Fundamentals of Cloud Networking

Fundamentals of Cloud Networking – Let’s Learn the Basics

/ Networking / By /

Last Updated on May 14, 2024 by cscontents

Introduction

In this post we will discuss various important network terminology and concept in cloud networking (especially Azure and AWS related terminologies).

Virtual Network (VNET)/ Virtual Private Cloud (VPC)

VNET or Virtual network = Virtual + Network, i.e., Virtual network is network which is virtual.

Virtual – “virtual” word is used in the context of cloud technology. For example, if we are using Microsoft Azure cloud platform, we must configure some network within which our compute resources will be provisioned, that network is called Virtual Network or VNET. In case of AWS cloud platform, virtual network is known as VPC (Virtual private Cloud).

Network – in simple words network is a range of IP address where the IP addresses can be assigned to various devices or appliances, and we say, ‘those devices are part of that network’.

Subnet

If we divide any VNET/VPC into multiple small network then it each of this small network is called subnet.

NIC/ENI

NIC – Network Interface Card, in Azure with each VM we need to attach NIC (s), and on the NIC public/private IP is assigned.

ENI – Elastic Network Interface, in AWS with each VM (ec2 instance), we need to attach ENI, and on ENI IP is assigned.

VNET/ VPC Peering

VNET/VPC peering is something which allows communication between one VNET/VPC to another VNET/VPC using private IP. That means the communication within two VNET become secure using VNET/VPC peering.

Communication within VNET or VPC

By default, communication between the subnets in a VNET/VPC is allowed. For example, we have a VNET/VPC and within that VM-1 in subnet-1 and VM-2 in subnet-2. Here, by default VM-1 and VM-2 can communicate with each other.

Routing & Route Table

Routing basically means on which path you want to send your network traffic. There is something called “Route Table”, it is nothing but a table which has our routes. So whatever routes we create for our network traffic those routes will appear in the ‘Route Table’.

While creating a ‘route’ there is two component we need to know –

  • Destination network – it is the network where you want to send your network traffics.
  • Next hop – This is one place on the path of network traffic flow, via which network traffic will reach destination.

NSG and NACL

In case of Azure, NSG (Network Security Group) is applied at subnet label to filter out the network traffic. Similar concept exist in AWS which is knows as NACL (Network Access Control List), it is applied at the subnet label to filter out the network traffic.

There is ‘security group’ in AWS as well, but here ‘security group’ is applied at instance level (AWS ec2 instance).

Public IP communication in cloud networking

When any resource (e.g., a VM) within a VNET/VPC want to communicate with the internet (which is public network), then it needs to use public IP.

Private IP Communication in cloud networking

Below are few places where private IP communication happen –

  • When subnet to subnet communication happen within a VNET/VPC, then it uses private IP.
  • In case VNET/VPC peering, communication between the VNET/VPC happen through private IP.
  • VPN connection (VPN tunnel), private lease connection etc. uses private IP for communication.

Communication over tunnel

Communication over VPN tunnel happen using private IP (or native IP).

 

These are few very basic concept in Azure & AWS networking.

Thank You.

 

If you are interested in learning DevOps, please have a look at the below articles, which will help you greatly.