المهارات hybrid-cloud-networking
🌐

hybrid-cloud-networking

آمن ⚙️ الأوامر الخارجية🌐 الوصول إلى الشبكة

Connect On-Premises to Cloud with VPN and Direct Connect

متاح أيضًا من: wshobson

Design and implement secure hybrid cloud networks connecting your datacenter to AWS, Azure, and GCP. This skill provides proven architecture patterns, Infrastructure as Code templates, and best practices for production-ready connectivity.

يدعم: Claude Codex Code(CC)
🥉 75 برونزي
1

تنزيل ZIP المهارة

2

رفع في Claude

اذهب إلى Settings → Capabilities → Skills → Upload skill

3

فعّل وابدأ الاستخدام

اختبرها

استخدام "hybrid-cloud-networking". Generate Terraform configuration for AWS Site-to-Site VPN

النتيجة المتوقعة:

I'll create a Terraform configuration for an AWS Site-to-Site VPN connection. This will include a Virtual Private Gateway, Customer Gateway, and VPN Connection resource.

The configuration will include:
- VPN Gateway attached to your VPC
- Customer Gateway with your on-premises IP and BGP ASN
- VPN Connection with IPSec tunnels
- Route propagation setup

After applying, you'll need to configure your on-premises router with the VPN device configuration from AWS.

استخدام "hybrid-cloud-networking". Explain BGP route propagation for hybrid networks

النتيجة المتوقعة:

BGP route propagation enables dynamic routing between your on-premises network and cloud VPC/VNet. Here's how it works:

1. **BGP Peering**: Your on-premises router (ASN 65000) establishes BGP sessions with cloud routers (AWS: 64512, Azure: 65515)

2. **Route Advertisement**: Both sides advertise their CIDR blocks - you advertise 10.0.0.0/8, cloud advertises VPC ranges like 172.31.0.0/16

3. **Automatic Updates**: When new subnets are added, routes propagate automatically without manual route table updates

4. **Failover**: If primary tunnel fails, BGP reroutes traffic through secondary tunnel automatically

I recommend implementing BGP for production hybrid networks over static routing for better resilience.

التدقيق الأمني

آمن
v1 • 2/25/2026

Static analysis detected 54 patterns including shell command references (backticks) and network reconnaissance terms. All findings are FALSE POSITIVES: backticks appear in Terraform HCL code blocks as documentation examples, not executable Ruby code. Network reconnaissance terms refer to legitimate cloud infrastructure monitoring commands (aws ec2 describe-vpn-connections). The skill provides educational documentation and Infrastructure as Code templates for hybrid cloud networking - no executable code, no data exfiltration, and no malicious intent detected.

1
الملفات التي تم فحصها
241
الأسطر التي تم تحليلها
6
النتائج
1
إجمالي عمليات التدقيق
مشكلات منخفضة المخاطر (4)
SKILL.md:46-66SKILL.md:74-96SKILL.md:183-195
Terraform HCL Code Blocks Falsely Flagged as Ruby Execution
Static analyzer detected backtick characters (line 22, 46-66, 74-96, 96-119, 129-132, 138-141, 151-159, 159-183, 183-195, 195-213, 213-221, 221-234, 234-235, 235-239) and interpreted them as Ruby shell backtick execution. In reality, these are Terraform HCL code blocks marked with triple backticks (```) for syntax highlighting in documentation. The skill file is Markdown documentation, not executable Ruby code. No command execution risk exists.
SKILL.md:56SKILL.md:154
Legitimate IP Addresses in Terraform Examples
Static analyzer flagged hardcoded IP addresses at lines 56 and 154 as 'network' risk. These are example documentation IP addresses (203.0.113.1 and 10.0.0.0/8) in Terraform HCL configuration blocks. 203.0.113.0/24 is the RFC 5737 documentation IP range specifically reserved for examples. 10.0.0.0/8 is RFC 1918 private IP space. Both are standard, safe, and not malicious.
SKILL.md:215-216
C2 Keywords False Positive - Cloud Service Terminology
Static analyzer flagged 'C2 keywords' at lines 215-216. These are AWS CLI commands (aws ec2 describe-vpn-connections, get-vpn-connection-telemetry) for monitoring VPN connections in a troubleshooting section. 'C2' in this context refers to 'Customer to Cloud' connectivity in networking terminology, not 'Command and Control' malware infrastructure. These are standard AWS CLI troubleshooting commands.
SKILL.md:3SKILL.md:208
Reconnaissance Terms in Documentation Context
Static analyzer detected 24 'system reconnaissance' and 'network reconnaissance' patterns across the file. All appear in legitimate context: 'monitor connections', 'describe-vpn-connections', 'troubleshooting', 'configure routing', 'advertise routes', etc. These are standard cloud infrastructure operations (monitoring, routing, troubleshooting) documented for educational purposes. No port scanning, vulnerability scanning, or malicious reconnaissance activity present.

عوامل الخطر

⚙️ الأوامر الخارجية (20)
SKILL.md:22 SKILL.md:46-66 SKILL.md:66-74 SKILL.md:74-79 SKILL.md:79-96 SKILL.md:96-119 SKILL.md:119-129 SKILL.md:129-132 SKILL.md:132-138 SKILL.md:138-141 SKILL.md:141-146 SKILL.md:146-151 SKILL.md:151-159 SKILL.md:159-183 SKILL.md:183-195 SKILL.md:195-213 SKILL.md:213-221 SKILL.md:221-234 SKILL.md:234-235 SKILL.md:235-239
🌐 الوصول إلى الشبكة (2)
SKILL.md:56 SKILL.md:154
تم تدقيقه بواسطة: claude

درجة الجودة

38
الهندسة المعمارية
100
قابلية الصيانة
87
المحتوى
50
المجتمع
97
الأمان
100
الامتثال للمواصفات

ماذا يمكنك بناءه

Enterprise Datacenter Extension

Connect your on-premises datacenter to cloud VPCs using Site-to-Site VPN for initial migration, then upgrade to Direct Connect for production workloads requiring low latency and high bandwidth.

Multi-Region Hybrid Architecture

Design active-active hybrid deployments spanning your datacenter and multiple cloud regions, implementing BGP routing and failover for disaster recovery scenarios.

Compliant Hybrid Cloud Setup

Build hybrid networks that meet regulatory compliance requirements by implementing encrypted VPN tunnels, private connectivity via Direct Connect/ExpressRoute, and comprehensive monitoring with CloudWatch and Azure Monitor.

جرّب هذه الموجهات

Basic AWS VPN Connection 
Help me set up a Site-to-Site VPN connection between my on-premises datacenter (customer gateway IP: 203.0.113.1, BGP ASN: 65000) and AWS VPC (vpc-id: vpc-12345). Generate the Terraform configuration.
High-Availability Hybrid Network 
Design a high-availability hybrid network architecture connecting my on-premises datacenter to both AWS and Azure. Include dual VPN tunnels for redundancy, BGP configuration for dynamic routing, and explain the failover mechanism.
Direct Connect Migration Path 
I currently use Site-to-Site VPN for my hybrid cloud setup. Help me plan a migration to AWS Direct Connect for better performance. Compare costs, bandwidth options, and provide a step-by-step migration plan.
Multi-Cloud Hybrid Network 
Design a hub-and-spoke hybrid network architecture where my on-premises datacenter connects to AWS (us-east-1), Azure (East US), and GCP (us-central1). Include routing considerations, security boundaries between cloud providers, and cost optimization strategies.

أفضل الممارسات

  • Always deploy dual VPN tunnels for redundancy - single points of failure cause production outages
  • Use private connectivity (Direct Connect/ExpressRoute) instead of internet VPN for production workloads requiring consistent performance
  • Implement comprehensive monitoring using CloudWatch, Azure Monitor, or GCP Cloud Logging to track tunnel status, bandwidth utilization, and BGP session health

تجنب

  • Don't use static routing when BGP is available - static routes require manual updates and don't support automatic failover
  • Avoid advertising public IP ranges over BGP - this creates routing conflicts and security vulnerabilities
  • Don't skip testing failover scenarios before production - validate that traffic switches to secondary tunnel during primary tunnel maintenance

الأسئلة المتكررة

Should I use VPN or Direct Connect for my hybrid network?
Use Site-to-Site VPN for initial migration, development environments, and bandwidth under 1 Gbps. Choose Direct Connect or ExpressRoute for production workloads requiring low latency, consistent performance, or bandwidth above 1 Gbps. Many organizations start with VPN and migrate to dedicated connections as workloads grow.
What BGP ASN should I use for my on-premises router?
Use a private ASN (64512-65534) for internal networks that don't connect to the public internet. If you already have a public ASN from your ISP, use that. Common default: 65000. The cloud side uses provider ASNs (AWS: 64512, Azure: 65515, GCP: 16550).
How long does Direct Connect provisioning take?
AWS Direct Connect typically takes 2-4 weeks for physical circuit provisioning through a partner. Azure ExpressRoute similar: 2-4 weeks. VPN connections can be established in minutes. Plan hybrid network architecture well ahead of migration timelines to account for lead times.
Can I connect one datacenter to multiple cloud providers?
Yes - multi-cloud hybrid networks are common. Each cloud provider requires separate connectivity (Direct Connect to AWS, ExpressRoute to Azure, Interconnect to GCP). Implement a hub-and-spoke pattern with your datacenter as hub, using separate circuits for each cloud provider. Consider transit gateways for simplified routing.
How do I troubleshoot VPN tunnel failures?
Check tunnel status in cloud console (Up/Down), verify BGP session state (Established/Idle), review CloudWatch logs for tunnel telemetry, confirm on-premises router configuration matches cloud VPN settings, test connectivity from instances on both sides using ping/traceroute, and check security groups/network ACLs aren't blocking required traffic.
Does this skill configure my actual network infrastructure?
No - this skill provides Terraform templates, architecture guidance, and best practices. You must review, customize, and apply the Infrastructure as Code templates using your own Terraform workflow. The skill helps design and document but does not execute changes to your cloud accounts or network devices.

تفاصيل المطور

المؤلف

sickn33

الترخيص

MIT

المستودع

https://github.com/sickn33/antigravity-awesome-skills/tree/main/skills/hybrid-cloud-networking

مرجع

main

بنية الملفات

📄 SKILL.md