How do I install Hybrid Cloud Networking?

Install Hybrid Cloud Networking with a single command: npx mdskills install sickn33/hybrid-cloud-networking. This downloads the skill files into your project and your AI agent picks them up automatically.

What platforms support Hybrid Cloud Networking?

Hybrid Cloud Networking works with Claude Code, Claude Desktop, Cursor, Vscode Copilot, Windsurf, Continue Dev, Codex, Gemini Cli, Amp, Roo Code, Goose, Opencode, Trae, Qodo, Command Code. Skills use the open SKILL.md format which is compatible with any AI coding agent that reads markdown instructions.

← Back to skills

Hybrid Cloud Networking

Name: Hybrid Cloud Networking: AI Agent Skill
Rating: 8 (1 reviews)
Author: sickn33

Verified

Intermediate

Configure secure, high-performance connectivity between on-premises infrastructure and cloud platforms using VPN and dedicated connections. Use when building hybrid cloud architectures, connecting data centers to cloud, or implementing secure cross-premises networking.

by @sickn330Updated 2 weeks ago

Add this skill

npx mdskills install sickn33/hybrid-cloud-networking

Fork & Edit

Skill Advisor8.0

Comprehensive multi-cloud networking guide with detailed examples and architecture patterns

+Covers AWS, Azure, and GCP with concrete Terraform examples
+Provides multiple architecture patterns with clear diagrams
+Includes security best practices and troubleshooting guidance
-Instructions section is vague compared to detailed content below

SKILL.md

Edit in Browser

1---
2name: hybrid-cloud-networking
3description: Configure secure, high-performance connectivity between on-premises infrastructure and cloud platforms using VPN and dedicated connections. Use when building hybrid cloud architectures, connecting data centers to cloud, or implementing secure cross-premises networking.
4---
5 
6# Hybrid Cloud Networking
7 
8Configure secure, high-performance connectivity between on-premises and cloud environments using VPN, Direct Connect, and ExpressRoute.
9 
10## Do not use this skill when
11 
12- The task is unrelated to hybrid cloud networking
13- You need a different domain or tool outside this scope
14 
15## Instructions
16 
17- Clarify goals, constraints, and required inputs.
18- Apply relevant best practices and validate outcomes.
19- Provide actionable steps and verification.
20- If detailed examples are required, open `resources/implementation-playbook.md`.
21 
22## Purpose
23 
24Establish secure, reliable network connectivity between on-premises data centers and cloud providers (AWS, Azure, GCP).
25 
26## Use this skill when
27 
28- Connect on-premises to cloud
29- Extend datacenter to cloud
30- Implement hybrid active-active setups
31- Meet compliance requirements
32- Migrate to cloud gradually
33 
34## Connection Options
35 
36### AWS Connectivity
37 
38#### 1. Site-to-Site VPN
39- IPSec VPN over internet
40- Up to 1.25 Gbps per tunnel
41- Cost-effective for moderate bandwidth
42- Higher latency, internet-dependent
43 
44```hcl
45resource "aws_vpn_gateway" "main" {
46  vpc_id = aws_vpc.main.id
47  tags = {
48    Name = "main-vpn-gateway"
49  }
50}
51 
52resource "aws_customer_gateway" "main" {
53  bgp_asn    = 65000
54  ip_address = "203.0.113.1"
55  type       = "ipsec.1"
56}
57 
58resource "aws_vpn_connection" "main" {
59  vpn_gateway_id      = aws_vpn_gateway.main.id
60  customer_gateway_id = aws_customer_gateway.main.id
61  type                = "ipsec.1"
62  static_routes_only  = false
63}
64```
65 
66#### 2. AWS Direct Connect
67- Dedicated network connection
68- 1 Gbps to 100 Gbps
69- Lower latency, consistent bandwidth
70- More expensive, setup time required
71 
72**Reference:** See `references/direct-connect.md`
73 
74### Azure Connectivity
75 
76#### 1. Site-to-Site VPN
77```hcl
78resource "azurerm_virtual_network_gateway" "vpn" {
79  name                = "vpn-gateway"
80  location            = azurerm_resource_group.main.location
81  resource_group_name = azurerm_resource_group.main.name
82 
83  type     = "Vpn"
84  vpn_type = "RouteBased"
85  sku      = "VpnGw1"
86 
87  ip_configuration {
88    name                          = "vnetGatewayConfig"
89    public_ip_address_id          = azurerm_public_ip.vpn.id
90    private_ip_address_allocation = "Dynamic"
91    subnet_id                     = azurerm_subnet.gateway.id
92  }
93}
94```
95 
96#### 2. Azure ExpressRoute
97- Private connection via connectivity provider
98- Up to 100 Gbps
99- Low latency, high reliability
100- Premium for global connectivity
101 
102### GCP Connectivity
103 
104#### 1. Cloud VPN
105- IPSec VPN (Classic or HA VPN)
106- HA VPN: 99.99% SLA
107- Up to 3 Gbps per tunnel
108 
109#### 2. Cloud Interconnect
110- Dedicated (10 Gbps, 100 Gbps)
111- Partner (50 Mbps to 50 Gbps)
112- Lower latency than VPN
113 
114## Hybrid Network Patterns
115 
116### Pattern 1: Hub-and-Spoke
117```
118On-Premises Datacenter
119         ↓
120    VPN/Direct Connect
121         ↓
122    Transit Gateway (AWS) / vWAN (Azure)
123         ↓
124    ├─ Production VPC/VNet
125    ├─ Staging VPC/VNet
126    └─ Development VPC/VNet
127```
128 
129### Pattern 2: Multi-Region Hybrid
130```
131On-Premises
132    ├─ Direct Connect → us-east-1
133    └─ Direct Connect → us-west-2
134            ↓
135        Cross-Region Peering
136```
137 
138### Pattern 3: Multi-Cloud Hybrid
139```
140On-Premises Datacenter
141    ├─ Direct Connect → AWS
142    ├─ ExpressRoute → Azure
143    └─ Interconnect → GCP
144```
145 
146## Routing Configuration
147 
148### BGP Configuration
149```
150On-Premises Router:
151- AS Number: 65000
152- Advertise: 10.0.0.0/8
153 
154Cloud Router:
155- AS Number: 64512 (AWS), 65515 (Azure)
156- Advertise: Cloud VPC/VNet CIDRs
157```
158 
159### Route Propagation
160- Enable route propagation on route tables
161- Use BGP for dynamic routing
162- Implement route filtering
163- Monitor route advertisements
164 
165## Security Best Practices
166 
1671. **Use private connectivity** (Direct Connect/ExpressRoute)
1682. **Implement encryption** for VPN tunnels
1693. **Use VPC endpoints** to avoid internet routing
1704. **Configure network ACLs** and security groups
1715. **Enable VPC Flow Logs** for monitoring
1726. **Implement DDoS protection**
1737. **Use PrivateLink/Private Endpoints**
1748. **Monitor connections** with CloudWatch/Monitor
1759. **Implement redundancy** (dual tunnels)
17610. **Regular security audits**
177 
178## High Availability
179 
180### Dual VPN Tunnels
181```hcl
182resource "aws_vpn_connection" "primary" {
183  vpn_gateway_id      = aws_vpn_gateway.main.id
184  customer_gateway_id = aws_customer_gateway.primary.id
185  type                = "ipsec.1"
186}
187 
188resource "aws_vpn_connection" "secondary" {
189  vpn_gateway_id      = aws_vpn_gateway.main.id
190  customer_gateway_id = aws_customer_gateway.secondary.id
191  type                = "ipsec.1"
192}
193```
194 
195### Active-Active Configuration
196- Multiple connections from different locations
197- BGP for automatic failover
198- Equal-cost multi-path (ECMP) routing
199- Monitor health of all connections
200 
201## Monitoring and Troubleshooting
202 
203### Key Metrics
204- Tunnel status (up/down)
205- Bytes in/out
206- Packet loss
207- Latency
208- BGP session status
209 
210### Troubleshooting
211```bash
212# AWS VPN
213aws ec2 describe-vpn-connections
214aws ec2 get-vpn-connection-telemetry
215 
216# Azure VPN
217az network vpn-connection show
218az network vpn-connection show-device-config-script
219```
220 
221## Cost Optimization
222 
2231. **Right-size connections** based on traffic
2242. **Use VPN for low-bandwidth** workloads
2253. **Consolidate traffic** through fewer connections
2264. **Minimize data transfer** costs
2275. **Use Direct Connect** for high bandwidth
2286. **Implement caching** to reduce traffic
229 
230## Reference Files
231 
232- `references/vpn-setup.md` - VPN configuration guide
233- `references/direct-connect.md` - Direct Connect setup
234 
235## Related Skills
236 
237- `multi-cloud-architecture` - For architecture decisions
238- `terraform-module-library` - For IaC implementation
239

Full transparency — inspect the skill content before installing.