Adding Azure/AWS region IPs to Network Traffic Rules
I got some days ago a question from a partner if we can limit the outgoing traffic from several locations to Amazon S3. In VBR there is a single “any to Internet” rule where you can limit the traffic, but you cannot limit this to different IP subnets. The customer has a very big range of possible line speeds and thats why the need to specify different rules based on subnet.
I figured out that Amazon as well as Microsoft provides APIs to request the IP subnets of their datacenter regions.
I created two scripts called “Add-AwsTrafficRules.ps1” and “Add-AzureTrafficRules.ps1”, which can be run with this parameters:
-Name test -SourceIPSubnet 192.168.33.0/24 -AwsRegion eu-central-1 -ThrottlingValue 5 -ThrottlingUnit MbitPerSec #or -Name test -SourceIPSubnet 192.168.33.0/24 -AzureRegion europewest -ThrottlingValue 5 -ThrottlingUnit MbitPerSec
Already existing Rules (based on Name) will be skipped and this is the result.
Have fun with this little helper. You can find them hier:
https://github.com/marcohorstmann/powershell/blob/master/BR-CloudTrafficRules/
Hi Marco
Nice script, but we have an error while running it: Region not found
The ‘Region’ for the Azure Blobl is set to ‘Azure Global’
How can we get this to work?
Best regards
Freddy
Hi Freddy,
the region is the Azure region: http://www.dotnetmirror.com/articles/microsoft-azure/214/list-azure-physical-locations-display-names-and-regional-names-in-the-current-subscription
E.g. maybe switzerlandnorth for your Swiss datacenter?
Kind regards
Marco
Hi Marco
Thanks for the fast replay. ‘Azure Global’ is set at the config of the Veeam-Repo. If I create a new one, I can only select Global, Germany, China and Government.
Unfortunately I cant login on shell.azure.com. I’m just ‘the Backup-Guy’ and dont have access. Our customer got this BlobStorage from the headoffice, if I ask them to execute this command, I have to wait several weeks…