# Cloud Networking Basics ## What is Cloud Networking Cloud networking refers to the networking infrastructure and services that support cloud computing environments. It includes virtual networks, load balancers, gateways, DNS services, content delivery networks, and connectivity services that connect cloud resources to each other and to the outside world. Cloud networking allows organizations to build complex network architectures in software without physical hardware. ## Virtual Private Cloud A Virtual Private Cloud or VPC is a logically isolated section of a cloud provider's network where an organization can deploy resources in a virtual network that they define. The organization controls the IP address range, creates subnets, configures route tables, and sets up network gateways. Resources in the VPC can communicate with each other but are isolated from other customers' resources. The VPC can be connected to the organization's on-premises network through a VPN or dedicated connection. ## Subnets in the Cloud Just like on-premises networks, cloud virtual networks are divided into subnets. Public subnets contain resources that need to be accessible from the internet, such as web servers and load balancers. Private subnets contain resources that should not be directly accessible from the internet, such as databases and application servers. Resources in private subnets can access the internet through a NAT gateway which allows outbound connections but blocks unsolicited inbound connections. ## Security Groups and Network ACLs Cloud providers offer security controls to filter traffic. Security groups act as virtual firewalls for individual instances, controlling inbound and outbound traffic at the instance level. Network access control lists act as firewalls for entire subnets. Security groups are stateful meaning they automatically allow return traffic for established connections. Network ACLs are stateless meaning rules must be explicitly defined for both inbound and outbound traffic. ## Cloud Connectivity Organizations connect their on-premises networks to cloud environments through several methods. A site-to-site VPN creates an encrypted tunnel over the internet from the on-premises router to the cloud VPN gateway. This is cost-effective but performance depends on internet quality. Dedicated connections like AWS Direct Connect, Azure ExpressRoute, and Google Cloud Interconnect provide private dedicated links between the organization's network and the cloud provider's network, offering more consistent performance and lower latency than internet-based VPN connections.