Open in app

Sign in

Write

Sign in

Cloud-Virtual Private Cloud, Virtul Networking

Some key features of AWS VPC, Azure VNet, GCP VPC, OCI VPC

Monowar Mukul
7 min read2 days ago

Author: Monowar Mukul (AWS Certified Solutions Architect Professional, Azure Solutions Architect Expert, GCP Professional Cloud Architect, OCI Architect Professional)

AWS

In Amazon Web Services (AWS), a Virtual Private Cloud (VPC) is a logically isolated virtual network that you can define and customize. It allows you to launch AWS resources (such as EC2 instances, RDS databases, etc.) within a virtual network that you have full control over. Here are the key components of an AWS VPC:

VPC: The VPC itself is the highest-level component, representing the isolated virtual network in which your AWS resources will reside. When you create a VPC, you must define an IPv4 CIDR block (Classless Inter-Domain Routing) for the VPC. This block determines the range of private IP addresses that can be used within the VPC.

Subnets: A VPC can be divided into one or more subnets, each associated with a specific availability zone within an AWS region. Subnets allow you to isolate resources and distribute them across multiple availability zones for high availability.

Internet Gateway (IGW): The Internet Gateway is a horizontally scalable and redundant gateway that allows communication between instances in your VPC and the internet. It enables instances with public IP addresses to access the internet and receive inbound traffic from the internet.

NAT Gateway (Network Address Translation): When instances in private subnets need outbound internet access (for updates, patches, etc.), a NAT Gateway is used to allow traffic to flow securely from the private subnet to the internet. It provides a public IP address for outbound traffic while hiding the private instances behind it.

Route Tables: Each subnet in a VPC is associated with a route table, which defines how traffic is routed within the VPC. The route table determines whether traffic within the VPC stays local, goes to the internet through the Internet Gateway, or goes to other networks through VPN or Direct Connect connections.

Security Groups: Security Groups act as stateful virtual firewalls for instances. They control inbound and outbound traffic at the instance level. You can specify rules that allow or deny traffic based on protocols, ports, and source/destination IP addresses.

Network Access Control Lists (ACL): Network ACLs are stateless and operate at the subnet level. They provide an additional layer of security by controlling traffic to and from subnets. Unlike Security Groups, Network ACLs can have separate rules for inbound and outbound traffic and are evaluated based on rules order.

Elastic IP (EIP): An Elastic IP address is a static public IP address that you can allocate to your AWS resources. It allows you to associate a fixed IP address with your instances or NAT Gateway, which can be useful for scenarios like hosting web applications.

VPC Peering: VPC Peering allows you to connect two VPCs together securely so that instances in one VPC can communicate with instances in the other VPC using private IP addresses. It is a private connection and does not require an internet gateway, VPN, or Direct Connect.

VPN Connections and Direct Connect: These are methods to connect your VPC securely to your on-premises network or other data centers. VPN Connections use encrypted tunnels over the internet, while Direct Connect is a dedicated physical connection between your network and AWS.

Azure

the key components and features related to virtual networking in Azure:

  1. Virtual Network (VNet): A VNet is a logically isolated network in Azure that allows you to place and manage Azure resources, such as virtual machines (VMs), in a private IP address space. VNets are the building blocks for private communication between resources in Azure.
  2. Subnets: Within a VNet, you can create multiple subnets to further segregate and organize your resources. Each subnet can have its own address range and can be associated with different Azure services.
  3. Network Security Groups (NSGs): NSGs are used to control inbound and outbound network traffic to Azure resources. They act as a firewall, allowing you to define rules that permit or deny specific types of traffic based on source, destination, port, and protocol.
  4. Azure Private Link: Azure Private Link enables you to access Azure services (e.g., Azure Storage, Azure SQL Database) privately from your VNet. Instead of using public IP addresses, Private Link allows you to use private IPs, enhancing security and data isolation.
  5. User-Defined Routes: Azure allows you to define custom routes for traffic within your VNet. This feature provides more control over how traffic is routed between subnets or on-premises networks connected via VPN or ExpressRoute.
  6. VPN Gateway: Azure VPN Gateway enables secure communication between your on-premises network and your Azure VNet over an encrypted VPN tunnel.
  7. ExpressRoute: Azure ExpressRoute provides a private, dedicated connection between your on-premises network and Azure, offering higher reliability, lower latency, and increased security compared to the public internet.
  8. Azure Bastion: Azure Bastion provides secure, seamless RDP/SSH connectivity to your virtual machines directly from the Azure portal without exposing public IPs.
  9. Service Endpoints: With Service Endpoints, you can extend your VNet’s private address space to Azure services, such as Azure SQL Database or Azure Storage, without going through the public internet.
  10. VNet Peering: VNet peering allows you to connect two VNets in the same Azure region, enabling resources in different VNets to communicate with each other privately.

GCP

some of the key features of GCP VPC:

  1. VPC Network: GCP allows you to create a global VPC network that spans multiple regions. You can define custom IP address ranges for your subnets within the VPC.
  2. Subnets: Within a VPC, you can create subnets in different regions. Subnets help you segment your resources and provide isolation.
  3. Firewall Rules: GCP provides a robust firewall service that allows you to control both ingress and egress traffic to and from your virtual machine instances. You can define rules based on IP ranges, protocols, and ports.
  4. Routes: You can define custom routes in your VPC network to direct traffic to specific destinations.
  5. Cloud Router: Cloud Router enables dynamic routing between your on-premises network and GCP VPC network when using VPN or interconnecting multiple VPC networks.
  6. Cloud NAT (Network Address Translation): Cloud NAT allows instances without public IP addresses to access the internet and receive responses from the internet.
  7. Shared VPC (XPN — Cross-Project Networking): Shared VPC allows you to share a VPC network across multiple GCP projects, enabling better network management and resource sharing.
  8. VPC Peering: VPC Peering enables direct private communication between VPC networks without using public IPs.
  9. VPC Flow Logs: You can enable VPC Flow Logs to capture and analyze network flow data for your VPC, helping with network monitoring and troubleshooting.
  10. Private Google Access: Private Google Access enables instances without public IP addresses to reach Google Cloud services like Google Cloud Storage and Google BigQuery.
  11. Global Load Balancer: Google’s Global Load Balancer distributes incoming traffic across multiple regions to ensure high availability and performance.
  12. Internal Load Balancer: Internal Load Balancer provides load balancing for traffic within the same VPC network.
  13. Serverless VPC Access (Serverless VPC Connector): This feature allows serverless resources (e.g., Cloud Functions, Cloud Run) to access resources in a VPC securely.

OCI

some key features and concepts related to OCI VPC:

  1. Virtual Private Cloud (VPC): A VPC is a private network defined within the Oracle Cloud that you can configure and control. It allows you to launch resources like compute instances, databases, and storage volumes within a dedicated and isolated network environment.
  2. Subnets: Within a VPC, you can create subnets, which are logical subdivisions of the VPC’s IP address range. Subnets can be public or private, and they allow you to control traffic flow and security settings for different resources.
  3. Internet Gateway (IGW): The Internet Gateway is a component that enables communication between the VPC and the public internet. It allows resources in public subnets to have outbound internet access and can also receive incoming traffic from the internet.
  4. NAT Gateway: The Network Address Translation (NAT) Gateway is used to provide internet access to resources in private subnets that do not have direct internet connectivity.
  5. Security Lists and Security Groups: Security Lists are stateful firewalls that control the traffic entering or leaving subnets, while Security Groups are stateful firewalls that control traffic to and from specific resources like instances. They help enforce security rules and access controls within the VPC.
  6. Route Tables: Route Tables determine how traffic is directed within the VPC. They specify the destination for traffic and the target (such as an internet gateway or a NAT gateway) where the traffic should be sent.
  7. Dynamic Routing Gateway (DRG): The DRG enables private network connectivity between your VPC and other networks, such as an on-premises data center or another VPC in a different region or cloud provider.
  8. Local Peering Gateway (LPG) and Remote Peering Connection (RPC): These components facilitate peering between VPCs within the same region (LPG) or across different regions (RPC) to allow communication between them.
  9. VPN Connect: VPN Connect is a service that allows you to set up encrypted connections between your on-premises network and the OCI VPC over the internet.
  10. FastConnect: FastConnect provides a dedicated and private connection between your on-premises network and OCI, offering higher bandwidth and lower latency compared to VPN connections.

It’s essential to consult the official documentation for the most up-to-date information on VPC features, as the platform regularly evolves and introduces new functionalities to enhance networking capabilities.

Authors Bio

Monowar Mukul, who is currently working as a Solution Designer in the Cloud domain. Monowar Mukul has over two decades of experience in IT management and hands-on work with various technologies (Infrastruture, Database, Applications, DevOps). He worked in large-scale IT transformation projects focused on business goals, such as next-gen platform migrations, and Cloud adoption through XaaS programs. He has worked across diverse business sectors in Australia, including tertiary education, energy, government, mining, transport, and finance. Additionally, Monowar Mukul achieved certifications from all four major cloud vendors, namely AWS (Amazon Web Services) Solution Architect Professional, Azure Solution Architecture Certified Expert (Microsoft Azure), Google Professional Cloud Architect (Google Cloud Platform) and Oracle Certified Architect Professional.

Vpc
Vnet
Cloud Network
AWS
Azure

--

--

Monowar Mukul

Written by Monowar Mukul

178 Followers

Monowar Mukul is a Cloud Solution Architect Professional. /*The statements and opinions expressed here are my own & nothing with my present or past employer*/

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams