Chapter 13
Modern and Cloud Networking
The same protocols you have learned, now wearing an API: VPCs, overlays, container networks, and service meshes are CIDR, routing, NAT, and TLS rebuilt as software.
Twelve chapters built the fundamentals on bare metal: addresses, subnets, routing, NAT, MTU, TLS. This chapter spends them. Cloud and container networking did not replace any of it — they wrapped it in an API and a controller, so the CIDR overlap that broke a peering link in chapter 3, the PMTUD black hole from chapters 2 and 12, and the mTLS handshake from chapter 8 all reappear here, now provisioned by a YAML file instead of a cable.
The four topics move up the stack of abstraction. A VPC is your physical network drawn in software; an overlay is a virtual network tunneled over someone else's; a Kubernetes cluster gives every pod its own IP and churns thousands of them per node; a service mesh pushes encryption and retries out of your code into a proxy beside it. Each layer buys you something real — multi-tenancy, mobility, per-pod isolation, transparent mTLS — and each charges an encapsulation, latency, or operational tax you have to know to size correctly.
Topics in This Chapter
VPC is your software-defined private network; subnets, route tables, and gateways replace physical wiring. Security groups vs NACLs, and the CIDR-overlap trap that blocks peering forever.VXLAN tunnels L2 in UDP for 16M segments versus VLAN's 4094, and SDN splits the control plane from the data plane — at an MTU cost.CNI plugin in overlay or routed mode. Services give stable virtual IPs over churning pods, and NetworkPolicy segments a network that is otherwise flat and fully open.Envoy sidecar beside every service handles mTLS, retries, timeouts, and telemetry, so the app makes a plain local call. L7 networking as infrastructure — and frequently more complexity than a system needs.