Scribd
Upload
26 views54 pages

Mod4 sp24v3

Uploaded by

companyrufus36
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
26 views54 pages

Mod4 sp24v3

Uploaded by

companyrufus36
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 54

CompTIA Cloud+

Guide to Cloud
Computing, 2e
Module 4: Cloud Networking

Jill West, CompTIA Cloud+ Guide to Cloud Computing, 2nd Edition. © 2023 Cengage. All Rights Reserved. May not be scanned,
scanned, copied
copied or
or duplicated,
duplicated, or
or
posted to a publicly accessible website, in whole or in part. 1
Module Objectives

By the end of this module, you should be able to:

1. Explain how common networking concepts apply to cloud networking

2. Manage IP address spaces in the cloud

3. Configure basic AWS networking resources

4. Configure basic Azure networking resources

5. Configure basic GCP networking resources

Jill West, CompTIA Cloud+ Guide to Cloud Computing, 2nd Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or
posted to a publicly accessible website, in whole or in part. 2
Section 4-1: Networking Concepts in the Cloud

• Networking in the cloud works similarly to networking in a physical data center, except at more of a
logical level rather than a physical one

• This module discusses how networking concepts work in the cloud and covers networking configurations
in AWS, Azure, and GCP

Jill West, CompTIA Cloud+ Guide to Cloud Computing, 2nd Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or
posted to a publicly accessible website, in whole or in part. 3
Networking Concepts (1 of 2)
• Two planes
− Control plane: Management layer
− Data plane: Where transmissions traverse physical devices

Jill West, CompTIA Cloud+ Guide to Cloud Computing, 2nd Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or
posted to a publicly accessible website, in whole or in part. 4
Networking Concepts (2 of 2)

• Three topologies
− Traditional network: individual control planes
− SDN (software-defined networking) : centralized control plane (SDN controller)
− NFV (network functions virtualization) takes this idea a step further by virtualizing network devices and
services

• Most of the technologies are the same but abstracted to the virtual platform

Jill West, CompTIA Cloud+ Guide to Cloud Computing, 2nd Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or
posted to a publicly accessible website, in whole or in part. 5
From OSI Model to Cloud Stack (1 of 2)

• The OSI model and TCP/IP model use layers to present theoretical representations of what happens
during network communication

• At each layer, information is added to the message that various devices along the way will need

• Each device reads only deep enough into the message’s headers to know where to send the message next

• These models are helpful in troubleshooting network problems and in understanding how networking
protocols relate to one another

• Cloud computing brings some creative modifications of the models

Jill West, CompTIA Cloud+ Guide to Cloud Computing, 2nd Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or
posted to a publicly accessible website, in whole or in part. 6
From OSI Model to Cloud Stack (2 of 2)

Figure 4-3 The OSI and TCP/IP


models of networking communication

Jill West, CompTIA Cloud+ Guide to Cloud Computing, 2nd Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or
posted to a publicly accessible website, in whole or in part. 7
Software-Defined Networking in the Cloud (1 of 2)

• SDN is the basis on which the cloud works


− The underlying physical infrastructure that supports the cloud is not accessible to the cloud customer
− However, the customer can configure networking infrastructure at a software-defined level

• In the public cloud, the customer is not responsible for ensuring there are enough physical devices to
guarantee availability – the cloud provider is

• Availability can be achieved by having redundant virtual devices in your cloud

Jill West, CompTIA Cloud+ Guide to Cloud Computing, 2nd Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or
posted to a publicly accessible website, in whole or in part. 8
Software-Defined
Networking in the Cloud
(2 of 2)

Figure 4-5 Redundant EC2


instances and databases

Jill West, CompTIA Cloud+ Guide to Cloud Computing, 2nd Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or
posted to a publicly accessible website, in whole or in part. 9
Section 4-2: IP Address Space

• IP addresses are used to identify devices across networks

• Cloud resources are given one or both of two kinds of IP addresses: public and private

• Public IP addresses provide access to a resource from the Internet

• Private IP addresses are only accessible from within the cloud-based network where that resource is
located

Jill West, CompTIA Cloud+ Guide to Cloud Computing, 2nd Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or
posted to a publicly accessible website, in whole or in part. 10
IPv4 Addressing basics

• 32-bit address
• Uniquely identifies your computer on the network
• Written in dotted decimal notation
(172.16.254.1)
o Four sections called Octets

o Each Octet represents 8 bits


worth of information
o Numbers range from 0 to 255

Jill West, CompTIA Cloud+ Guide to Cloud Computing, 2nd Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or
posted to a publicly accessible website, in whole or in part. 11
IPv4 Classes (A-E)
(older "classful network" system)
NETWORK ADDRESS NUMBER OF NUMBER OF
CLASS RANGE OF UNIQUE UNIQUE HOSTS
FIRST OCTET NETWORKS PER NETWORK
AVAILABLE

A (Large, many 1–126 126 16,777,214


hosts)

B (Medium, 128–191 16,384 65,534


moderate hosts)
C (Small, few 192–223 2,097,152 254
hosts)

Jill West, CompTIA Cloud+ Guide to Cloud Computing, 2nd Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or
posted to a publicly accessible website, in whole or in part. 12
Network ID and Host ID

• An IP address consists of a network ID and a unique host address


• All hosts on the same network subnet must have the same network ID
• Address class determines which part of the IP address is the network ID

Jill West, CompTIA Cloud+ Guide to Cloud Computing, 2nd Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or
posted to a publicly accessible website, in whole or in part. 13
DEFAULT SUBNET MASKS
A subnet mask is a 32-bit dotted decimal number that shows the number of bits used for the
network and host portions of the address

• In Binary: one bit for each position in the network portion, zero bits for each position in the host
portion
o Network Bits are a string of continuous 1’s (eight 1's = 255 decimal)
o Host Bits are a string of continuous 0’s
o Class C in Binary: 11111111.11111111.11111111.00000000
o Default Subnet masks
• Class C: 255.255.255.0
(network part is 255.255.255, host part is 0)
• Class B: 255.255.0.0
• Class A: 255.0.0.0

Jill West, CompTIA Cloud+ Guide to Cloud Computing, 2nd Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or
posted to a publicly accessible website, in whole or in part. 14
Network part and host part
◦ Example: IP 10.15.67.128 , Subnet Mask 255.255.255.0

Network part of IP address


◦ 10.15.67.128
◦ The part of the address that matches the network part of
the subnet mask (10.15.67)

Host part of IP address


◦ 10.15.67.128
◦ The part of the address that matches the host part of the subnet
mask (128)
Jill West, CompTIA Cloud+ Guide to Cloud Computing, 2nd Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or
posted to a publicly accessible website, in whole or in part. 15
CIDR "Cider" Notation
("Classless" networks)
• CIDR notation (Classless Inter-Domain Routing) is the current, more flexible way of
writing a subnet mask along with an IP address.
• Indicates number of bits in the network portion of the address
Example: 192.168.1.23/24
• Class C: 255.255.255.0 (11111111.11111111.11111111.00000000)
• 24 ones (3 x 8), so we write this address as 192.168.1.23/24
• Class B: 255.255.0.0 (11111111.11111111.00000000.00000000)
• 16 ones (2 x 8), so we use /16
• Class A: 255.0.0.0 (11111111.00000000.00000000.00000000)
• 8 ones (1 x 8), so we use /8

Jill West, CompTIA Cloud+ Guide to Cloud Computing, 2nd Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or
posted to a publicly accessible website, in whole or in part. 16
CIDR Notation
("Classless" networks)
• CIDR shows number of bits in network part of the address (/1 to /31).
• CIDR is flexible: allows dividing a network into different sizes of subnets.
• Examples (note mapping to old style subnet masks):
Convert to 1s and Right
CIDR Notation Subnet Mask
Pad
11111111.00000000.00000
/8 255.0.0.0
000.00000000
11111111.11000000.00000
/10 255.192.0.0
000.00000000
11111111.11111110.00000
/15 255.254.0.0
000.00000000
11111111.11111111.11110
/20 255.255.240.0
000.00000000
11111111.11111111.111111
/24 255.255.255.0
11.00000000
11111111.11111111.111111
/25 255.255.255.128
11.10000000
11111111.11111111.111111
/30 255.255.255.252
11.11111100

Jill West, CompTIA Cloud+ Guide to Cloud Computing, 2nd Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or
posted to a publicly accessible website, in whole or in part. 17
What is subnetting?

• Subnetting is the process of dividing a network into two or more smaller


networks.

• Subnetting is useful for several reasons


o Performance
o Logically breaking up physical networking environments
o Security

Jill West, CompTIA Cloud+ Guide to Cloud Computing, 2nd Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or
posted to a publicly accessible website, in whole or in part. 18
Network and Broadcast address
◦ Example: 10.15.67.128 - 10.15.67.191

Network address
◦ 10.15.67.128 - 10.15.67.191
◦ The lowest IP Address in the range
◦ Identifies a particular subnet (along with CIDR or mask)

Broadcast address
◦ 10.15.67.128 - 10.15.67.191
◦ The highest IP Address in the range
◦ Used to broadcast to every other IP within the subnet

Jill West, CompTIA Cloud+ Guide to Cloud Computing, 2nd Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or
posted to a publicly accessible website, in whole or in part. 19
First host and last host
◦ Example: 10.15.67.128 - 10.15.67.191

First host (first usable host) is number after network


address
◦ Network ID is 10.15.67.128
◦ First host address is 10.15.67.129

Last host (last usable host) is number before broadcast


address
◦ Broadcast ID is 10.15.67.191
◦ Last host address is 10.15.67.190

Jill West, CompTIA Cloud+ Guide to Cloud Computing, 2nd Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or
posted to a publicly accessible website, in whole or in part. 20
Next network
◦ Example: 10.15.67.128 - 10.15.67.191

Network ID of the subnet that follows the current subnet

◦ One higher than the broadcast IP


◦ Next network is 10.15.67.192
◦ Same as the network ID in the next subnet

Jill West, CompTIA Cloud+ Guide to Cloud Computing, 2nd Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or
posted to a publicly accessible website, in whole or in part. 21
Without subnetting
Example 1: 200.1.0.0 /24
• Binary representation:
• /24 means first 3 octets (24 bits) are used in the network ID
• 8 host bits are available (last octet)

• 8 bits of host ID = 2^8 = 256


addresses possible
• Subtract two for the network
address and the broadcast
address = 254 usable hosts
• Host address range is .1 - .254

Jill West, CompTIA Cloud+ Guide to Cloud Computing, 2nd Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or
posted to a publicly accessible website, in whole or in part. 22
2 SUBNETS
Example 2: Network address 200.1.0.0 /25
• Binary representation:

• If we “borrow” one bit from the host ID (last octet), we can split the
network into two subnets:

• 7 bits allow (2^7) =128 hosts and


(128-2 = 126) usable host IDs / subnet
• Network .0, Broadcast .127

• Hosts: .1 - .126

• Next Subnet starts at .128


Jill West, CompTIA Cloud+ Guide to Cloud Computing, 2nd Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or
posted to a publicly accessible website, in whole or in part. 23
4 SUBNETS
Example 3: Network address 200.1.0.0 /26
• Binary representation:

• “borrow” 2 bits from the host ID (last octet), split into four subnets:

• 6 bits allow (2^6) =64 hosts and


(64-2 = 62) usable host IDs / subnet.
• Network .0, Broadcast .63
• Hosts: .1 - .62
• Next Subnet starts at .64
Jill West, CompTIA Cloud+ Guide to Cloud Computing, 2nd Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or
posted to a publicly accessible website, in whole or in part. 24
IPv6 address
• IPv6 is based on 128 bits instead of 32 bits

• IPv6 provides a much higher number of public IP addresses than IPv4

• IPv6 does not use NAT, which improves performance

• IPv6 also has autoconfiguration and improved security using the IPsec protocol.

• Despite its advantages, IPv4 is still used by many networks and is easier to configure.

Jill West, CompTIA Cloud+ Guide to Cloud Computing, 2nd Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or
posted to a publicly accessible website, in whole or in part. 25
IP Addressing in the Cloud

• In an on-prem network, the process of assigning private IP addresses is normally managed by a DHCP
server
− DHCP=Dynamic Host Configuration Protocol

• In the cloud, IP address assignment is more automatic, being assigned chronologically from specific IP
address ranges that are defined when you create the virtual network and its subnets

• In a cloud-based subnet, there may be additional reserved addresses that are not available for a host

Jill West, CompTIA Cloud+ Guide to Cloud Computing, 2nd Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or
posted to a publicly accessible website, in whole or in part. 26
Reserved addresses: AWS
• In a VPC in AWS, additional addresses are reserved for AWS. In this example, only 251
addresses are available in each subnet out of 256.

Jill West, CompTIA Cloud+ Guide to Cloud Computing, 2nd Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or
posted to a publicly accessible website, in whole or in part. 27
Cloud Network Interfaces
• Each interface on a computer or network device needs its own IP address and can be configured with
different rules

• When you create a VM, you also create a virtual network interface resource with its own ID number and
configuration settings

• The vNIC (virtual network interface card) provides a connection between the VM and its subnet in a
virtual network

• Improved network performance is achieved using a technology called SR-IOV (single root input/output
virtualization
− The host passes network traffic directly to its NIC hardware rather than processing the traffic through
the internal, virtual switch created by the hypervisor

Jill West, CompTIA Cloud+ Guide to Cloud Computing, 2nd Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or
posted to a publicly accessible website, in whole or in part. 28
Section 4-3: Networking in AWS

• When you create a network in a public cloud, you’re reserving your own space within that larger cloud
environment, which is known as a VPC (virtual private cloud)
− This is called a VNet in Azure

• When you first create an account, AWS creates a default VPC for you

• When you create a VM instance in AWS, the instance is automatically configured to work within your
default VPC unless you change this setting

• Within the VPC, you can configure subnets, route tables, network gateways, and network connections

Jill West, CompTIA Cloud+ Guide to Cloud Computing, 2nd Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or
posted to a publicly accessible website, in whole or in part. 29
Regions in AWS (1 of 2)
• AWS offers services in more than two dozen geographical regions around the world

• Each region is named for the geographic location of AWS’s physical data centers in that area and has an
identity code

• When you create an AWS account, you’re assigned a default region close to you, which you can change

• Reasons you might want to change include the following:


− Cost estimates of the resources you intend to use, as costs can vary among regions
− Inherent latencies for a specific region, as some regions perform better than others
− Available features in a region, as not all services are available in all regions
− Region is closer to the users who access the resources regularly

Jill West, CompTIA Cloud+ Guide to Cloud Computing, 2nd Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or
posted to a publicly accessible website, in whole or in part. 30
Regions in AWS (2 of 2)

Figure 4-7 AWS public regions in


North America

Jill West, CompTIA Cloud+ Guide to Cloud Computing, 2nd Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or
posted to a publicly accessible website, in whole or in part. 31
Availability Zones in
AWS

Figure 4-8 Using multiple availability


zones (AZs) in an AWS region can
provide redundancy for cloud
resources

Jill West, CompTIA Cloud+ Guide to Cloud Computing, 2nd Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or
posted to a publicly accessible website, in whole or in part. 32
VPCs in AWS (1 of 2)

• Each default VPC is automatically assigned a /16 IPv4 CIDR range, though you can assign smaller spaces
to your custom VPCs

• Every VPC spans all AZs in its region

• DNS and DHCP options are initially set at the VPC level

• When you create a new VPC, you have options to assign CIDR ranges, plan, track and monitor IP
addresses using the Amazon IPAM (IP address management) tool

Jill West, CompTIA Cloud+ Guide to Cloud Computing, 2nd Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or
posted to a publicly accessible website, in whole or in part. 33
VPCs in AWS (2 of 2)

Figure 4-11 Change a VPC’s CIDR


range, DHCP options, or DNS
settings

Jill West, CompTIA Cloud+ Guide to Cloud Computing, 2nd Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or
posted to a publicly accessible website, in whole or in part. 34
Subnets in AWS

Figure 4-12 Public subnets in AWS


have access to the Internet, whereas
private subnets do not

Jill West, CompTIA Cloud+ Guide to Cloud Computing, 2nd Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or
posted to a publicly accessible website, in whole or in part. 35
AWS Summary: Region, VPC, AZ, Subnet

From AWS Academy video

Jill West, CompTIA Cloud+ Guide to Cloud Computing, 2nd Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or
posted to a publicly accessible website, in whole or in part. 36
NAT (Network Address Translation)
• NAT (Network Address Translation) allows your network to communicate with the internet without exposing the IPs of the
individual computers in the network.

• NAT translates private IP addresses in an internal network to a public IP address before packets are sent to an external network.

• A router manages the traffic and allows multiple devices to share the same internet connection.

• The default gateway


is the IP address of the Public IP address
192.168.1.2
router. Assigned by your ISP
24.22.111.125

Private IP addresses
192.168.1.3
assigned by you

Private
Default Gateway
192.168.1.4 192.168.1.1

Jill West, CompTIA Cloud+ Guide to Cloud Computing, 2nd Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or
posted to a publicly accessible website, in whole or in part. 37
Gateways and Route Tables in AWS (1 of 6)

• Common virtual network devices you’ll need in your VPCs include the following:
− An IG or IGW (Internet gateway) provides a path to and from the Internet for resources hosted
within the VPC, as well as provides NAT (network address translation) services for instances that
have a public IP address within your public subnets
− A route table determines where traffic within and from the VPC is routed
− An NGW (NAT gateway) device gives resources in a connected private subnet egress-only
(outbound only) access to the Internet

Jill West, CompTIA Cloud+ Guide to Cloud Computing, 2nd Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or
posted to a publicly accessible website, in whole or in part. 38
Gateways and Route
Tables in AWS (2 of 6)

Figure 4-13 An Internet gateway,


NAT gateways, and route tables in
AWS

Jill West, CompTIA Cloud+ Guide to Cloud Computing, 2nd Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or
posted to a publicly accessible website, in whole or in part. 39
Gateways and Route Tables in AWS (3 of 6)

Figure 4-14 Two


routes send local
traffic to the local
subnet and all other
traffic to the Internet
gateway

Jill West, CompTIA Cloud+ Guide to Cloud Computing, 2nd Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or
posted to a publicly accessible website, in whole or in part. 40
Gateways and Route Tables in AWS (4 of 6)

• NAT Gateways
− Instances running in a private subnet might need to communicate across the Internet, which can be
accomplished by creating an NGW in a public subnet and then routing Internet-bound traffic from
the private subnet to the NGW
− Instances in the private subnets remain protected from Internet-initiated traffic
− Instances in the private subnets can communicate outward to the Internet
− Fewer public IP addresses are required to allow this Internet-directed traffic
− Traffic can be more tightly monitored and filtered

Jill West, CompTIA Cloud+ Guide to Cloud Computing, 2nd Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or
posted to a publicly accessible website, in whole or in part. 41
Gateways and Route Tables in AWS (5 of 6)
• Three-Tier Architecture in the Cloud
− An additional approach to segmentation used by cloud providers is called a three-tier architecture, or
tiering
− Tiering places virtual devices into three logical areas:
 The presentation tier is represented by the client devices used to access the application or
website
 The logic tier is represented by the server that hosts the application or website
 The data tier contains one or more databases that are not accessible from the Internet and only
communicate with resources in the logic tier

Jill West, CompTIA Cloud+ Guide to Cloud Computing, 2nd Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or
posted to a publicly accessible website, in whole or in part. 42
Gateways and Route Tables in AWS (6 of 6)

Figure 4-15 Basic three-tier


architecture

Jill West, CompTIA Cloud+ Guide to Cloud Computing, 2nd Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or
posted to a publicly accessible website, in whole or in part. 43
Section 4-4: Networking in Azure

• Azure calls its virtual networks VNets instead of VPCs

• There are many similarities between AWS’s and Azure’s networking services

Jill West, CompTIA Cloud+ Guide to Cloud Computing, 2nd Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or
posted to a publicly accessible website, in whole or in part. 44
Regions and Availability Zones in Azure
• Microsoft’s largest segment type is called geographies . A geography contains multiple Azure regions to
provide data residency and compliance boundaries for discrete markets.

• Microsoft offers nearly 60 Azure regions worldwide

• Availability zones contain at least three AZs where each AZ consists of one or more completely separate
physical data centers
− Not all of Azure’s regions offer availability zones

• Microsoft guarantees at least 99.99 percent uptime when VM resources are backed up across at least two
AZs

Jill West, CompTIA Cloud+ Guide to Cloud Computing, 2nd Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or
posted to a publicly accessible website, in whole or in part. 45
VNets and Subnets in Azure (1 of 2)

Figure 4-18 Azure VNet resources


can be distributed across multiple
availability zones

Jill West, CompTIA Cloud+ Guide to Cloud Computing, 2nd Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or
posted to a publicly accessible website, in whole or in part. 46
VNets and Subnets in Azure (2 of 2)

Figure 4-19 Subnets in an Azure


VNet can communicate with one
another by default

Jill West, CompTIA Cloud+ Guide to Cloud Computing, 2nd Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or
posted to a publicly accessible website, in whole or in part. 47
Route Tables in Azure

• When you create a VNet, Azure automatically generates system routes that enable communication
between all resources within the VNet
− These system routes cannot be changed

• You can create a route table with routes that will override the default system routes

• Azure does not rely on IGs the way AWS does, however, you can create a NAT gateway through the
Azure Virtual Network NAT service to manage outbound Internet connectivity

Jill West, CompTIA Cloud+ Guide to Cloud Computing, 2nd Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or
posted to a publicly accessible website, in whole or in part. 48
Section 4-5: Networking in GCP

• GCP is set up very similarly to AWS

• There are some differences including the following:


− A GCP VPC is global, meaning it spans all regions by default
− A GCP VPC does not have an IP range assigned to it – CIDR ranges are defined only at the subnet
level
− IPv6 traffic is only supported to external resources, not between resources internal to a GCP VPC

Jill West, CompTIA Cloud+ Guide to Cloud Computing, 2nd Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or
posted to a publicly accessible website, in whole or in part. 49
Regions and Zones in GCP

• GCP has nearly 30 regions worldwide


− Most of the regions have at least three zones with independent power, cooling, networking, and
control planes

• A VM in one region can communicate with a VM in another region without relying on the public Internet
infrastructure
− This provides a layer of security

Jill West, CompTIA Cloud+ Guide to Cloud Computing, 2nd Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or
posted to a publicly accessible website, in whole or in part. 50
VPCs and Subnets in GCP (1 of 2)

• A GCP VPC spans multiple regions

• When you create a VPC using auto mode, you automatically get a subnet in each region for that VPC

• Auto mode networks use preconfigured IP address ranges


− You can use custom mode and choose where your subnets are located

• An advantage of global VPCs is that you can access distant regions from on-prem resources through a
single VPC connection

Jill West, CompTIA Cloud+ Guide to Cloud Computing, 2nd Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or
posted to a publicly accessible website, in whole or in part. 51
VPCs and Subnets in GCP (2 of 2)

Figure 4-22 A single VPC can span


all of GCP’s regions

Jill West, CompTIA Cloud+ Guide to Cloud Computing, 2nd Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or
posted to a publicly accessible website, in whole or in part. 52
Routes in GCP
• Routes in GCP are applied at the VPC level, not at the subnet level

• Instances within the subnet maintain their own copy of applicable routes

• When a route table is created, two types of routes are automatically generated by the system:
− System-generated
 Subnet routes direct traffic between all the VPC’s subnets
 A Default route sends all other traffic to the default Internet gateway
− Custom
 Dynamic routes are created automatically by a Cloud Router service
 Static routes are created manually by a cloud user

Jill West, CompTIA Cloud+ Guide to Cloud Computing, 2nd Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or
posted to a publicly accessible website, in whole or in part. 53
Summary

Now that the lesson has ended, you should be able to:

1. Explain how common networking concepts apply to cloud networking

2. Discuss IP address concepts and IP spaces in the cloud

3. Discuss concepts of AWS networking resources

4. Discuss concepts of Azure networking resources

5. Discuss concepts of GCP networking resources

Jill West, CompTIA Cloud+ Guide to Cloud Computing, 2nd Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or
posted to a publicly accessible website, in whole or in part. 54

You might also like