AgentSkillsCN

azure-networking

涵盖虚拟网络、专用终结点、负载均衡器、应用网关、Front Door 以及 DNS 等 Azure 网络服务。涉及中心辐射型拓扑、专用终结点模式,以及网络安全层级。 适用场景:虚拟网络搭建、专用终结点配置、中心辐射型拓扑、VNet 对等互联、网络安全组、Azure 防火墙规则、负载均衡器搭建、应用网关配置、Azure Front Door、专用链接搭建、DNS 配置、网络隔离。 切勿用于:计算资源配置(使用 Azure Create App)、Azure Functions 网络配置(使用 Azure Functions)、PostgreSQL/Cosmos 内部的数据库网络配置(使用相应技能)、成本分析(使用 Azure Cost Optimization)、资源部署(使用 Azure Deploy)。

SKILL.md
--- frontmatter
name: azure-networking
description: |
  Azure Networking Services including Virtual Networks, Private Endpoints, Load Balancers, Application Gateway, Front Door, and DNS. Covers hub-spoke topology, private endpoint patterns, and network security layers.
  USE FOR: virtual network setup, private endpoint configuration, hub-spoke topology, VNet peering, network security groups, Azure firewall rules, load balancer setup, Application Gateway configuration, Azure Front Door, private link setup, DNS configuration, network isolation
  DO NOT USE FOR: compute resource configuration (use azure-create-app), Azure Functions networking (use azure-functions), database networking within postgres/cosmos (use respective skills), cost analysis (use azure-cost-optimization), resource deployment (use azure-deploy)

Azure Networking Services

Services

ServiceUse WhenMCP ToolsCLI
Virtual NetworkPrivate networking, subnets-az network vnet
Private EndpointsPrivate PaaS access-az network private-endpoint
Load BalancerLayer 4 load balancing-az network lb
Application GatewayLayer 7 load balancing, WAF-az network application-gateway
Front DoorGlobal load balancing, CDN-az afd
DNSDomain name resolution-az network dns

Common Patterns

Hub-Spoke Topology

code
Hub VNet
├── Azure Firewall
├── VPN/ExpressRoute Gateway
├── Bastion Host
└── Central services

Spoke VNets (peered to hub)
├── Application Spoke
├── Data Spoke
└── Management Spoke

Private Endpoint Pattern

Connect to PaaS services privately:

  1. Create private endpoint in your VNet
  2. Disable public access on PaaS resource
  3. Configure private DNS zone
  4. Access service via private IP

CLI Reference

bash
# Virtual Networks
az network vnet list --output table
az network vnet create -g RG -n VNET --address-prefix 10.0.0.0/16

# Subnets
az network vnet subnet list --vnet-name VNET -g RG --output table

# Private Endpoints
az network private-endpoint list --output table

# NSGs
az network nsg list --output table
az network nsg rule list --nsg-name NSG -g RG --output table

# Load Balancers
az network lb list --output table

Security Layers

LayerServicePurpose
4NSGIP/port filtering
7Azure FirewallApplication rules, threat intel
7WAFWeb application protection
EdgeDDoS ProtectionAttack mitigation

Service Details

For deep documentation on specific services: