hybrid-cloud-networking
关于
This skill configures secure hybrid cloud networking between on-premises infrastructure and cloud platforms like AWS, Azure, and GCP. Use it when connecting data centers to the cloud, building hybrid architectures, or implementing secure cross-premises connectivity. It supports key capabilities such as VPNs and dedicated connections like AWS Direct Connect for high-performance, reliable setups.
快速安装
Claude Code
推荐/plugin add https://github.com/lifangda/claude-pluginsgit clone https://github.com/lifangda/claude-plugins.git ~/.claude/skills/hybrid-cloud-networking在 Claude Code 中复制并粘贴此命令以安装该技能
技能文档
Hybrid Cloud Networking
Configure secure, high-performance connectivity between on-premises and cloud environments using VPN, Direct Connect, and ExpressRoute.
Purpose
Establish secure, reliable network connectivity between on-premises data centers and cloud providers (AWS, Azure, GCP).
When to Use
- Connect on-premises to cloud
- Extend datacenter to cloud
- Implement hybrid active-active setups
- Meet compliance requirements
- Migrate to cloud gradually
Connection Options
AWS Connectivity
1. Site-to-Site VPN
- IPSec VPN over internet
- Up to 1.25 Gbps per tunnel
- Cost-effective for moderate bandwidth
- Higher latency, internet-dependent
resource "aws_vpn_gateway" "main" {
vpc_id = aws_vpc.main.id
tags = {
Name = "main-vpn-gateway"
}
}
resource "aws_customer_gateway" "main" {
bgp_asn = 65000
ip_address = "203.0.113.1"
type = "ipsec.1"
}
resource "aws_vpn_connection" "main" {
vpn_gateway_id = aws_vpn_gateway.main.id
customer_gateway_id = aws_customer_gateway.main.id
type = "ipsec.1"
static_routes_only = false
}
2. AWS Direct Connect
- Dedicated network connection
- 1 Gbps to 100 Gbps
- Lower latency, consistent bandwidth
- More expensive, setup time required
Reference: See references/direct-connect.md
Azure Connectivity
1. Site-to-Site VPN
resource "azurerm_virtual_network_gateway" "vpn" {
name = "vpn-gateway"
location = azurerm_resource_group.main.location
resource_group_name = azurerm_resource_group.main.name
type = "Vpn"
vpn_type = "RouteBased"
sku = "VpnGw1"
ip_configuration {
name = "vnetGatewayConfig"
public_ip_address_id = azurerm_public_ip.vpn.id
private_ip_address_allocation = "Dynamic"
subnet_id = azurerm_subnet.gateway.id
}
}
2. Azure ExpressRoute
- Private connection via connectivity provider
- Up to 100 Gbps
- Low latency, high reliability
- Premium for global connectivity
GCP Connectivity
1. Cloud VPN
- IPSec VPN (Classic or HA VPN)
- HA VPN: 99.99% SLA
- Up to 3 Gbps per tunnel
2. Cloud Interconnect
- Dedicated (10 Gbps, 100 Gbps)
- Partner (50 Mbps to 50 Gbps)
- Lower latency than VPN
Hybrid Network Patterns
Pattern 1: Hub-and-Spoke
On-Premises Datacenter
↓
VPN/Direct Connect
↓
Transit Gateway (AWS) / vWAN (Azure)
↓
├─ Production VPC/VNet
├─ Staging VPC/VNet
└─ Development VPC/VNet
Pattern 2: Multi-Region Hybrid
On-Premises
├─ Direct Connect → us-east-1
└─ Direct Connect → us-west-2
↓
Cross-Region Peering
Pattern 3: Multi-Cloud Hybrid
On-Premises Datacenter
├─ Direct Connect → AWS
├─ ExpressRoute → Azure
└─ Interconnect → GCP
Routing Configuration
BGP Configuration
On-Premises Router:
- AS Number: 65000
- Advertise: 10.0.0.0/8
Cloud Router:
- AS Number: 64512 (AWS), 65515 (Azure)
- Advertise: Cloud VPC/VNet CIDRs
Route Propagation
- Enable route propagation on route tables
- Use BGP for dynamic routing
- Implement route filtering
- Monitor route advertisements
Security Best Practices
- Use private connectivity (Direct Connect/ExpressRoute)
- Implement encryption for VPN tunnels
- Use VPC endpoints to avoid internet routing
- Configure network ACLs and security groups
- Enable VPC Flow Logs for monitoring
- Implement DDoS protection
- Use PrivateLink/Private Endpoints
- Monitor connections with CloudWatch/Monitor
- Implement redundancy (dual tunnels)
- Regular security audits
High Availability
Dual VPN Tunnels
resource "aws_vpn_connection" "primary" {
vpn_gateway_id = aws_vpn_gateway.main.id
customer_gateway_id = aws_customer_gateway.primary.id
type = "ipsec.1"
}
resource "aws_vpn_connection" "secondary" {
vpn_gateway_id = aws_vpn_gateway.main.id
customer_gateway_id = aws_customer_gateway.secondary.id
type = "ipsec.1"
}
Active-Active Configuration
- Multiple connections from different locations
- BGP for automatic failover
- Equal-cost multi-path (ECMP) routing
- Monitor health of all connections
Monitoring and Troubleshooting
Key Metrics
- Tunnel status (up/down)
- Bytes in/out
- Packet loss
- Latency
- BGP session status
Troubleshooting
# AWS VPN
aws ec2 describe-vpn-connections
aws ec2 get-vpn-connection-telemetry
# Azure VPN
az network vpn-connection show
az network vpn-connection show-device-config-script
Cost Optimization
- Right-size connections based on traffic
- Use VPN for low-bandwidth workloads
- Consolidate traffic through fewer connections
- Minimize data transfer costs
- Use Direct Connect for high bandwidth
- Implement caching to reduce traffic
Reference Files
references/vpn-setup.md- VPN configuration guidereferences/direct-connect.md- Direct Connect setup
Related Skills
multi-cloud-architecture- For architecture decisionsterraform-module-library- For IaC implementation
GitHub 仓库
相关推荐技能
content-collections
元Content Collections 是一个 TypeScript 优先的构建工具,可将本地 Markdown/MDX 文件转换为类型安全的数据集合。它专为构建博客、文档站和内容密集型 Vite+React 应用而设计,提供基于 Zod 的自动模式验证。该工具涵盖从 Vite 插件配置、MDX 编译到生产环境部署的完整工作流。
creating-opencode-plugins
元该Skill为开发者创建OpenCode插件提供指导,涵盖命令、文件、LSP等25+种事件类型。它详细说明了插件结构、事件API规范及JavaScript/TypeScript实现模式,帮助开发者构建事件驱动的模块。适用于需要拦截操作、扩展功能或自定义AI助手行为的插件开发场景。
langchain
元LangChain是一个用于构建LLM应用程序的框架,支持智能体、链和RAG应用开发。它提供多模型提供商支持、500+工具集成、记忆管理和向量检索等核心功能。开发者可用它快速构建聊天机器人、问答系统和自主代理,适用于从原型验证到生产部署的全流程。
Algorithmic Art Generation
元这个Claude Skill帮助开发者使用p5.js创建算法艺术,特别适用于生成式艺术和交互式可视化项目。它支持种子随机性、流场和粒子系统等关键技术,确保艺术作品的重复性和独特性。当讨论生成艺术、算法艺术或计算美学时,该技能会自动激活,指导开发者完成从概念设计到技术实现的全过程。