Protego
Networking12 min read

Networking Basics Every Cloud Engineer Should Know

Don't let networking intimidate you. This guide covers IP addresses, subnets, DNS, and load balancing in plain language with practical examples.

I
Idan Ohayon
Microsoft Cloud Solution Architect
December 10, 2024
NetworkingBeginnersCloudDNSLoad Balancing

Why Networking Matters in the Cloud

You can be great at writing code or managing servers, but if you don't understand networking, you'll hit walls constantly. Why can't my application reach the database? Why is this timing out?

Usually, it's networking.

IP Addresses: Your Cloud Address System

An IPv4 address looks like 192.168.1.100 - four numbers (0-255), separated by dots.

Private IP ranges (used inside your network):

  • 10.0.0.0 - 10.255.255.255
  • 172.16.0.0 - 172.31.255.255
  • 192.168.0.0 - 192.168.255.255

Public IP addresses: Everything else. These are routable on the internet.

Subnets and CIDR

10.0.0.0/16 - What does this mean?

The /16 tells you how many bits are fixed:

  • /16 = first 16 bits fixed = 65,536 addresses
  • /24 = first 24 bits fixed = 256 addresses
  • /28 = first 28 bits fixed = 16 addresses

Practical Example

VPC: 10.0.0.0/16 (65,536 addresses)
├── Public Subnet: 10.0.1.0/24
├── Private Subnet A: 10.0.10.0/24
├── Private Subnet B: 10.0.11.0/24
└── Database Subnet: 10.0.20.0/24

Each subnet gets its own range. They can't overlap.

DNS: Translating Names to Numbers

Nobody wants to remember 54.231.17.108. We use names like www.example.com instead.

Common Record Types

  • A: Maps name to IPv4
  • AAAA: Maps name to IPv6
  • CNAME: Alias to another name
  • MX: Mail server
  • TXT: Text data

Private DNS

Inside your cloud network, use private DNS:

database.internal → 10.0.20.15

Your application connects to database.internal instead of an IP. If the database moves, just update DNS.

Load Balancing

When one server isn't enough, distribute traffic between multiple servers.

Types

Layer 4 (TCP): Routes based on IP and port. Faster.

Layer 7 (HTTP): Routes based on URL, headers. More flexible.

Cloud Load Balancers

CloudL4L7
AWSNLBALB
AzureLoad BalancerApplication Gateway
GCPNetwork LBHTTP(S) LB

VPNs and Private Connectivity

Site-to-Site VPN

Connects your office network to your cloud VPC through an encrypted tunnel.

Point-to-Site VPN

Individual users connect to cloud from anywhere.

Direct Connect/ExpressRoute

Dedicated physical connection. More bandwidth, more consistent, more expensive.

Troubleshooting Basics

When things don't connect, check:

  1. Security Groups / Firewalls: Is the port allowed?
  2. Route Tables: Is there a path to the destination?
  3. DNS Resolution: Can you resolve the name?
  4. Network ACLs: Stateless rules for entire subnets

Cheat Sheet

Common Ports:

  • 22: SSH
  • 80: HTTP
  • 443: HTTPS
  • 3306: MySQL
  • 5432: PostgreSQL
  • 6379: Redis

CIDR Quick Math:

  • /24 = 256 IPs
  • /25 = 128 IPs
  • /26 = 64 IPs
  • /27 = 32 IPs
  • /28 = 16 IPs

Networking isn't magic. It's just rules about how data moves from A to B. Learn the rules, and you'll solve problems much faster.

I

Idan Ohayon

Microsoft Cloud Solution Architect

Cloud Solution Architect with deep expertise in Microsoft Azure and a strong background in systems and IT infrastructure. Passionate about cloud technologies, security best practices, and helping organizations modernize their infrastructure.

Share this article

TwitterLinkedIn

Questions & Answers

Need Help with Your Security?

Our team of security experts can help you implement the strategies discussed in this article.

Contact Us