Networking Across the Three Clouds
Private networks, DNS, load balancers, CDNs, dedicated lines — every cloud offers all of them. The concepts are identical. What varies is the name each provider chose for the same building block. Those naming differences trip up beginners more than the concepts themselves do.
This topic is a reference map: take each networking idea from this chapter and see what AWS, Google Cloud, and Azure call it. One read through this alignment is enough to make any provider's networking documentation readable.
One genuine difference is worth knowing: on Azure, load balancing is split across two products depending on what layer of traffic you're handling. That distinction is real and explained below — everything else is just a name.
The Mapping
Start with the private network. AWS and Google Cloud both call it a VPC — Virtual Private Cloud. Azure calls the same thing a Virtual Network, shortened to VNet. Same concept: your isolated slice of the provider's network where your resources live and communicate privately. The rows below map the rest.
The One Real Naming Quirk: Azure Load Balancing
Most name differences in cloud networking are cosmetic — the same idea, different words. Azure's load balancing is a genuine split worth understanding. Azure has two products:
Azure Load Balancer operates at the network layer (Layer 4). It distributes traffic based on IP addresses and ports, without inspecting the content of the request. It's fast and handles raw TCP/UDP traffic — roughly equivalent to the most basic mode of AWS Elastic Load Balancing.
Azure Application Gateway operates at the application layer (Layer 7). It can inspect the content of HTTP requests — routing by URL path, handling SSL termination, applying rules based on request headers. This is the product that maps to AWS's Application Load Balancer (ALB). When people say "application-level load balancing" on Azure, they mean Application Gateway.
AWS, by contrast, packages its layer-4 and layer-7 load balancers under the same Elastic Load Balancing (ELB) umbrella, so the distinction is internal. Google Cloud Load Balancing similarly covers both modes. Only Azure names them as separate services.
The Constants
Behind every name change, the purposes are identical. Every cloud gives you: a private network to isolate resources; a managed DNS service to name them; a load balancer to spread incoming traffic; a CDN to cache content near users; and a dedicated line option to bypass the public internet when you need a private, predictable connection. The vocabulary differs; the architecture does not.
Reading an Architecture Diagram
When you look at an architecture diagram from any of the three clouds, the networking layer always assembles the same pieces. There is a private network containing servers and databases. Something at the edge — a load balancer, an Application Gateway — receives incoming requests. A CDN may sit in front of the whole thing. DNS routes users to the right entry point. A VPN or dedicated line may connect the cloud network to an on-premises building. Once you know what each piece does, you can read any diagram regardless of which provider it depicts.
- "Each cloud's networking is a completely different beast." The concepts are identical across all three. Only the names differ. Once you understand what a private network, a load balancer, and a CDN do, you can work in any provider's environment.
- "VPC and VNet are different concepts." They are the same concept with different names. AWS and Google Cloud use VPC; Azure uses VNet. Both are isolated private networks inside the provider's infrastructure.
- "Azure Load Balancer is the same as an AWS Application Load Balancer." It isn't. Azure Load Balancer handles Layer 4 traffic (IP and port only). Azure Application Gateway handles Layer 7 (application-level HTTP routing) — that's the closer match to AWS ALB.
- "Direct Connect, Cloud Interconnect, and ExpressRoute are all the same product from different providers." They serve the same purpose — a dedicated physical link that bypasses the internet — but they are distinct services with their own configurations, pricing, and availability.
- Networking names are the biggest source of confusion when moving between providers. This alignment removes most of that fog in one pass.
- Knowing that Application Gateway is Azure's layer-7 load balancer — not the Azure Load Balancer — prevents misreading Azure architecture diagrams and documentation.
- When you read a job description, a design doc, or a vendor comparison that mentions Route 53, Cloud Interconnect, or Front Door, you now know exactly which networking concept each name refers to.
Knowledge Check
AWS VPC and Azure VNet both refer to which networking concept?
- A private cloud network
- A CDN edge location
- A managed DNS service for domain name lookup
- A load balancer that distributes traffic across servers
On Azure, which service is the closest equivalent to AWS's Application Load Balancer — handling Layer 7 (application-level) traffic?
- Application Gateway
- Azure Load Balancer — it handles all layers of traffic equally
- Azure Front Door — it routes application traffic globally
- ExpressRoute — it handles application requests via a dedicated line
Google Cloud's dedicated physical connection service (equivalent to AWS Direct Connect) is called what?
- Cloud Interconnect
- Cloud VPN — Google's encrypted tunnel service
- Cloud CDN — Google's content delivery network
- VPC peering — links two Google Cloud networks together
Which statement best describes cloud networking across AWS, Google Cloud, and Azure?
- The concepts are identical; the names differ between providers
- AWS networking is fundamentally different from Google Cloud and Azure
- VPC and VNet represent different networking concepts with different purposes
- Each cloud requires a specialist who only knows that provider's networking
You got correct