network-engineer
Design and optimize cloud networks
Get expert guidance on designing secure, high-performance cloud network architectures across AWS, Azure, and GCP. This skill helps you implement zero-trust security, optimize load balancing, and troubleshoot complex networking issues.
تنزيل ZIP المهارة
رفع في Claude
اذهب إلى Settings → Capabilities → Skills → Upload skill
فعّل وابدأ الاستخدام
اختبرها
استخدام "network-engineer". Design a secure multi-cloud network architecture with zero-trust connectivity
النتيجة المتوقعة:
Here is a comprehensive zero-trust multi-cloud network architecture:
## Core Principles
1. **Identity-based access** - All connections authenticated and authorized
2. **Micro-segmentation** - Fine-grained network isolation
3. **Continuous verification** - Real-time trust assessment
## Architecture Components
### AWS VPC Design
- Public subnets: NAT Gateways, ALBs
- Private subnets: Application tier (EC2, ECS)
- Database subnets: RDS with private endpoints
- Transit Gateway for VPC peering
### Azure VNet Design
- Hub-spoke topology with Azure Firewall
- Private endpoints for PaaS services
- VPN Gateway for hybrid connectivity
### GCP VPC Design
- Shared VPC for centralized networking
- Cloud NAT for private instance egress
- Cloud Load Balancing for global distribution
### Zero-Trust Connectivity
- mTLS for all service communication
- Network policies in Kubernetes
- Short-lived certificates with automated rotation
استخدام "network-engineer". Configure SSL/TLS termination with automated certificate management
النتيجة المتوقعة:
## SSL/TLS Termination Architecture
### Components
1. **Certificate Authority**: Let's Encrypt (automated)
2. **Certificate Manager**: cert-manager (Kubernetes)
3. **Load Balancer**: Nginx Ingress with TLS termination
### Implementation Steps
1. Install cert-manager:
```
kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.13.0/cert-manager.yaml
```
2. Create ClusterIssuer for Let's Encrypt:
```yaml
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-prod
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: admin@example.com
privateKeySecretRef:
name: letsencrypt-prod
solvers:
- http01:
ingressClass: nginx
```
3. Annotate Ingress for automatic certs:
```yaml
metadata:
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
```
### mTLS Setup for Service Mesh
- Use Istio mesh for automatic mTLS
- Configure peer authentication for strict mTLS
- Implement certificate rotation every 24 hours
التدقيق الأمني
آمنThis is a prompt-only skill with no executable code. The static analyzer scanned 0 files and detected 0 potential security issues. Risk score is 0/100. The skill provides network engineering expertise through text-based prompts only, with no scripts, network calls, filesystem access, or external command execution capabilities. No suspicious patterns or risk factors were detected.
درجة الجودة
ماذا يمكنك بناءه
Design secure multi-cloud architecture
Create a network architecture that connects AWS, Azure, and GCP with zero-trust security principles and redundant connectivity
Troubleshoot connectivity issues
Diagnose and resolve intermittent connectivity problems in Kubernetes service mesh or cloud VPC environments
Optimize application performance
Improve global application performance through CDN optimization, load balancing tuning, and network latency reduction
جرّب هذه الموجهات
Design a secure VPC architecture for a three-tier application with public subnets, private subnets, and database subnets. Include NAT gateways and security group recommendations.
Help me configure global load balancing with health checks and automatic failover for a multi-region deployment. I need both layer 4 and layer 7 support.
Explain how to implement SSL/TLS termination with automated certificate renewal using Let's Encrypt. Include mTLS configuration for service-to-service communication.
I am experiencing intermittent connectivity issues between my Kubernetes pods. The symptoms include high latency and occasional timeouts. Walk me through the troubleshooting steps.
أفضل الممارسات
- Always design for failure - implement redundancy at every network layer
- Use Infrastructure as Code (Terraform, CloudFormation) for reproducible network configurations
- Apply zero-trust principles: never trust, always verify, least privilege access
تجنب
- Do not expose databases directly to the internet - use private endpoints and VPNs
- Avoid hardcoding credentials or API keys in network configurations
- Do not skip network segmentation - always use VPCs, subnets, and security groups