewayLayer 7 load balancing, WAF-az network application-gateway
Front DoorGlobal load balancing, CDN-az afd
DNSDomain name resolution-az network dns

Common Patterns

Hub-Spoke Topology

code
Hub VNet
├── Azure Firewall
├── VPN/ExpressRoute Gateway
├── Bastion Host
└── Central services

Spoke VNets (peered to hub)
├── Application Spoke
├── Data Spoke
└── Management Spoke

Private Endpoint Pattern

Connect to PaaS services privately:

  1. Create private endpoint in your VNet
  2. Disable public access on PaaS resource
  3. Configure private DNS zone
  4. Access service via private IP

CLI Reference

bash
# Virtual Networks
az network vnet list --output table
az network vnet create -g RG -n VNET --address-prefix 10.0.0.0/16

# Subnets
az network vnet subnet list --vnet-name VNET -g RG --output table

# Private Endpoints
az network private-endpoint list --output table

# NSGs
az network nsg list --output table
az network nsg rule list --nsg-name NSG -g RG --output table

# Load Balancers
az network lb list --output table

Security Layers

LayerServicePurpose
4NSGIP/port filtering
7Azure FirewallApplication rules, threat intel
7WAFWeb application protection
EdgeDDoS ProtectionAttack mitigation

Service Details

For deep documentation on specific services: