network-engineer
設計與優化雲端網路
獲得設計安全、高效能雲端網路架構的專業指導,涵蓋 AWS、Azure 和 GCP。此技能可幫助您實作零信任安全、優化負載平衡,並排查複雜的網路問題。
下載技能 ZIP
在 Claude 中上傳
前往 設定 → 功能 → 技能 → 上傳技能
開啟並開始使用
測試它
正在使用「network-engineer」。 Design a secure multi-cloud network architecture with zero-trust connectivity
預期結果:
Here is a comprehensive zero-trust multi-cloud network architecture:
## Core Principles
1. **Identity-based access** - All connections authenticated and authorized
2. **Micro-segmentation** - Fine-grained network isolation
3. **Continuous verification** - Real-time trust assessment
## Architecture Components
### AWS VPC Design
- Public subnets: NAT Gateways, ALBs
- Private subnets: Application tier (EC2, ECS)
- Database subnets: RDS with private endpoints
- Transit Gateway for VPC peering
### Azure VNet Design
- Hub-spoke topology with Azure Firewall
- Private endpoints for PaaS services
- VPN Gateway for hybrid connectivity
### GCP VPC Design
- Shared VPC for centralized networking
- Cloud NAT for private instance egress
- Cloud Load Balancing for global distribution
### Zero-Trust Connectivity
- mTLS for all service communication
- Network policies in Kubernetes
- Short-lived certificates with automated rotation
正在使用「network-engineer」。 Configure SSL/TLS termination with automated certificate management
預期結果:
## SSL/TLS Termination Architecture
### Components
1. **Certificate Authority**: Let's Encrypt (automated)
2. **Certificate Manager**: cert-manager (Kubernetes)
3. **Load Balancer**: Nginx Ingress with TLS termination
### Implementation Steps
1. Install cert-manager:
```
kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.13.0/cert-manager.yaml
```
2. Create ClusterIssuer for Let's Encrypt:
```yaml
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-prod
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: admin@example.com
privateKeySecretRef:
name: letsencrypt-prod
solvers:
- http01:
ingressClass: nginx
```
3. Annotate Ingress for automatic certs:
```yaml
metadata:
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
```
### mTLS Setup for Service Mesh
- Use Istio mesh for automatic mTLS
- Configure peer authentication for strict mTLS
- Implement certificate rotation every 24 hours
安全審計
安全This is a prompt-only skill with no executable code. The static analyzer scanned 0 files and detected 0 potential security issues. Risk score is 0/100. The skill provides network engineering expertise through text-based prompts only, with no scripts, network calls, filesystem access, or external command execution capabilities. No suspicious patterns or risk factors were detected.
品質評分
你能建構什麼
設計安全的多雲端架構
建立連接 AWS、Azure 和 GCP 的網路架構,採用零信任安全原則和備援連線
排查連線問題
診斷並解決 Kubernetes 服務網格或雲端 VPC 環境中間歇性連線問題
優化應用程式效能
透過 CDN 優化、負載平衡調整和網路延遲降低來提升全球應用程式效能
試試這些提示
Design a secure VPC architecture for a three-tier application with public subnets, private subnets, and database subnets. Include NAT gateways and security group recommendations.
Help me configure global load balancing with health checks and automatic failover for a multi-region deployment. I need both layer 4 and layer 7 support.
Explain how to implement SSL/TLS termination with automated certificate renewal using Let's Encrypt. Include mTLS configuration for service-to-service communication.
I am experiencing intermittent connectivity issues between my Kubernetes pods. The symptoms include high latency and occasional timeouts. Walk me through the troubleshooting steps.
最佳實務
- 始終為失敗做設計 - 在每個網路層實作備援
- 使用基礎設施即程式碼(Terraform、CloudFormation)建立可重現的網路設定
- 應用零信任原則:永不信任、永遠驗證、最低權限存取
避免
- 不要將資料庫直接暴露在網際網路上 - 使用私人端點和 VPN
- 避免在網路設定中硬編號憑證或 API 金鑰
- 不要跳過網路分段 - 始終使用 VPC、子網路和安全群組