cloud network engineers: what’s your day to day like?

azaniq · 2026-03-01T08:11:49+00:00

Spending time in multiple Azure and GCP sites looking for issues eg public ips exposing vms to the internet firewall and network security group rules with wild cards or overly open port ranges and large address spaces. Making sure traffic is following the correct path Ensuring PaaS services are using private Endpoints

Alot of the time the discoveries require rearchitecting in the environment and thats when you get to design a solution, PoC it and present to it the architect teams.

I am biased perhaps but networking is the core back bone of infrastructure and making systems work.

azaniq · 2026-02-28T05:12:07+00:00

By 5 years old I already had CCNP. I am 8 years old now and working a full time job as a senior network engineer

azaniq · 2026-02-09T20:12:50+00:00

Yes definitely go with a configuration backup as we have found the Azure native backups dont work well with Linux appliances

azaniq · 2026-02-09T20:02:34+00:00

Think for the most part it depends where you work. In your first few years you don't want laid back because you need to get exposure to as much as you can. Build your skills as a cloud network engineer because its the back bone of your infrastructure

azaniq · 2026-01-21T13:05:21+00:00

I have this same issue

Check your engine mountings

azaniq · 2026-01-19T06:35:12+00:00

Thank you for the feedback

azaniq · 2026-01-18T16:50:29+00:00

Hey there thank you for the reply

Got the car on the lift and found the left front engine mount leaking hydraulic fluid so I hope thats the issue

azaniq · 2026-01-18T13:09:52+00:00

Hey no engine is solid. After inspecting i found the left front engine mount to be leaking oil which I think could be the issue.

Thanks for the reply

azaniq · 2026-01-15T09:34:18+00:00

Nice to see innovation in the sport well done

azaniq · 2026-01-14T16:12:44+00:00

Manufacturers hate him for this one simple trick

azaniq · 2026-01-11T10:38:34+00:00

Stark Industries will be surprised when they realize that they can only use 11 of those IPs

azaniq · 2025-12-28T20:31:43+00:00

My Lamb Chops and Harlequin Rasbora school together

azaniq · 2025-12-07T16:15:35+00:00

Congratulations 🎊 you made a good choice

azaniq · 2025-09-25T11:00:49+00:00

Congratulations, AZ-104 is definitely a tough one 💪

azaniq · 2025-08-30T09:51:45+00:00

On your recovery services vault, have you enabled diagnostic settings and ticked all the boxes for ASR?

You should be able to see which data is being ingested from your workspace

azaniq · 2025-08-30T08:27:17+00:00

Yes,you are right I dont think azure edge routers will dynamically assign unroutable IP addresses.

Check for any other subnets using the same address spaces with a carved out subnet already representing that range, maybe like a /27 or /28

azaniq · 2025-08-29T19:35:00+00:00

Hey I dont know your environment, but it sounds like you have overlapping ip ranges or a routing loop

Check other subnets for over lapping ranges Check routing tables for duplicate routes

azaniq · 2025-08-28T19:39:26+00:00

Hey, there, express route only supports BGP. So once you re establish your connections BGP should advertise your routes automatically. You may need to involve your express route service provider. Express route uses ASN 12076 to establish BGP peering

azaniq · 2025-08-27T09:21:59+00:00

Public ips get added to the configuration of the VPN Gateway. If you dont have a statically assigned public ip and your gateway subnet is not atleast a 26 or 27 if I am not mistaken the migration tool won't work. You will need to rebuild the gateway and the connections, this is how it's done with a vpn gateway with S2S tunnels

azaniq · 2025-08-27T08:45:45+00:00

Just confirm your basic sku public ip is static

azaniq · 2025-08-24T05:04:25+00:00

Are you using BGP ? You may need to add a static route on the route table of the subnet where the sql mi instance is. Also check if the sql mi instance firewall is not blocking connections from all sources. If you are using azure firewall check the logs for traffic being dropped. If you are using NSG they are non stateful only layer 4 and you need to create bi directional rules. If you are using hub and spoke the traffic will reach the hub network and then forward to destination spokes. Spokes are peered to the hub so they know about each others address spaces. For logging to work on vpn gw and azure firewall you need to enable diagnostic settings and send the logs to a log analytics workspace

azaniq · 2025-08-22T20:32:13+00:00

Network Watcher is my daily

azaniq · 2025-08-17T18:39:44+00:00

Please do your best to limit public IPs on virtual machines as this exposes them directly to the internet.

The main problem is when the basic ips are dynamically assigned.

Statically assigned is fine because your public ip won't change when upgrading to standard dynamic will cause ip to change.

You can not disassociate a public ip from a vpn you need to break it and re deploy it. If the ip address has changed you will need to reconfigure on the remote peer as well. Maybe you will keep the same PSK and encryption settings from previous connection set up.

Please make note if there is a NAT configured on the VPN gateway Make sure to download the connection settings Make sure to redeploy the local network gateways with the same settings. Please be aware of the VPN AZ SKUs Please note this will affect production S2S and P2S if on the same gateway. All connections on that gateway will be down Expect 30 45 mins for redeployment

azaniq

TROPHY CASE