Computer Networks

Multi-Cloud Networks

Twitter runs on its own data centers plus GCP. Spotify migrated from its own servers to GCP while keeping AWS integrations for certain services. Multi-cloud is not hype - it's the reality of enterprise architectures.

  • **Apple** - iCloud on AWS + GCP + its own data centers
  • **Dropbox** - moved off AWS to their own servers, keeping S3 for edge cases
  • **Spotify** - GCP primary, AWS for specific services

Предварительные знания

  • Cloud Connectivity

Multi-Cloud Strategy

**Multi-cloud** is the use of multiple cloud providers simultaneously. Reasons: avoiding vendor lock-in, using the best services of each cloud, compliance requirements, geographic coverage.

Example: core infrastructure on AWS, ML workloads on GCP (TPU), legacy applications on Azure (Active Directory integration). The networking challenge: how to connect these clouds with minimum latency and maximum security?

**Multi-cloud ≠ Hybrid cloud.** Hybrid = on-premises + one cloud. Multi-cloud = multiple clouds. You can combine: hybrid multi-cloud = on-prem + AWS + GCP.

**Reasons for multi-cloud:** • **Best of breed** - GCP for ML, AWS for serverless, Azure for enterprise • **Vendor lock-in** - you don't depend on one provider • **Compliance** - EU data in European Azure regions • **Resilience** - failover between clouds • **M&A** - acquired companies use a different cloud

How does multi-cloud differ from hybrid cloud?

Cloud Interconnect

**Cloud Interconnect** is a connection between clouds at the provider infrastructure level. Instead of VPN over the internet, traffic flows over dedicated channels through Internet Exchange Points (IXP) or partner connections.

**Megaport, Equinix Fabric, PacketFabric** are software-defined interconnect services. You create virtual connections between clouds via a web portal in minutes, without any physical work.

**Google Cloud Interconnect Partners** include AWS Direct Connect - you can create a GCP↔AWS connection through a partner without a separate contract with each cloud.

Which service allows creating an AWS↔GCP connection in minutes without any physical work?

Hybrid Cloud Networking

**Hybrid Cloud** is the integration of on-premises infrastructure with the cloud. Typical scenarios: phased migration, burst capacity, data sovereignty, legacy integration.

The networking challenge of hybrid cloud: the on-premises network (192.168.0.0/16) must communicate with cloud VPCs (10.0.0.0/8) without friction. DNS resolution, consistent security policies, unified monitoring.

**DNS in hybrid cloud** is a critical component. Route 53 Resolver endpoints let on-prem DNS resolve AWS private hosted zones, and vice versa - EC2 can resolve on-prem DNS records.

**AWS Outposts / Azure Stack / GCP Anthos** - managed hardware in your data center. Cloud APIs and console, but data stays on-prem. Solves data sovereignty without architectural complexity.

How can an EC2 instance resolve DNS names from on-premises Active Directory?

Mesh VPN (WireGuard, Tailscale)

**Mesh VPN** is a modern approach to connecting distributed infrastructure. Instead of hub-and-spoke (everything through a central VPN server), nodes connect directly peer-to-peer.

**WireGuard** is a modern VPN protocol: 4,000 lines of code (vs 400,000 in OpenVPN), built into the Linux kernel, cryptographically up to date (Curve25519, ChaCha20, Poly1305). **Tailscale** and **Nebula** are layers on top of WireGuard for automatic mesh.

**Tailscale** uses DERP (Designated Encrypted Relay for Packets) servers as a fallback. If a direct connection is impossible (symmetric NAT), traffic goes through a relay. 99% of connections are direct.

**When to use mesh VPN:** • **Remote developers** - access to dev environments from home • **Multi-cloud dev** - connecting dev VPCs in different clouds • **Edge computing** - IoT devices in a mesh network • **Zero trust** - replacing VPN for employee access

Multi-cloud automatically improves reliability

Multi-cloud adds complexity and new failure points (interconnect, DNS, IAM sync)

Resilience requires proper architecture: automatic failover, consistent state between clouds, DR scenario testing. Without this, multi-cloud reduces reliability due to a larger attack surface and operational complexity

What is the advantage of mesh VPN (Tailscale) over traditional hub-and-spoke VPN?

Key Takeaways

  • **Multi-cloud** - multiple clouds for best-of-breed, compliance, vendor diversification
  • **Cloud Interconnect** (Megaport, Equinix) - software-defined connections between clouds
  • **Hybrid Cloud** - on-prem + cloud, requires DNS integration and consistent security
  • **Mesh VPN** (WireGuard, Tailscale) - P2P connections instead of hub-and-spoke
  • **Complexity tax** - multi-cloud adds operational overhead

Related Topics

Multi-cloud builds on cloud connectivity and VPN technologies:

  • Cloud Connectivity — Direct Connect, VPN - the basic building blocks
  • VPN Concepts — WireGuard and IPsec - protocols for inter-cloud tunnels

Вопросы для размышления

  • In what cases is multi-cloud justified, and when is it better to stay with a single provider?
  • How would you design DNS for a hybrid cloud with AWS and on-prem Active Directory?
  • What data would you replicate between clouds, and what would you keep in one place?

Связанные уроки

  • dist-14-sharding
Multi-Cloud Networks

0

1

Sign In