Hi all,
I'm a former network engineer. Now I work mostly with AWS cloud where networking is abstracted (at least in my role).
I've recently been wondering about the relevance of network subnetting in the cloud and thought I would run my questions by some network engineers (hopefully some with cloud experience).
In a traditional on-pemise networks, you create subnets for several reasons, such as to minimize the broadcast domain or to group similar servers together. This tends to provide other ancillary benefits. If you put all the web servers on the same subnet, you can confidently and effectively allow traffic to *all* web servers on ports 80 and 443 with just one rule to the web server subnet. In IPAM, you can find all web servers by referencing the subnet where you placed all of them. Taking it a bit further, you could use subnetting as a means of easing network engineering/administration (e.g. map server VLAN ID to IP subnet octet, use the same octet for file servers across offices, etc).
In AWS cloud, broadcast traffic is eliminated. So the benefit of subnetting on the ground of broadcast suppression is nil. Securing traffic to/from the server is accomplished with security groups, which are applied directly on virtual instances. This diminishes the benefit of grouping like servers together to simplify firewall rules. Network ACLs work more like router ACLs, but applied to the subnet as a whole and are stateless; therefore, they have a very narrow purpose. IP address management is handled automatically by the underlying cloud router, and tracking IP usage can be done through the web console or web APIs. Lastly, the ancillary benefits are also reduced because you don't manage VLANs in the cloud and and there are better ways of easing network administration.
My questions are:
- In the cloud, how relevant are the aforementioned benefits of subnetting?
- How important is it to put all the similar servers in the same subnet in the cloud?
Thank you!
No comments:
Post a Comment