Cloud_networking
Chapter 22: Cloud Networking Basics
Section titled “Chapter 22: Cloud Networking Basics”22.1 Introduction to Cloud Networking
Section titled “22.1 Introduction to Cloud Networking”Cloud networking extends traditional networking to virtualized environments.
Cloud Networking Overview+------------------------------------------------------------------+
What is Cloud Networking?+------------------------------------------------------------------+| - Virtual networks in cloud platforms || - Software-defined networking || - Pay-as-you-go model || - Elastic scaling |+------------------------------------------------------------------+
Cloud Networking Components:+------------------------------------------------------------------+| - Virtual Private Cloud (VPC) || - Subnets || | Security Groups / ACLs || - Load Balancers || - VPN/Direct Connect || - Route Tables |+------------------------------------------------------------------+
Major Providers:+------------------------------------------------------------------+| Provider | Network Service | Name ||----------------|-----------------------|--------------------|| AWS | VPC | Amazon VPC || Azure | Virtual Network | Azure VNet || GCP | VPC Network | Google Cloud VPC || Oracle | Virtual Cloud Network | OCI VCN |+------------------------------------------------------------------+
+------------------------------------------------------------------+22.2 Virtual Private Cloud (VPC)
Section titled “22.2 Virtual Private Cloud (VPC)” VPC Overview+------------------------------------------------------------------+
AWS VPC Example:+------------------------------------------------------------------+
Region: us-east-1
VPC: 10.0.0.0/16
Subnets:+------------------------------------------------------------------+| Subnet | CIDR | Type | AZ ||----------------|--------------|----------|------------|| Public Subnet | 10.0.1.0/24 | Public | us-east-1a || Public Subnet | 10.0.2.0/24 | Public | us-east-1b || Private Subnet | 10.0.10.0/24| Private | us-east-1a || Private Subnet | 10.0.11.0/24| Private | us-east-1b || DB Subnet | 10.0.20.0/24| Private | us-east-1a || DB Subnet | 10.0.21.0/24| Private | us-east-1b |+------------------------------------------------------------------+
VPC Components:+------------------------------------------------------------------+| Component | Purpose ||-----------------|---------------------------------------------|| CIDR Block | IP range for VPC (/16 to /28) || Internet Gateway| Connect to internet || NAT Gateway | Allow outbound from private subnets || Route Tables | Control routing || Security Groups | Instance-level firewall || NACL | Subnet-level firewall |+------------------------------------------------------------------+
+------------------------------------------------------------------+22.3 Subnets in Cloud
Section titled “22.3 Subnets in Cloud” Cloud Subnets+------------------------------------------------------------------+
Public Subnet:+------------------------------------------------------------------+| - Has route to Internet Gateway || - Can have public IP || - For: Load balancers, web servers, NAT |+------------------------------------------------------------------+
Private Subnet:+------------------------------------------------------------------+| - No direct internet access || - Traffic goes through NAT or Private Link || - For: Databases, application servers |+------------------------------------------------------------------+
Subnet Sizing:+------------------------------------------------------------------+
Best Practices:+------------------------------------------------------------------+| - Plan for growth || - Use /24 for each availability zone || - Reserve IPs for: || - Network/broadcast: 2 || - DHCP server: 1 || - DNS: 1 || - Future use: 5+ |+------------------------------------------------------------------+
Example VPC Design:+------------------------------------------------------------------+
VPC: 10.0.0.0/16
Management: 10.0.0.0/24DMZ: 10.0.1.0/24Application: 10.0.10.0/24Database: 10.0.20.0/24Services: 10.0.30.0/24
+------------------------------------------------------------------+
+------------------------------------------------------------------+22.4 Cloud Connectivity
Section titled “22.4 Cloud Connectivity” Cloud Connectivity Options+------------------------------------------------------------------+
1. Internet Gateway+------------------------------------------------------------------+| - Direct internet access || - For public resources || - Data transfer charges apply |+------------------------------------------------------------------+
2. VPN (Virtual Private Network)+------------------------------------------------------------------+| - Encrypted tunnel over internet || - On-premises to cloud || - Quick setup || - Lower bandwidth |+------------------------------------------------------------------+
3. Direct Connect (AWS) / ExpressRoute (Azure)+------------------------------------------------------------------+| - Dedicated physical connection || - 1 Gbps to 100 Gbps || - More consistent performance || - Higher cost |+------------------------------------------------------------------+
4. VPC Peering+------------------------------------------------------------------+| - Connect two VPCs || - No transitive peering (no gateway of gateways) || - Same or different account |+------------------------------------------------------------------+
5. Transit Gateway+------------------------------------------------------------------+| - Connect multiple VPCs and VPN || - Central hub routing || - Scales better than peering |+------------------------------------------------------------------+
Connectivity Comparison:+------------------------------------------------------------------+| Method | Bandwidth | Latency | Cost ||-----------------|-------------|-----------|-----------|| Internet | Variable | Variable | Low || VPN | Up to 1.25G | Moderate | Medium || Direct Connect | 1-100 Gbps | Low | High || Peering | 100 Gbps | Lowest | Free |+------------------------------------------------------------------+
+------------------------------------------------------------------+22.5 Cloud Security Groups
Section titled “22.5 Cloud Security Groups” Cloud Security Groups+------------------------------------------------------------------+
Security Group Rules:+------------------------------------------------------------------+
AWS Security Group Example:+------------------------------------------------------------------+| Inbound Rules | Outbound Rules ||----------------------------------------|------------------------|| Type: HTTP Port: 80 Source: 0.0.0.0/0 | Any Any 0.0.0.0/0 || Type: HTTPS Port: 443 Source: 0.0.0.0/0 | || Type: SSH Port: 22 Source: 10.0.0.0/16 | |+------------------------------------------------------------------+
Best Practices:+------------------------------------------------------------------+| - Least privilege principle || - Don't use 0.0.0.0/0 for SSH/RDP || - Use security groups as source where possible || - Regular audit || - Use tags for organization |+------------------------------------------------------------------+
Network ACLs vs Security Groups:+------------------------------------------------------------------+| Feature | Security Group | NACL ||------------------|----------------|-------------------|| Scope | Instance | Subnet || State | Stateful | Stateless || Rules | Allow only | Allow + Deny || Evaluation | All rules | In order |+------------------------------------------------------------------+
+------------------------------------------------------------------+22.6 Cloud DNS
Section titled “22.6 Cloud DNS” Cloud DNS Services+------------------------------------------------------------------+
Amazon Route 53:+------------------------------------------------------------------+| - Authoritative DNS || - Health checking || - Routing policies: || - Simple || - Weighted || | Latency || - Failover || - Geolocation |+------------------------------------------------------------------+
DNS Record Types in Cloud:+------------------------------------------------------------------+| Type | Description ||----------|------------------------------------------------------|| A | IPv4 address || AAAA | IPv6 address || CNAME | Alias || ALIAS | Provider-specific alias (Route 53) || MX | Mail exchange || TXT | Text record || NS | Name servers |+------------------------------------------------------------------+
Private DNS:+------------------------------------------------------------------+| - Internal resolution only || - Not resolvable from internet || - Use with Private Hosted Zones |+------------------------------------------------------------------+
+------------------------------------------------------------------+22.7 Cloud Load Balancing
Section titled “22.7 Cloud Load Balancing” Cloud Load Balancers+------------------------------------------------------------------+
AWS Elastic Load Balancing:+------------------------------------------------------------------+
| Type | Use Case ||----------------|-----------------------------------------------|| Application LB | HTTP/HTTPS, Layer 7 || Network LB | TCP/UDP, Layer 4, high performance || Gateway LB | Third-party appliances || Classic LB | Legacy, both L4 and L7 |+------------------------------------------------------------------+
Load Balancer Features:+------------------------------------------------------------------+| - Health checks || - SSL termination || | Sticky sessions || - Cross-zone load balancing || - Integration with Auto Scaling |+------------------------------------------------------------------+
Azure Load Balancer:+------------------------------------------------------------------+| - SKU: Basic (free) or Standard (paid) || - Public or Internal || - HA ports for inbound S2S |+------------------------------------------------------------------+
Google Cloud Load Balancing:+------------------------------------------------------------------+| - Global (HTTP/S) || - Regional (TCP/UDP) || - Internal (application traffic) |+------------------------------------------------------------------+
+------------------------------------------------------------------+Summary
Section titled “Summary”In this chapter, you learned:
- ✅ Cloud networking overview
- ✅ Virtual Private Cloud (VPC)
- ✅ Cloud subnets (public vs private)
- ✅ Cloud connectivity (VPN, Direct Connect, Peering)
- ✅ Cloud security groups
- ✅ Cloud DNS
- ✅ Cloud load balancing
Final Chapter Complete!
Section titled “Final Chapter Complete!”This completes our comprehensive Networking Guide. You now have all the foundational and advanced networking knowledge needed for DevOps, SRE, and SysAdmin roles.
Quick Reference: Networking Checklist
Section titled “Quick Reference: Networking Checklist”- OSI Model (7 layers)
- TCP/IP Model and Protocols
- IP Addressing (IPv4, IPv6)
- Subnetting (CIDR, VLSM)
- DNS (Record types, resolution)
- DHCP (DORA process)
- NAT/PAT
- Routing (Static, Dynamic)
- Routing Protocols (RIP, OSPF, EIGRP, BGP)
- Firewalls (iptables, nftables)
- VPN (IPsec, Open)
- Wireless (WiFi standards, securityVPN, WireGuard)
- Network Monitoring (tcpdump, Wireshark)
- Load Balancing
- VLANs
- Network Architecture
- Cloud Networking
Last Updated: February 2026