Name: Hybrid Cloud Networking
Author: Wshobson

Install

Terminal · npx

$npx skills add https://github.com/wshobson/agents --skill hybrid-cloud-networking

Works with Paperclip

How Hybrid Cloud Networking fits into a Paperclip company.

Hybrid Cloud Networking drops into any Paperclip agent that handles this kind of work. Assign it to a specialist inside a pre-configured PaperclipOrg company and the skill becomes available on every heartbeat — no prompt engineering, no tool wiring.

SaaS FactoryPaired

Pre-configured AI company — 18 agents, 18 skills, one-time purchase.

$27$59

Explore pack

Source file

SKILL.md256 linesmarkdown

Expand

1---2name: hybrid-cloud-networking3description: Configure secure, high-performance connectivity between on-premises infrastructure and cloud platforms using VPN and dedicated connections. Use when building hybrid cloud architectures, connecting data centers to cloud, or implementing secure cross-premises networking.4---5 6# Hybrid Cloud Networking7 8Configure secure, high-performance connectivity between on-premises and cloud environments using VPN, Direct Connect, ExpressRoute, Interconnect, and FastConnect.9 10## Purpose11 12Establish secure, reliable network connectivity between on-premises data centers and cloud providers (AWS, Azure, GCP, OCI).13 14## When to Use15 16- Connect on-premises to cloud17- Extend datacenter to cloud18- Implement hybrid active-active setups19- Meet compliance requirements20- Migrate to cloud gradually21 22## Connection Options23 24### AWS Connectivity25 26#### 1. Site-to-Site VPN27 28- IPSec VPN over internet29- Up to 1.25 Gbps per tunnel30- Cost-effective for moderate bandwidth31- Higher latency, internet-dependent32 33```hcl34resource "aws_vpn_gateway" "main" {35  vpc_id = aws_vpc.main.id36  tags = {37    Name = "main-vpn-gateway"38  }39}40 41resource "aws_customer_gateway" "main" {42  bgp_asn    = 6500043  ip_address = "203.0.113.1"44  type       = "ipsec.1"45}46 47resource "aws_vpn_connection" "main" {48  vpn_gateway_id      = aws_vpn_gateway.main.id49  customer_gateway_id = aws_customer_gateway.main.id50  type                = "ipsec.1"51  static_routes_only  = false52}53```54 55#### 2. AWS Direct Connect56 57- Dedicated network connection58- 1 Gbps to 100 Gbps59- Lower latency, consistent bandwidth60- More expensive, setup time required61 62**Reference:** See `references/direct-connect.md`63 64### Azure Connectivity65 66#### 1. Site-to-Site VPN67 68```hcl69resource "azurerm_virtual_network_gateway" "vpn" {70  name                = "vpn-gateway"71  location            = azurerm_resource_group.main.location72  resource_group_name = azurerm_resource_group.main.name73 74  type     = "Vpn"75  vpn_type = "RouteBased"76  sku      = "VpnGw1"77 78  ip_configuration {79    name                          = "vnetGatewayConfig"80    public_ip_address_id          = azurerm_public_ip.vpn.id81    private_ip_address_allocation = "Dynamic"82    subnet_id                     = azurerm_subnet.gateway.id83  }84}85```86 87#### 2. Azure ExpressRoute88 89- Private connection via connectivity provider90- Up to 100 Gbps91- Low latency, high reliability92- Premium for global connectivity93 94### GCP Connectivity95 96#### 1. Cloud VPN97 98- IPSec VPN (Classic or HA VPN)99- HA VPN: 99.99% SLA100- Up to 3 Gbps per tunnel101 102#### 2. Cloud Interconnect103 104- Dedicated (10 Gbps, 100 Gbps)105- Partner (50 Mbps to 50 Gbps)106- Lower latency than VPN107 108### OCI Connectivity109 110#### 1. IPSec VPN Connect111 112- IPSec VPN with redundant tunnels113- Dynamic routing through DRG114- Good fit for branch offices and migration phases115 116#### 2. OCI FastConnect117 118- Private dedicated connectivity through Oracle or partner edge119- Suitable for predictable throughput and lower-latency hybrid traffic120- Commonly paired with DRG for hub-and-spoke designs121 122## Hybrid Network Patterns123 124### Pattern 1: Hub-and-Spoke125 126```127On-Premises Datacenter128         ↓129    VPN/Direct Connect130         ↓131    Transit Gateway (AWS) / vWAN (Azure)132         ↓133    ├─ Production VPC/VNet134    ├─ Staging VPC/VNet135    └─ Development VPC/VNet136```137 138### Pattern 2: Multi-Region Hybrid139 140```141On-Premises142    ├─ Direct Connect → us-east-1143    └─ Direct Connect → us-west-2144            ↓145        Cross-Region Peering146```147 148### Pattern 3: Multi-Cloud Hybrid149 150```151On-Premises Datacenter152    ├─ Direct Connect → AWS153    ├─ ExpressRoute → Azure154    ├─ Interconnect → GCP155    └─ FastConnect → OCI156```157 158## Routing Configuration159 160### BGP Configuration161 162```163On-Premises Router:164- AS Number: 65000165- Advertise: 10.0.0.0/8166 167Cloud Router:168- AS Number: 64512 (AWS), 65515 (Azure), provider-assigned for GCP/OCI169- Advertise: Cloud VPC/VNet CIDRs170```171 172### Route Propagation173 174- Enable route propagation on route tables175- Use BGP for dynamic routing176- Implement route filtering177- Monitor route advertisements178 179## Security Best Practices180 1811. **Use private connectivity** (Direct Connect/ExpressRoute/Interconnect/FastConnect)1822. **Implement encryption** for VPN tunnels1833. **Use VPC endpoints** to avoid internet routing1844. **Configure network ACLs** and security groups1855. **Enable VPC Flow Logs** for monitoring1866. **Implement DDoS protection**1877. **Use PrivateLink/Private Endpoints**1888. **Monitor connections** with CloudWatch/Azure Monitor/Cloud Monitoring/OCI Monitoring1899. **Implement redundancy** (dual tunnels)19010. **Regular security audits**191 192## High Availability193 194### Dual VPN Tunnels195 196```hcl197resource "aws_vpn_connection" "primary" {198  vpn_gateway_id      = aws_vpn_gateway.main.id199  customer_gateway_id = aws_customer_gateway.primary.id200  type                = "ipsec.1"201}202 203resource "aws_vpn_connection" "secondary" {204  vpn_gateway_id      = aws_vpn_gateway.main.id205  customer_gateway_id = aws_customer_gateway.secondary.id206  type                = "ipsec.1"207}208```209 210### Active-Active Configuration211 212- Multiple connections from different locations213- BGP for automatic failover214- Equal-cost multi-path (ECMP) routing215- Monitor health of all connections216 217## Monitoring and Troubleshooting218 219### Key Metrics220 221- Tunnel status (up/down)222- Bytes in/out223- Packet loss224- Latency225- BGP session status226 227### Troubleshooting228 229```bash230# AWS VPN231aws ec2 describe-vpn-connections232aws ec2 get-vpn-connection-telemetry233 234# Azure VPN235az network vpn-connection show236az network vpn-connection show-device-config-script237 238# OCI IPSec VPN239oci network ip-sec-connection list240oci network cpe list241```242 243## Cost Optimization244 2451. **Right-size connections** based on traffic2462. **Use VPN for low-bandwidth** workloads2473. **Consolidate traffic** through fewer connections2484. **Minimize data transfer** costs2495. **Use dedicated private links** for high bandwidth2506. **Implement caching** to reduce traffic251 252 253## Related Skills254 255- `multi-cloud-architecture` - For architecture decisions256- `terraform-module-library` - For IaC implementation

Related skills

Accessibility Compliance

This walks you through implementing proper WCAG 2.2 compliance with real code patterns for screen readers, keyboard navigation, and mobile accessibility. It cov

Airflow Dag Patterns

If you're building data pipelines with Airflow, this skill gives you production-ready DAG patterns that actually work in the real world. It covers TaskFlow API

Angular Migration

Migrating from AngularJS to Angular is notoriously painful, and this skill tackles the practical stuff that makes or breaks these projects. It covers hybrid app