[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"skill-446c440e-580d-4f7e-8cd8-3f0797f70b3c":3,"$fAYTOXwQT1vFVFOFJqCmGoRBLR77hquhRCkiv712lMO4":42},{"id":4,"title":5,"description":6,"categoryId":7,"moduleId":8,"tags":9,"prompt":10,"icon":11,"source":12,"sourceUrl":13,"authorId":14,"authorName":15,"isPublic":16,"stars":17,"runs":18,"createdAt":19,"updatedAt":19,"module":20,"category":27,"packages":33},"446c440e-580d-4f7e-8cd8-3f0797f70b3c","hybrid-cloud-networking","使用VPN、Direct Connect和ExpressRoute配置本地和云环境之间的安全、高性能连接。","cat_coding_backend","mod_coding","sickn33,coding","---\nname: hybrid-cloud-networking\ndescription: \"Configure secure, high-performance connectivity between on-premises and cloud environments using VPN, Direct Connect, and ExpressRoute.\"\nrisk: safe\nsource: community\ndate_added: \"2026-02-27\"\n---\n\n# Hybrid Cloud Networking\n\nConfigure secure, high-performance connectivity between on-premises and cloud environments using VPN, Direct Connect, and ExpressRoute.\n\n## Do not use this skill when\n\n- The task is unrelated to hybrid cloud networking\n- You need a different domain or tool outside this scope\n\n## Instructions\n\n- Clarify goals, constraints, and required inputs.\n- Apply relevant best practices and validate outcomes.\n- Provide actionable steps and verification.\n- If detailed examples are required, open `resources\u002Fimplementation-playbook.md`.\n\n## Purpose\n\nEstablish secure, reliable network connectivity between on-premises data centers and cloud providers (AWS, Azure, GCP).\n\n## Use this skill when\n\n- Connect on-premises to cloud\n- Extend datacenter to cloud\n- Implement hybrid active-active setups\n- Meet compliance requirements\n- Migrate to cloud gradually\n\n## Connection Options\n\n### AWS Connectivity\n\n#### 1. Site-to-Site VPN\n- IPSec VPN over internet\n- Up to 1.25 Gbps per tunnel\n- Cost-effective for moderate bandwidth\n- Higher latency, internet-dependent\n\n```hcl\nresource \"aws_vpn_gateway\" \"main\" {\n vpc_id = aws_vpc.main.id\n tags = {\n Name = \"main-vpn-gateway\"\n }\n}\n\nresource \"aws_customer_gateway\" \"main\" {\n bgp_asn = 65000\n ip_address = \"203.0.113.1\"\n type = \"ipsec.1\"\n}\n\nresource \"aws_vpn_connection\" \"main\" {\n vpn_gateway_id = aws_vpn_gateway.main.id\n customer_gateway_id = aws_customer_gateway.main.id\n type = \"ipsec.1\"\n static_routes_only = false\n}\n```\n\n#### 2. AWS Direct Connect\n- Dedicated network connection\n- 1 Gbps to 100 Gbps\n- Lower latency, consistent bandwidth\n- More expensive, setup time required\n\n**Reference:** See `references\u002Fdirect-connect.md`\n\n### Azure Connectivity\n\n#### 1. Site-to-Site VPN\n```hcl\nresource \"azurerm_virtual_network_gateway\" \"vpn\" {\n name = \"vpn-gateway\"\n location = azurerm_resource_group.main.location\n resource_group_name = azurerm_resource_group.main.name\n\n type = \"Vpn\"\n vpn_type = \"RouteBased\"\n sku = \"VpnGw1\"\n\n ip_configuration {\n name = \"vnetGatewayConfig\"\n public_ip_address_id = azurerm_public_ip.vpn.id\n private_ip_address_allocation = \"Dynamic\"\n subnet_id = azurerm_subnet.gateway.id\n }\n}\n```\n\n#### 2. Azure ExpressRoute\n- Private connection via connectivity provider\n- Up to 100 Gbps\n- Low latency, high reliability\n- Premium for global connectivity\n\n### GCP Connectivity\n\n#### 1. Cloud VPN\n- IPSec VPN (Classic or HA VPN)\n- HA VPN: 99.99% SLA\n- Up to 3 Gbps per tunnel\n\n#### 2. Cloud Interconnect\n- Dedicated (10 Gbps, 100 Gbps)\n- Partner (50 Mbps to 50 Gbps)\n- Lower latency than VPN\n\n## Hybrid Network Patterns\n\n### Pattern 1: Hub-and-Spoke\n```\nOn-Premises Datacenter\n ↓\n VPN\u002FDirect Connect\n ↓\n Transit Gateway (AWS) \u002F vWAN (Azure)\n ↓\n ├─ Production VPC\u002FVNet\n ├─ Staging VPC\u002FVNet\n └─ Development VPC\u002FVNet\n```\n\n### Pattern 2: Multi-Region Hybrid\n```\nOn-Premises\n ├─ Direct Connect → us-east-1\n └─ Direct Connect → us-west-2\n ↓\n Cross-Region Peering\n```\n\n### Pattern 3: Multi-Cloud Hybrid\n```\nOn-Premises Datacenter\n ├─ Direct Connect → AWS\n ├─ ExpressRoute → Azure\n └─ Interconnect → GCP\n```\n\n## Routing Configuration\n\n### BGP Configuration\n```\nOn-Premises Router:\n- AS Number: 65000\n- Advertise: 10.0.0.0\u002F8\n\nCloud Router:\n- AS Number: 64512 (AWS), 65515 (Azure)\n- Advertise: Cloud VPC\u002FVNet CIDRs\n```\n\n### Route Propagation\n- Enable route propagation on route tables\n- Use BGP for dynamic routing\n- Implement route filtering\n- Monitor route advertisements\n\n## Security Best Practices\n\n1. **Use private connectivity** (Direct Connect\u002FExpressRoute)\n2. **Implement encryption** for VPN tunnels\n3. **Use VPC endpoints** to avoid internet routing\n4. **Configure network ACLs** and security groups\n5. **Enable VPC Flow Logs** for monitoring\n6. **Implement DDoS protection**\n7. **Use PrivateLink\u002FPrivate Endpoints**\n8. **Monitor connections** with CloudWatch\u002FMonitor\n9. **Implement redundancy** (dual tunnels)\n10. **Regular security audits**\n\n## High Availability\n\n### Dual VPN Tunnels\n```hcl\nresource \"aws_vpn_connection\" \"primary\" {\n vpn_gateway_id = aws_vpn_gateway.main.id\n customer_gateway_id = aws_customer_gateway.primary.id\n type = \"ipsec.1\"\n}\n\nresource \"aws_vpn_connection\" \"secondary\" {\n vpn_gateway_id = aws_vpn_gateway.main.id\n customer_gateway_id = aws_customer_gateway.secondary.id\n type = \"ipsec.1\"\n}\n```\n\n### Active-Active Configuration\n- Multiple connections from different locations\n- BGP for automatic failover\n- Equal-cost multi-path (ECMP) routing\n- Monitor health of all connections\n\n## Monitoring and Troubleshooting\n\n### Key Metrics\n- Tunnel status (up\u002Fdown)\n- Bytes in\u002Fout\n- Packet loss\n- Latency\n- BGP session status\n\n### Troubleshooting\n```bash\n# AWS VPN\naws ec2 describe-vpn-connections\naws ec2 get-vpn-connection-telemetry\n\n# Azure VPN\naz network vpn-connection show\naz network vpn-connection show-device-config-script\n```\n\n## Cost Optimization\n\n1. **Right-size connections** based on traffic\n2. **Use VPN for low-bandwidth** workloads\n3. **Consolidate traffic** through fewer connections\n4. **Minimize data transfer** costs\n5. **Use Direct Connect** for high bandwidth\n6. **Implement caching** to reduce traffic\n\n## Reference Files\n\n- `references\u002Fvpn-setup.md` - VPN configuration guide\n- `references\u002Fdirect-connect.md` - Direct Connect setup\n\n## Related Skills\n\n- `multi-cloud-architecture` - For architecture decisions\n- `terraform-module-library` - For IaC implementation\n\n## Limitations\n- Use this skill only when the task clearly matches the scope described above.\n- Do not treat the output as a substitute for environment-specific validation, testing, or expert review.\n- Stop and ask for clarification if required inputs, permissions, safety boundaries, or success criteria are missing.\n","","imported","https:\u002F\u002Fgithub.com\u002Fsickn33\u002Fantigravity-awesome-skills","user_system_seed","SkillOPIC",true,58,1896,"2026-05-16 13:23:10",{"id":8,"name":21,"slug":22,"icon":23,"description":24,"sort":25,"createdAt":26},"编程开发","coding","mdi-code-braces","代码生成、调试、审查,提升开发效率",2,"2026-05-16 12:53:40",{"id":7,"name":28,"slug":29,"icon":30,"description":31,"moduleId":8,"sort":25,"skillCount":32,"createdAt":26},"后端开发","backend","mdi-server","API、数据库、服务端架构",296,[34],{"id":35,"skillId":4,"version":36,"fileName":37,"fileSize":38,"filePath":39,"fileHash":40,"manifest":41,"createdAt":19},"289f0d51-23f1-4908-a190-cdda1edb8703","1.0.0","hybrid-cloud-networking.zip",2606,"uploads\u002Fskills\u002F446c440e-580d-4f7e-8cd8-3f0797f70b3c\u002Fhybrid-cloud-networking.zip","3554e36aa9b0979b5d431fa34105ad17501a767a1d8c978162b0451095e7dbf5","[{\"path\":\"SKILL.md\",\"isDirectory\":false,\"size\":6258}]",{"code":43,"message":44,"data":45},200,"success",{"items":46,"stats":47,"page":50},[],{"averageRating":48,"totalRatings":48,"ratingCounts":49},0,[48,48,48,48,48],{"limit":51,"offset":48,"hasMore":52,"nextOffset":51,"ratedOnly":16},15,false]