{"id":"96a46fa9-e6e2-41d7-8f68-15a47784f53e","shortId":"eETjbv","kind":"skill","title":"hybrid-cloud-networking","tagline":"Configure secure, high-performance connectivity between on-premises and cloud environments using VPN, Direct Connect, and ExpressRoute.","description":"# Hybrid Cloud Networking\n\nConfigure secure, high-performance connectivity between on-premises and cloud environments using VPN, Direct Connect, and ExpressRoute.\n\n## Do not use this skill when\n\n- The task is unrelated to hybrid cloud networking\n- You need a different domain or tool outside this scope\n\n## Instructions\n\n- Clarify goals, constraints, and required inputs.\n- Apply relevant best practices and validate outcomes.\n- Provide actionable steps and verification.\n- If detailed examples are required, open `resources/implementation-playbook.md`.\n\n## Purpose\n\nEstablish secure, reliable network connectivity between on-premises data centers and cloud providers (AWS, Azure, GCP).\n\n## Use this skill when\n\n- Connect on-premises to cloud\n- Extend datacenter to cloud\n- Implement hybrid active-active setups\n- Meet compliance requirements\n- Migrate to cloud gradually\n\n## Connection Options\n\n### AWS Connectivity\n\n#### 1. Site-to-Site VPN\n- IPSec VPN over internet\n- Up to 1.25 Gbps per tunnel\n- Cost-effective for moderate bandwidth\n- Higher latency, internet-dependent\n\n```hcl\nresource \"aws_vpn_gateway\" \"main\" {\n  vpc_id = aws_vpc.main.id\n  tags = {\n    Name = \"main-vpn-gateway\"\n  }\n}\n\nresource \"aws_customer_gateway\" \"main\" {\n  bgp_asn    = 65000\n  ip_address = \"203.0.113.1\"\n  type       = \"ipsec.1\"\n}\n\nresource \"aws_vpn_connection\" \"main\" {\n  vpn_gateway_id      = aws_vpn_gateway.main.id\n  customer_gateway_id = aws_customer_gateway.main.id\n  type                = \"ipsec.1\"\n  static_routes_only  = false\n}\n```\n\n#### 2. AWS Direct Connect\n- Dedicated network connection\n- 1 Gbps to 100 Gbps\n- Lower latency, consistent bandwidth\n- More expensive, setup time required\n\n**Reference:** See `references/direct-connect.md`\n\n### Azure Connectivity\n\n#### 1. Site-to-Site VPN\n```hcl\nresource \"azurerm_virtual_network_gateway\" \"vpn\" {\n  name                = \"vpn-gateway\"\n  location            = azurerm_resource_group.main.location\n  resource_group_name = azurerm_resource_group.main.name\n\n  type     = \"Vpn\"\n  vpn_type = \"RouteBased\"\n  sku      = \"VpnGw1\"\n\n  ip_configuration {\n    name                          = \"vnetGatewayConfig\"\n    public_ip_address_id          = azurerm_public_ip.vpn.id\n    private_ip_address_allocation = \"Dynamic\"\n    subnet_id                     = azurerm_subnet.gateway.id\n  }\n}\n```\n\n#### 2. Azure ExpressRoute\n- Private connection via connectivity provider\n- Up to 100 Gbps\n- Low latency, high reliability\n- Premium for global connectivity\n\n### GCP Connectivity\n\n#### 1. Cloud VPN\n- IPSec VPN (Classic or HA VPN)\n- HA VPN: 99.99% SLA\n- Up to 3 Gbps per tunnel\n\n#### 2. Cloud Interconnect\n- Dedicated (10 Gbps, 100 Gbps)\n- Partner (50 Mbps to 50 Gbps)\n- Lower latency than VPN\n\n## Hybrid Network Patterns\n\n### Pattern 1: Hub-and-Spoke\n```\nOn-Premises Datacenter\n         ↓\n    VPN/Direct Connect\n         ↓\n    Transit Gateway (AWS) / vWAN (Azure)\n         ↓\n    ├─ Production VPC/VNet\n    ├─ Staging VPC/VNet\n    └─ Development VPC/VNet\n```\n\n### Pattern 2: Multi-Region Hybrid\n```\nOn-Premises\n    ├─ Direct Connect → us-east-1\n    └─ Direct Connect → us-west-2\n            ↓\n        Cross-Region Peering\n```\n\n### Pattern 3: Multi-Cloud Hybrid\n```\nOn-Premises Datacenter\n    ├─ Direct Connect → AWS\n    ├─ ExpressRoute → Azure\n    └─ Interconnect → GCP\n```\n\n## Routing Configuration\n\n### BGP Configuration\n```\nOn-Premises Router:\n- AS Number: 65000\n- Advertise: 10.0.0.0/8\n\nCloud Router:\n- AS Number: 64512 (AWS), 65515 (Azure)\n- Advertise: Cloud VPC/VNet CIDRs\n```\n\n### Route Propagation\n- Enable route propagation on route tables\n- Use BGP for dynamic routing\n- Implement route filtering\n- Monitor route advertisements\n\n## Security Best Practices\n\n1. **Use private connectivity** (Direct Connect/ExpressRoute)\n2. **Implement encryption** for VPN tunnels\n3. **Use VPC endpoints** to avoid internet routing\n4. **Configure network ACLs** and security groups\n5. **Enable VPC Flow Logs** for monitoring\n6. **Implement DDoS protection**\n7. **Use PrivateLink/Private Endpoints**\n8. **Monitor connections** with CloudWatch/Monitor\n9. **Implement redundancy** (dual tunnels)\n10. **Regular security audits**\n\n## High Availability\n\n### Dual VPN Tunnels\n```hcl\nresource \"aws_vpn_connection\" \"primary\" {\n  vpn_gateway_id      = aws_vpn_gateway.main.id\n  customer_gateway_id = aws_customer_gateway.primary.id\n  type                = \"ipsec.1\"\n}\n\nresource \"aws_vpn_connection\" \"secondary\" {\n  vpn_gateway_id      = aws_vpn_gateway.main.id\n  customer_gateway_id = aws_customer_gateway.secondary.id\n  type                = \"ipsec.1\"\n}\n```\n\n### Active-Active Configuration\n- Multiple connections from different locations\n- BGP for automatic failover\n- Equal-cost multi-path (ECMP) routing\n- Monitor health of all connections\n\n## Monitoring and Troubleshooting\n\n### Key Metrics\n- Tunnel status (up/down)\n- Bytes in/out\n- Packet loss\n- Latency\n- BGP session status\n\n### Troubleshooting\n```bash\n# AWS VPN\naws ec2 describe-vpn-connections\naws ec2 get-vpn-connection-telemetry\n\n# Azure VPN\naz network vpn-connection show\naz network vpn-connection show-device-config-script\n```\n\n## Cost Optimization\n\n1. **Right-size connections** based on traffic\n2. **Use VPN for low-bandwidth** workloads\n3. **Consolidate traffic** through fewer connections\n4. **Minimize data transfer** costs\n5. **Use Direct Connect** for high bandwidth\n6. **Implement caching** to reduce traffic\n\n## Reference Files\n\n- `references/vpn-setup.md` - VPN configuration guide\n- `references/direct-connect.md` - Direct Connect setup\n\n## Related Skills\n\n- `multi-cloud-architecture` - For architecture decisions\n- `terraform-module-library` - For IaC implementation\n\n## Limitations\n- Use this skill only when the task clearly matches the scope described above.\n- Do not treat the output as a substitute for environment-specific validation, testing, or expert review.\n- Stop and ask for clarification if required inputs, permissions, safety boundaries, or success criteria are missing.","tags":["hybrid","cloud","networking","antigravity","awesome","skills","sickn33","agent-skills","agentic-skills","ai-agent-skills","ai-agents","ai-coding"],"capabilities":["skill","source-sickn33","skill-hybrid-cloud-networking","topic-agent-skills","topic-agentic-skills","topic-ai-agent-skills","topic-ai-agents","topic-ai-coding","topic-ai-workflows","topic-antigravity","topic-antigravity-skills","topic-claude-code","topic-claude-code-skills","topic-codex-cli","topic-codex-skills"],"categories":["antigravity-awesome-skills"],"synonyms":[],"warnings":[],"endpointUrl":"https://skills.sh/sickn33/antigravity-awesome-skills/hybrid-cloud-networking","protocol":"skill","transport":"skills-sh","auth":{"type":"none","details":{"cli":"npx skills add sickn33/antigravity-awesome-skills","source_repo":"https://github.com/sickn33/antigravity-awesome-skills","install_from":"skills.sh"}},"qualityScore":"0.700","qualityRationale":"deterministic score 0.70 from registry signals: · indexed on github topic:agent-skills · 34768 github stars · SKILL.md body (5,963 chars)","verified":false,"liveness":"unknown","lastLivenessCheck":null,"agentReviews":{"count":0,"score_avg":null,"cost_usd_avg":null,"success_rate":null,"latency_p50_ms":null,"narrative_summary":null,"summary_updated_at":null},"enrichmentModel":"deterministic:skill-github:v1","enrichmentVersion":1,"enrichedAt":"2026-04-23T18:51:30.551Z","embedding":null,"createdAt":"2026-04-18T21:38:53.571Z","updatedAt":"2026-04-23T18:51:30.551Z","lastSeenAt":"2026-04-23T18:51:30.551Z","tsv":"'/8':432 '1':145,226,245,314,355,391,467,638 '1.25':157 '10':337,519 '10.0.0.0':431 '100':229,302,339 '2':219,292,333,378,397,473,646 '203.0.113.1':197 '3':329,403,479,654 '4':487,660 '5':494,665 '50':342,345 '6':501,672 '64512':437 '65000':194,429 '65515':439 '7':505 '8':509 '9':514 '99.99':325 'acl':490 'action':85 'activ':131,132,560,561 'active-act':130,559 'address':196,281,286 'advertis':430,441,463 'alloc':287 'appli':77 'architectur':693,695 'ask':737 'asn':193 'audit':522 'automat':570 'avail':524 'avoid':484 'aw':111,143,174,188,201,220,368,414,438,530,545,603,605,611 'aws_customer_gateway.main.id':212 'aws_customer_gateway.primary.id':541 'aws_customer_gateway.secondary.id':556 'aws_vpc.main.id':180 'aws_vpn_gateway.main.id':208,537,552 'az':620,626 'azur':112,243,293,370,416,440,618 'azurerm':253 'azurerm_public_ip.vpn.id':283 'azurerm_resource_group.main.location':263 'azurerm_resource_group.main.name':267 'azurerm_subnet.gateway.id':291 'bandwidth':166,234,652,671 'base':643 'bash':602 'best':79,465 'bgp':192,421,454,568,598 'boundari':745 'byte':593 'cach':674 'center':107 'cidr':444 'clarif':739 'clarifi':71 'classic':319 'clear':712 'cloud':3,16,25,38,58,109,123,127,139,315,334,406,433,442,692 'cloudwatch/monitor':513 'complianc':135 'config':634 'configur':5,27,276,420,422,488,562,682 'connect':10,21,32,43,101,118,141,144,203,222,225,244,296,298,311,313,365,387,393,413,470,511,532,547,564,584,610,616,624,630,642,659,668,686 'connect/expressroute':472 'consist':233 'consolid':655 'constraint':73 'cost':162,574,636,664 'cost-effect':161 'criteria':748 'cross':399 'cross-region':398 'custom':189,209,538,553 'data':106,662 'datacent':125,363,411 'ddos':503 'decis':696 'dedic':223,336 'depend':171 'describ':608,716 'describe-vpn-connect':607 'detail':90 'develop':375 'devic':633 'differ':63,566 'direct':20,42,221,386,392,412,471,667,685 'domain':64 'dual':517,525 'dynam':288,456 'east':390 'ec2':606,612 'ecmp':578 'effect':163 'enabl':447,495 'encrypt':475 'endpoint':482,508 'environ':17,39,728 'environment-specif':727 'equal':573 'equal-cost':572 'establish':97 'exampl':91 'expens':236 'expert':733 'expressrout':23,45,294,415 'extend':124 'failov':571 'fals':218 'fewer':658 'file':679 'filter':460 'flow':497 'gateway':176,186,190,206,210,256,261,367,535,539,550,554 'gbps':158,227,230,303,330,338,340,346 'gcp':113,312,418 'get':614 'get-vpn-connection-telemetri':613 'global':310 'goal':72 'gradual':140 'group':265,493 'guid':683 'ha':321,323 'hcl':172,251,528 'health':581 'high':8,30,306,523,670 'high-perform':7,29 'higher':167 'hub':357 'hub-and-spok':356 'hybrid':2,24,57,129,351,382,407 'hybrid-cloud-network':1 'iac':702 'id':179,207,211,282,290,536,540,551,555 'implement':128,458,474,502,515,673,703 'in/out':594 'input':76,742 'instruct':70 'interconnect':335,417 'internet':154,170,485 'internet-depend':169 'ip':195,275,280,285 'ipsec':151,317 'ipsec.1':199,214,543,558 'key':588 'latenc':168,232,305,348,597 'librari':700 'limit':704 'locat':262,567 'log':498 'loss':596 'low':304,651 'low-bandwidth':650 'lower':231,347 'main':177,184,191,204 'main-vpn-gateway':183 'match':713 'mbps':343 'meet':134 'metric':589 'migrat':137 'minim':661 'miss':750 'moder':165 'modul':699 'monitor':461,500,510,580,585 'multi':380,405,576,691 'multi-cloud':404 'multi-cloud-architectur':690 'multi-path':575 'multi-region':379 'multipl':563 'name':182,258,266,277 'need':61 'network':4,26,59,100,224,255,352,489,621,627 'number':428,436 'on-premis':12,34,103,119,360,383,408,423 'open':94 'optim':637 'option':142 'outcom':83 'output':722 'outsid':67 'packet':595 'partner':341 'path':577 'pattern':353,354,377,402 'peer':401 'per':159,331 'perform':9,31 'permiss':743 'practic':80,466 'premis':14,36,105,121,362,385,410,425 'premium':308 'primari':533 'privat':284,295,469 'privatelink/private':507 'product':371 'propag':446,449 'protect':504 'provid':84,110,299 'public':279 'purpos':96 'reduc':676 'redund':516 'refer':240,678 'references/direct-connect.md':242,684 'references/vpn-setup.md':680 'region':381,400 'regular':520 'relat':688 'relev':78 'reliabl':99,307 'requir':75,93,136,239,741 'resourc':173,187,200,252,264,529,544 'resources/implementation-playbook.md':95 'review':734 'right':640 'right-siz':639 'rout':216,419,445,448,451,457,459,462,486,579 'routebas':272 'router':426,434 'safeti':744 'scope':69,715 'script':635 'secondari':548 'secur':6,28,98,464,492,521 'see':241 'session':599 'setup':133,237,687 'show':625,632 'show-device-config-script':631 'site':147,149,247,249 'site-to-sit':146,246 'size':641 'skill':50,116,689,707 'skill-hybrid-cloud-networking' 'sku':273 'sla':326 'source-sickn33' 'specif':729 'spoke':359 'stage':373 'static':215 'status':591,600 'step':86 'stop':735 'subnet':289 'substitut':725 'success':747 'tabl':452 'tag':181 'task':53,711 'telemetri':617 'terraform':698 'terraform-module-librari':697 'test':731 'time':238 'tool':66 'topic-agent-skills' 'topic-agentic-skills' 'topic-ai-agent-skills' 'topic-ai-agents' 'topic-ai-coding' 'topic-ai-workflows' 'topic-antigravity' 'topic-antigravity-skills' 'topic-claude-code' 'topic-claude-code-skills' 'topic-codex-cli' 'topic-codex-skills' 'traffic':645,656,677 'transfer':663 'transit':366 'treat':720 'troubleshoot':587,601 'tunnel':160,332,478,518,527,590 'type':198,213,268,271,542,557 'unrel':55 'up/down':592 'us':389,395 'us-east':388 'us-west':394 'use':18,40,48,114,453,468,480,506,647,666,705 'valid':82,730 'verif':88 'via':297 'virtual':254 'vnetgatewayconfig':278 'vpc':178,481,496 'vpc/vnet':372,374,376,443 'vpn':19,41,150,152,175,185,202,205,250,257,260,269,270,316,318,322,324,350,477,526,531,534,546,549,604,609,615,619,623,629,648,681 'vpn-connect':622,628 'vpn-gateway':259 'vpn/direct':364 'vpngw1':274 'vwan':369 'west':396 'workload':653","prices":[{"id":"2c81f60f-1af9-44d5-b181-80c7b658d71a","listingId":"96a46fa9-e6e2-41d7-8f68-15a47784f53e","amountUsd":"0","unit":"free","nativeCurrency":null,"nativeAmount":null,"chain":null,"payTo":null,"paymentMethod":"skill-free","isPrimary":true,"details":{"org":"sickn33","category":"antigravity-awesome-skills","install_from":"skills.sh"},"createdAt":"2026-04-18T21:38:53.571Z"}],"sources":[{"listingId":"96a46fa9-e6e2-41d7-8f68-15a47784f53e","source":"github","sourceId":"sickn33/antigravity-awesome-skills/hybrid-cloud-networking","sourceUrl":"https://github.com/sickn33/antigravity-awesome-skills/tree/main/skills/hybrid-cloud-networking","isPrimary":false,"firstSeenAt":"2026-04-18T21:38:53.571Z","lastSeenAt":"2026-04-23T18:51:30.551Z"}],"details":{"listingId":"96a46fa9-e6e2-41d7-8f68-15a47784f53e","quickStartSnippet":null,"exampleRequest":null,"exampleResponse":null,"schema":null,"openapiUrl":null,"agentsTxtUrl":null,"citations":[],"useCases":[],"bestFor":[],"notFor":[],"kindDetails":{"org":"sickn33","slug":"hybrid-cloud-networking","github":{"repo":"sickn33/antigravity-awesome-skills","stars":34768,"topics":["agent-skills","agentic-skills","ai-agent-skills","ai-agents","ai-coding","ai-workflows","antigravity","antigravity-skills","claude-code","claude-code-skills","codex-cli","codex-skills","cursor","cursor-skills","developer-tools","gemini-cli","gemini-skills","kiro","mcp","skill-library"],"license":"mit","html_url":"https://github.com/sickn33/antigravity-awesome-skills","pushed_at":"2026-04-23T06:41:03Z","description":"Installable GitHub library of 1,400+ agentic skills for Claude Code, Cursor, Codex CLI, Gemini CLI, Antigravity, and more. Includes installer CLI, bundles, workflows, and official/community skill collections.","skill_md_sha":"e8ebbd134021ea40cc5df92f2b913427fa42e87c","skill_md_path":"skills/hybrid-cloud-networking/SKILL.md","default_branch":"main","skill_tree_url":"https://github.com/sickn33/antigravity-awesome-skills/tree/main/skills/hybrid-cloud-networking"},"layout":"multi","source":"github","category":"antigravity-awesome-skills","frontmatter":{"name":"hybrid-cloud-networking","description":"Configure secure, high-performance connectivity between on-premises and cloud environments using VPN, Direct Connect, and ExpressRoute."},"skills_sh_url":"https://skills.sh/sickn33/antigravity-awesome-skills/hybrid-cloud-networking"},"updatedAt":"2026-04-23T18:51:30.551Z"}}