Understanding Cloud Networking: Overlay, SDN, VPC, and Hybrid Cloud Basics

U创营 is a cloud‑computing popular‑science series for university students, offering video lectures, illustrated explanations, and hands‑on labs to bridge theory and practice and help learners acquire basic employment‑ready skills.

The third lecture focuses on network fundamentals, introducing network principles, private networking, and hybrid‑cloud architecture.

Cloud computing is likened to water and electricity for the future Internet; network products act as the pipes and wires that connect cloud services, without which other cloud components would remain isolated nodes.

Key Challenges of Cloud Networking

Large‑scale server network management

Multi‑tenant isolation

High availability and scalability

Flexible deployment

Overlay and Underlay

Network traffic is split into two layers: the underlay provides the physical transport tunnels, while the overlay adds virtual networking on top. A packet from a VM is encapsulated, sent through an underlay tunnel, then decapsulated at the destination, making overlay and underlay networks transparent to each other.

SDN – Software‑Defined Networking

In traditional networks, IP allocation requires manual routing and security rule configuration, which cannot keep up with the dynamic provisioning of VMs in cloud environments. SDN centralizes VM location and routing information, pushing forwarding rules directly to the data plane and eliminating complex manual configuration.

NFV – Network Function Virtualization

Traditional hardware appliances such as load balancers, firewalls, and routers are replaced by software implementations in the cloud. Functions like NAT gateways are realized through virtualized software, reducing cost and deployment time.

Private Network (VPC)

A VPC (Virtual Private Cloud) provides logical isolation compared to classic networks that share address space. Within a VPC, users can design their own subnets, IP ranges, and routing policies, gaining greater flexibility and control.

ACL – Access Control List

ACLs allow precise inbound and outbound traffic control. For example, different subnets can be isolated for distinct business units by defining ACL rules between them.

NAT Gateway

A NAT gateway functions like a public router, enabling cloud resources without public IPs to access the Internet and supporting port‑forwarding for external services.

Routing Table

The routing table determines traffic flow within a VPC. Users can define custom routes, such as directing traffic through a VPN to connect on‑premises data centers with the cloud.

Hybrid‑Cloud Architecture

Hybrid cloud combines private and public clouds to overcome on‑premises hardware limits and leverage public cloud scalability. Three common deployment options are:

Device hosting: rent rack space and host own equipment.

VPN: build a secure encrypted tunnel over the public Internet.

Dedicated line: connect the on‑premises data center to the cloud via a private leased line.

These approaches enable enterprises to enjoy the convenience of cloud computing while retaining control over critical workloads.