hybrid-cloud-networking
关于
This skill configures secure, high-performance networking between on-premises infrastructure and cloud platforms like AWS, Azure, and GCP. Use it when building hybrid architectures, connecting data centers to the cloud, or during gradual migrations. It provides capabilities for both cost-effective VPNs and high-throughput dedicated connections.
技能文档
Hybrid Cloud Networking
Configure secure, high-performance connectivity between on-premises and cloud environments using VPN, Direct Connect, and ExpressRoute.
Purpose
Establish secure, reliable network connectivity between on-premises data centers and cloud providers (AWS, Azure, GCP).
When to Use
- Connect on-premises to cloud
- Extend datacenter to cloud
- Implement hybrid active-active setups
- Meet compliance requirements
- Migrate to cloud gradually
Connection Options
AWS Connectivity
1. Site-to-Site VPN
- IPSec VPN over internet
- Up to 1.25 Gbps per tunnel
- Cost-effective for moderate bandwidth
- Higher latency, internet-dependent
resource "aws_vpn_gateway" "main" {
vpc_id = aws_vpc.main.id
tags = {
Name = "main-vpn-gateway"
}
}
resource "aws_customer_gateway" "main" {
bgp_asn = 65000
ip_address = "203.0.113.1"
type = "ipsec.1"
}
resource "aws_vpn_connection" "main" {
vpn_gateway_id = aws_vpn_gateway.main.id
customer_gateway_id = aws_customer_gateway.main.id
type = "ipsec.1"
static_routes_only = false
}
2. AWS Direct Connect
- Dedicated network connection
- 1 Gbps to 100 Gbps
- Lower latency, consistent bandwidth
- More expensive, setup time required
Reference: See references/direct-connect.md
Azure Connectivity
1. Site-to-Site VPN
resource "azurerm_virtual_network_gateway" "vpn" {
name = "vpn-gateway"
location = azurerm_resource_group.main.location
resource_group_name = azurerm_resource_group.main.name
type = "Vpn"
vpn_type = "RouteBased"
sku = "VpnGw1"
ip_configuration {
name = "vnetGatewayConfig"
public_ip_address_id = azurerm_public_ip.vpn.id
private_ip_address_allocation = "Dynamic"
subnet_id = azurerm_subnet.gateway.id
}
}
2. Azure ExpressRoute
- Private connection via connectivity provider
- Up to 100 Gbps
- Low latency, high reliability
- Premium for global connectivity
GCP Connectivity
1. Cloud VPN
- IPSec VPN (Classic or HA VPN)
- HA VPN: 99.99% SLA
- Up to 3 Gbps per tunnel
2. Cloud Interconnect
- Dedicated (10 Gbps, 100 Gbps)
- Partner (50 Mbps to 50 Gbps)
- Lower latency than VPN
Hybrid Network Patterns
Pattern 1: Hub-and-Spoke
On-Premises Datacenter
↓
VPN/Direct Connect
↓
Transit Gateway (AWS) / vWAN (Azure)
↓
├─ Production VPC/VNet
├─ Staging VPC/VNet
└─ Development VPC/VNet
Pattern 2: Multi-Region Hybrid
On-Premises
├─ Direct Connect → us-east-1
└─ Direct Connect → us-west-2
↓
Cross-Region Peering
Pattern 3: Multi-Cloud Hybrid
On-Premises Datacenter
├─ Direct Connect → AWS
├─ ExpressRoute → Azure
└─ Interconnect → GCP
Routing Configuration
BGP Configuration
On-Premises Router:
- AS Number: 65000
- Advertise: 10.0.0.0/8
Cloud Router:
- AS Number: 64512 (AWS), 65515 (Azure)
- Advertise: Cloud VPC/VNet CIDRs
Route Propagation
- Enable route propagation on route tables
- Use BGP for dynamic routing
- Implement route filtering
- Monitor route advertisements
Security Best Practices
- Use private connectivity (Direct Connect/ExpressRoute)
- Implement encryption for VPN tunnels
- Use VPC endpoints to avoid internet routing
- Configure network ACLs and security groups
- Enable VPC Flow Logs for monitoring
- Implement DDoS protection
- Use PrivateLink/Private Endpoints
- Monitor connections with CloudWatch/Monitor
- Implement redundancy (dual tunnels)
- Regular security audits
High Availability
Dual VPN Tunnels
resource "aws_vpn_connection" "primary" {
vpn_gateway_id = aws_vpn_gateway.main.id
customer_gateway_id = aws_customer_gateway.primary.id
type = "ipsec.1"
}
resource "aws_vpn_connection" "secondary" {
vpn_gateway_id = aws_vpn_gateway.main.id
customer_gateway_id = aws_customer_gateway.secondary.id
type = "ipsec.1"
}
Active-Active Configuration
- Multiple connections from different locations
- BGP for automatic failover
- Equal-cost multi-path (ECMP) routing
- Monitor health of all connections
Monitoring and Troubleshooting
Key Metrics
- Tunnel status (up/down)
- Bytes in/out
- Packet loss
- Latency
- BGP session status
Troubleshooting
# AWS VPN
aws ec2 describe-vpn-connections
aws ec2 get-vpn-connection-telemetry
# Azure VPN
az network vpn-connection show
az network vpn-connection show-device-config-script
Cost Optimization
- Right-size connections based on traffic
- Use VPN for low-bandwidth workloads
- Consolidate traffic through fewer connections
- Minimize data transfer costs
- Use Direct Connect for high bandwidth
- Implement caching to reduce traffic
Reference Files
references/vpn-setup.md- VPN configuration guidereferences/direct-connect.md- Direct Connect setup
Related Skills
multi-cloud-architecture- For architecture decisionsterraform-module-library- For IaC implementation
快速安装
/plugin add https://github.com/camoneart/claude-code/tree/main/hybrid-cloud-networking在 Claude Code 中复制并粘贴此命令以安装该技能
GitHub 仓库
相关推荐技能
langchain
元LangChain是一个用于构建LLM应用程序的框架,支持智能体、链和RAG应用开发。它提供多模型提供商支持、500+工具集成、记忆管理和向量检索等核心功能。开发者可用它快速构建聊天机器人、问答系统和自主代理,适用于从原型验证到生产部署的全流程。
project-structure
元这个Skill为开发者提供全面的项目目录结构设计指南和最佳实践。它涵盖了多种项目类型包括monorepo、前后端框架、库和扩展的标准组织结构。帮助团队创建可扩展、易维护的代码架构,特别适用于新项目设计、遗留项目迁移和团队规范制定。
issue-documentation
元该Skill为开发者提供标准化的issue文档模板和指南,适用于创建bug报告、GitHub/Linear/Jira问题等场景。它能系统化地记录问题状况、复现步骤、根本原因、解决方案和影响范围,确保团队沟通清晰高效。通过实施主流问题跟踪系统的最佳实践,帮助开发者生成结构完整的故障排除文档和事件报告。
llamaindex
元LlamaIndex是一个专门构建RAG应用的开发框架,提供300多种数据连接器用于文档摄取、索引和查询。它具备向量索引、查询引擎和智能代理等核心功能,支持构建文档问答、知识检索和聊天机器人等数据密集型应用。开发者可用它快速搭建连接私有数据与LLM的RAG管道。