The first thing a network architect would ask when designing a single or multi-cloud network is, are there any reference architectures? How do I build networks in the cloud? Where can I find some guides and blueprints to design a Cloud Network?
If you’re just getting started with the cloud or cloud networking and looking for some learning resources around cloud networking fundamentals, check out my previous post here: https://www.bayupw.cloud/posts/2022/20220620-cloud-networking-learning-resources/
When designing network on-prem, we have tons of resources, courses, reference architectures for network architects that can serve as guides and blueprints for designing network. Cisco has CCDA up to CCDE, Juniper has JNCDA and JNCDS, or VMware NSX has VCAP-NV design and VCDX-NV. Additionally, there are well-known reference architectures like Cisco Validated Design or VMware NSX-T Design Guide that can be used as a guidance for designing a real production deployment.
Each CSP Runs It’s Own Network
If you’ve worked with multiple CSPs (Cloud Service Providers) or at least know how cloud networking works on each CSP, you’ll notice that each one has different networking constructs and features. Building a multi-cloud network using cloud native constructs - a DIY hub and spoke - is like building multiple data centres using different networking vendors. Imagine you have three data centres where you’re deploying Cisco ACI on the first one, Arista switches with CloudVision on the second data centre, and perhaps some Juniper QFX series for the third data centre. You would need three different designs and day-2 operations would be a nightmare.
Maybe you’re building a single cloud only network and you could argue that you can apply the same principles as you would at on-prem with core-distribution-access or spine-leaf architecture? Jose Moreno shows nicely with some diagrams in his blog here: https://blog.cloudtrooper.net/2022/01/18/is-the-core-distribution-access-design-dead/. But as Jose said in his blog:
There is no common network architecture paradigm for public cloud networking.
Not even for a single cloud provider.
Cloud Networking Design Isn’t Just About Speed and Feeds
Perhaps you’ve managed to build a hub & spoke architecture with hybrid connectivity maybe even supports multiple regions. During one of our ACE-Pro sessions, I remember one of my colleague Frankie Stroud reminding everyone that Cloud Networking is more than just speed and feeds . As part of the cloud network design, other aspects such as availability, manageability, performance, security, and even costs need to be considered.
Hybrid connectivity for instance, by default private circuits are not encrypted which can pose a security risk issue for some organisations. Day-2 operations on the other hand are a big topic too, especially when it comes to visibility and troubleshooting. How the network team will monitor and operate the network. To troubleshoot network issues in GCP, for example, with cloud native tools the network team will need to learn how to use and export VPC Flow Logs to GCP BigQuery and learn how to build queries as shown in this GCP self-paced lab: https://www.cloudskillsboost.google/focuses/1236?parent=catalog. Adding just one more cloud will require the network team to learn a totally new and different platform then find a way to stitch network information together to monitor and troubleshoot a multi-cloud network environment.
On the cost side for example, depending on how you choose and design the solution, the ongoing cost may be different. For instance, there might be charges for data transfer in/out and perhaps you’re designing a solution which have an option of choosing to deploy in a centralised mode or a distributed mode which can affect costs as well.
Check out these Design Exercise for Cloud Architects sessions based on a real world scenarios where Aviatrix Architects and the audience brainstorm a few design options based on customer requirements using native CSP constructs and third-party vendors like Cisco CSR, Security Firewall vendors, SD-WAN vendors, and Aviatrix.
- Design Exercise for Cloud Architects Session 1: https://www.youtube.com/watch?v=aIL44MsNRhY
- Design Exercise for Cloud Architects Session 2: https://www.youtube.com/watch?v=fuhiDw08DVY
- Design Exercise for Cloud Architects Session 3: https://www.youtube.com/watch?v=9oltaCRTuyQ
- Design Exercise for Cloud Architects Session 4: https://www.youtube.com/watch?v=wApn73H71LI
I highly recommend the design exercises regardless of whether or not you would consider Aviatrix. You might be working on a project that have similar requirements as one of the design scenarios. For any upcoming design exercise sessions, keep an eye on Aviatrix’s LinkedIn page https://www.linkedin.com/company/aviatrix-systems and Aviatrix Events page https://aviatrix.com/events/
This type of design exercise is also part of the ACE-Professional https://aviatrix.com/ace-professional/ program, where you’ll get a chance to do a design together in a group and present it on day-3 of the course. The ACE-Pro course also offers multi-cloud networking hands-on labs where you get your own pod and access to multiple CSP consoles - if you currently don’t have any access to AWS Console or Azure Portal to examine the cloud networking constructs, this is your chance! Here’s the link to the upcoming APJ ACE-Pro course on the 5th July 2022: https://events.aviatrix.com/aceprofessional07052022
If the APJ timezone doesn’t work for you, have a look at the ACE Training page to see if there’s any upcoming ACE-Pro course within your timezone: https://aviatrix.com/ace-multicloud-networking-training/
Cloud Network Design Pillars and MCNA
If You Fail to Plan, You Are Planning to Fail.
— Benjamin Franklin
It was mentioned in one of the CCDE debrief session at Cisco Live LTRCCDE-3006 that network design is not widely thought about or practiced and at the same time it is the root cause of many network issues!
So if we go back to the questions that I mentioned at the beginning of the post, is there any reference architectures for cloud networks? Where can we find some guides and blueprints so we can successfully build a solid network design for cloud infrastructure?
At Aviatrix, we get the chance to help our customers solve single-cloud networking problems and also help them build a secure multi-cloud network. As a result of combining all the expertise and the cloud networking black belts, Aviatrix team has managed to create blueprints and reference architectures for cloud network architects in the form of Multi-Cloud Network Architecture (MCNA) and Cloud Network Design Pillars, which can be used as a guide for planning and designing single or multi-cloud network architecture.
Check out Frankie’s blog for more explanations on MCNA here: https://www.cloudsilverlining.net/post/single-and-multi-cloud-network-architecture/
For Cloud Network Design Pillars, see this video below where the ACE team explains the ACE-Design Expert certification and how the Cloud Network Design Pillars can be used to design a single or multi-cloud network.
According to what I understand, ACE-DE is similar to VCDX where you need to submit your design, defend it in-person, plus you’ll be given a design scenario during the session - an impromptu design where you need to complete the design through requirements gathering and another defense panel in less than an hour.
When I was still active in the VMware and vExpert community, I know there was a VCDX study group on slack runs by Gregg Robertson https://thesaffageek.co.uk/ where there’s a community in this space, VCDX candidates can discuss their design scenarios, get peer reviewed, even practice in a VCDX mock defense panel. As the numbers of ACE-DE keeps growing, I hope to see something similar in this space maybe like an ACE-DE study group with some mentors and ACE-DE candidates preparing to submit their design, I think that would be very useful for the cloud networking networking community.
Conclusion
Network design or cloud network design may not be something that is widely thought or practice. But the good news is that Aviatrix has provided a lot of resources in this space:
- ACE-Professional you’ll get the chance learn, build, and design multi-cloud network environment.
- Aviatrix Design Exercise Sessions: brainstorm and practice multi-cloud network design with Aviatrix Design Experts based on real word use cases and requirements.
- ACE-Design Expert: submit and defend your cloud networking design to join the ACE-DE elite team. Regardless if you’re failing or passing, I’m very certain you would learn a lot in the journey!
I hope this post has been useful to help you gain more skills and enable you to be a multi-cloud network architect. Let me know in the comments if you have any other resources for cloud networking design. I’ll see you on the next post!