Kahibaro
Discord Login Register

6.5.4 Cloud networking basics

Why Cloud Networking Is Different

Traditional networking is about physical machines and static networks. In the cloud, most networking is:

Across major providers (AWS, Azure, GCP), core ideas are similar even if names differ. This chapter focuses on those shared concepts and how they affect Linux systems running in the cloud.

Virtual Private Clouds / Virtual Networks

Each cloud gives you logically isolated networks for your resources:

Key ideas:

From a Linux instance’s perspective, this looks like a normal LAN:

You still use familiar tools (ip, ss, ping, etc.) to inspect and debug, but the topology and routing are controlled by cloud configuration instead of on-box config files alone.

Subnets and IP Addressing in the Cloud

Each VPC/VNet is split into subnets. Subnets define:

Typical patterns:

Linux implications:

Public vs Private IPs and NAT

Cloud networking generally separates:

There are two common mappings:

  1. One-to-one public IP assignment
    • Instance has:
      • Private IP on its interface (e.g. 10.0.1.10)
      • Public IP associated in the cloud control plane (e.g. 203.0.113.5)
    • Cloud NAT translates public ↔ private, but the Linux system normally only sees the private IP.
  2. NAT gateway for many-to-one outbound
    • Private instances use a shared NAT gateway to access the internet.
    • Outbound connections appear from a single public IP or a small pool.
    • Inbound connections from the internet are not allowed directly.

Linux view:

Route Tables and Default Gateways

Each subnet is associated with a route table describing where traffic goes:

On your Linux instance:

This separation is important:

Security Groups and Network ACLs

Cloud networking has two main layers of traffic control:

Security Groups / Network Security Groups

These are stateful, instance-level firewalls:

Providers call them:

Linux relationship:

Network ACLs (NACLs) and Subnet-level Rules

Many clouds also provide stateless ACLs at the subnet level:

For most basic setups, security groups/NSGs are the primary tool; NACLs are optional.

Load Balancers

Cloud load balancers are managed services that distribute traffic across multiple instances:

Common types:

From a Linux server’s perspective:

For networking:

Private Connectivity: VPN, Direct Links, and Peering

Cloud networks rarely live in isolation. Common connectivity options:

Site-to-Site VPN

Direct/Dedicated Links

VPC/VNet Peering

For Linux admins:

DNS in the Cloud

Each VPC/VNet usually has internal DNS:

Key behaviors:

Linux integration:

Basic Connectivity Checks on a Cloud Linux Instance

When something doesn’t work, combine standard Linux tools with cloud concepts:

  1. Check interface and IP
    • ip a
      • Is there an IP from the expected subnet?
  2. Check default route
    • ip route
      • Is there a default route via the VPC gateway?
  3. Check DNS
    • cat /etc/resolv.conf or resolvectl status
    • dig example.com or nslookup example.com
  4. Check local firewall
    • sudo iptables -L -n or sudo nft list ruleset
  5. Check cloud-side rules
    • Security groups/NSGs
    • NACLs (if used)
    • Load balancer target status / health checks

Always remember: a connection can be blocked at multiple layers (instance firewall, cloud firewall, routing, load balancer, NAT).

Common Cloud Networking Patterns

Some standard architectures you’ll see repeatedly:

When working with Linux in these designs, you mostly:

How This Ties into DevOps and Automation

Cloud networking is fully API-driven. For DevOps workflows:

Understanding the basics above lets you:

Views: 95

Comments

Please login to add a comment.

Don't have an account? Register now!