Public Cloud Networking

On Prem Networks 

  • Follow an architecture 

  • On Prem was slow/applications needed to be deployed faster 

  • DevOps moved to cloud 

Reinventing Network and Security Architecture for Cloud 

  • VMware was able to virtualize servers, and run applications on a virtual machine, however this was still On Prem 

  • People moved to public cloud but there was an architectural gap 

  • Aviatrix provides the architecture, MCNA, to help deploy applications  

IaaS, PaaS, SaaS 

On Prem (physical/virtual) 

  •  Underlay, hardware, software, day0, day1 and day 2, everything is the user’s responsibility 

Infrastructure as a Service

  • CSP’s manage hardware, software, storage, and networking 

  • Users are responsible for running the virtual machines and patching the O/S 

Platform as a Service 

  • Users only consume as a platform 

  • CSP’s manage everything, you only manage applications and data 

Software as a Service 

  • Users consume the service 

  • All aspects managed by CSP’s 


What is Hybrid Cloud? 

  • Cloud connectivity with On-Prem DC 

Public Cloud Basics 

  • Known to be resilient, highly available, multiple regions 

  • Just as data centers have issues, the CSP’s data centers have issues as well 

  • Users however have no control/visibility of these issues 

Data Center 

  • Cloud service providers use data centers to house cloud services and cloud-based resources 


  • Data centers are grouped in regions and geographic areas to provide regional service availability 

Availability Zone 

  • Distinct locations within the cloud provider’s network that are engineered to be isolated from failures  


Public Cloud Network vs. On-Prem DC 

  • Public Cloud Network tries to provide the same services as the On-Prem DC 

  • Provides concept of VPC (virtual private cloud) 

  • The most important part of the VPC is the application/virtual machine 

  • Virtual machines are sitting on different subnets, so they need a routing entity 

  • Some security constructs are provided but are often very primitive 

  • VPC required connectivity to internet (sends traffic to internet) 

  • Users coming in/trying to get access to virtual machines 

  • Private link to connect to data center needed 

  • Limitations 

    • 100 BGP route limit in AWS-TGW 

    • No routing controls 

    • No service insertion 

    • Poor visibility 

5replies Oldest first
  • Oldest first
  • Newest first
  • Active threads
  • Popular
Like10 Follow
  • 5 mths agoLast active
  • 5Replies
  • 5604Views
  • 11 Following