Cloud Networking Specialist @ Microsoft
Labs, scripts, and reference implementations for Azure Networking β VPN, ExpressRoute, Virtual WAN, Private Link, NVAs, and more.
Building GitHub Copilot CLI AI agent extension packs (networking, personal finance, and Azure compute).
Microsoft Cloud Networking Azure Networking LinkedIn GitHub Gists
I focus on Azure networking β designing, testing, and documenting connectivity, routing, security, and hybrid scenarios. This profile is a curated index of hands-on labs, sample scripts, and reference implementations I maintain across multiple repositories. Most content is reproducible end-to-end so you can deploy, break, and learn from real Azure topologies.
π« Connect: LinkedIn Β· GitHub Gists
- Featured
- Tools & Extensions
- Hybrid Connectivity (VPN & ExpressRoute)
- Hub & Spoke Architecture
- Virtual WAN
- Routing, Route Server & NVAs
- Private Link & DNS
- Firewall & Network Security
- Core Networking & Edge
- GCP & Multi-Cloud
- Recommended Repos
- GitHub Statistics
- Network Desk β GitHub Copilot CLI extension pack (20 cloud-networking specialist agents) (Last updated: May 2026)
- Money Desk β GitHub Copilot CLI personal-finance extension pack (20 specialist agents) (Last updated: Jun 2026)
- Compute Desk β GitHub Copilot CLI Azure IaaS VM extension pack (20 specialist agents, collaboration) (Last updated: Jun 2026)
- OPNsense NVA Firewall in Azure (Last updated: Mar 2026)
- Deploy Linux or Windows VM as Routers (IPv4/IPv6/NAT) (Last updated: Jan 2026)
- LAB: Azure DNS Security Policy (Last updated: Mar 2026)
- LAB: Azure Virtual Network Encryption (Last updated: Feb 2026)
- Network Desk β GitHub Copilot CLI extension pack: 20 specialist AI agents for cloud networking (Azure/AWS/GCP), firewalls (14 vendors), and report generation (Last updated: May 2026)
- Money Desk β GitHub Copilot CLI personal-finance extension pack: 20 specialist AI agents (budget, tax, investing, retirement, debt, credit, insurance, estate, FIRE, and more). Zero deps, analysis-only, private by default (Last updated: Jun 2026)
- Compute Desk β GitHub Copilot CLI extension pack for Azure IaaS VMs: 20 specialist AI agents covering SKU sizing, cost, performance, DR, backup, security, migration, and report generation (collaboration) (Last updated: Jun 2026)
- Azure Site-to-Site VPN (Last updated: Jul 2024)
- Verify BGP Information on Azure VPN and ExpressRoute Gateways
- Troubleshooting IPSec by Using IKE Logs
- Site-to-Site VPN between Azure and GCP (static routing) (Last updated: Jan 2022)
- LAB: NAT on Azure VPN Gateway (Last updated: May 2025)
- LAB: Transit between ExpressRoute and Azure S2S VPN using Route Server
- LAB: Azure Firewall to Inspect Traffic between VPN and ExpressRoute
- PowerShell: Azure Virtual Network Gateway Packet Capture
Sub-items above are part of dmauser/Lab (Last updated: Nov 2024)
- Azure ExpressRoute (Last updated: Apr 2024)
Azure Hub and Spoke β labs & scripts (ExpressRoute, VPN Gateway, Azure Route Server & NVAs such as OPNsense)
- Azure Hub and Spoke β Labs and articles for Hub and Spoke network architecture on Azure, each focused on a specific connectivity or routing scenario (Last updated: Jun 2026)
- LAB: ExpressRoute Hub Transit β ExpressRoute-based transit between two hub and spoke environments (Hub1 and Hub2)
- LAB: ExpressRoute Migration β Migration scenario with on-premises (emulated in GCP) connected to Azure via ExpressRoute and Azure Route Server
- LAB: Hub with DMZ Firewall (OPNsense) β Dedicated DMZ VNET with OPNsense NVA inspecting traffic between spokes and on-premises
- LAB: Hub ER+VPN Transit with OPNsense β ExpressRoute and VPN gateways with transit, plus Azure Route Server Branch-to-Branch
- LAB: Hub and Spoke with ExpressRoute Gateway Scaling β Impact of gateway SKU and scaling settings on throughput and routing
- LAB: Hub and Spoke with On-Premises via ExpressRoute (Azure) β On-premises emulated inside Azure with a separate VNET and ExpressRoute gateway
- LAB: Hub and Spoke with On-Premises via ExpressRoute (GCP) β Cross-cloud connectivity to on-premises emulated in GCP via ExpressRoute partner interconnects
- LAB: ExpressRoute MSEE Hairpin β Tests MSEE hairpin behavior over ExpressRoute (intra-region and inter-region)
- LAB: Multi-Region ExpressRoute with Azure Route Server β Hub and spoke in two regions (East US 2 and Central US) connected via ExpressRoute with ARS
- LAB: SD-WAN with Traffic Inspection β OPNsense as SD-WAN NVA with branch traffic inspected by a next-hop firewall load balancer
- LAB: Single Region VPN + ExpressRoute Coexistence β VPN and ExpressRoute gateways coexisting in a single region with failover testing
- LAB: Vendor VNET with Azure Route Server β Third-party SD-WAN vendor VNET exchanging routes with the hub via ARS using OPNsense
- LAB: Third-Party VNET Integration with ExpressRoute β Vendor VNET integration via ExpressRoute with static and BGP-based routing
- LAB: VNET with Azure Route Server, ExpressRoute, and OPNsense β Branch VNET using OPNsense connected to the hub via ARS and ExpressRoute
- LAB: IPSec VPN over ExpressRoute (Hub and Spoke) β IPSec/IKE VPN tunnels over ExpressRoute private peering with ARS hub routing preference
Azure Virtual WAN (VWAN) β labs & scripts (Last updated: Jun 2025)
- Azure Virtual WAN (Last updated: Jun 2025)
- LAB: Validating Virtual WAN Next Hop IP Feature (Last updated: Jun 2025)
- Multiple Virtual WANs (Prod and Dev)
- vWAN VPN Gateway Packet Capture
- Sample Script: Migrate Spoke VNET from Hub/Spoke to vWAN
- Azure Virtual Network Gateway IKE Logs
- LAB: Virtual WAN β Any-to-Any
- LAB: Route Traffic Through Azure Firewall Spoke
- LAB: Route Traffic Through NVA Spoke
- LAB: Route Traffic Through NVA Spoke using BGP Peering
- LAB: Isolated VNETs using Custom Route Tables
- LAB: NVA on Spoke for Internet Breakout
- Script: Dump All vHUBs Effective Routes
- LAB: Secured Virtual Hubs and Routing Intent (Intra-Region)
- LAB: Secured Virtual Hubs Inter-region via ExpressRoute
- LAB: IPsec VPN over ExpressRoute
- LAB: IPsec VPN with NAT over ExpressRoute
- LAB: Forced Tunneling over ExpressRoute
Some sub-items above are part of dmauser/Lab (Last updated: Nov 2024)
- Azure Route Server (Last updated: Oct 2024)
- Forced Tunneling: Active-Active OPNsense Firewalls with Route Server (ExpressRoute)
- Transit between ExpressRoute and Azure S2S VPN using Route Server
- Azure Firewall to Inspect Traffic between VPN and ExpressRoute
- LAB: ER-to-ER Transit using NVAs/ARS (reverse hairpin)
- LAB: High Available NVAs with Azure Route Server
- OPNsense NVA Firewall in Azure (Last updated: Mar 2026)
- Deploy Linux or Windows VM as Routers (IPv4/IPv6/NAT) (Last updated: Jan 2026)
- Azure Gateway Load Balancer (Last updated: May 2026)
Private Link β DNS integration scenarios & known issues (Last updated: Feb 2025)
- Private Link (Last updated: Feb 2025)
- Private Endpoint DNS Integration Scenarios
- Known Issue: Customers Unable to Access Each Other's PaaS Resources after PrivateLink
- DNS Client Configuration Options for Private Endpoints
- Private Endpoint DNS Integration using Active Directory
- Private Endpoint DNS Integration over Point-to-Site VPN
- Using Private Link Service for On-premises Workloads
- Network Performance Considerations: Azure Files over Private Endpoint
- Azure DNS Private Resolver (Last updated: Jan 2026)
- LAB: Azure DNS Security Policy (Last updated: Mar 2026)
- Network Performance Considerations when Using Azure Files over Private Endpoint (Last updated: Oct 2021)
- LAB: Azure Firewall to Inspect Traffic between VPN and ExpressRoute
- LAB: Virtual WAN β Route Traffic Through Azure Firewall Spoke
- LAB: Secured Virtual Hubs and Routing Intent (Intra-Region)
- LAB: Secured Virtual Hubs Inter-region via ExpressRoute
- LAB: Azure Virtual Network Encryption (Last updated: Feb 2026)
- LAB: Azure Front Door and Private Link Service (Last updated: Sep 2025)
- LAB: AVS (ER) to On-prem (ER) Transit using Secured vHub + Routing Intent (Last updated: Jun 2025)
- Running DHCP Server on Azure VM (Last updated: May 2024)
- GCP Base Networking Lab (Last updated: Sep 2022)
- LAB: GCP Site-to-Site VPN with Azure (Last updated: Jan 2022)
Community repositories with great Azure Networking content: