Differences between On-Prem Networking and Cloud Networking
from a security, architecture and operational perspective
Multiple Availablity Zone and Cross Region
When it comes to high availability and scalability, cloud networking has an edge over data center networking.
Multiple Region and Availablity Zone and peered VPCs can be provisioned on-demand almost instantly on cloud while setting up a conventional data center could take weeks if not months.
Full Control over the Network Infrastructure
Cloud networking operates on the “Shared Responsibility Model” which means CSP manages the network infrastructure, things like VLAN tags are out of customer’s control.
Certain networking capabilities such as multicast routing is also not supported by every cloud provider. It is changing though, at the time of writing, AWS just announced support for multicast on transit gateways.
Single Tenant vs Multi-Tenant
Cloud network such as VPC typically runs on infrastructure that is shared with other customers while on-premises data center usually is owned by the organization.
API and Compatibility
Cloud networking provides APIs that is an integral part of the Cloud service. For example, AWS VPC provides API that are integrated with EC2.
On-premises data centers use technologies of their choice. Some such as Cisco ACI and Nutanix provide their own set of APIs.
On-premises networks can provide very low network latency. It’s not hard to find switches that provide nano second latency. For instance, Cisco has switches that have 39ns port-to-port latency.
CSPs like AWS are catching up but is nowhere near as good yet.
Legacy Systems and BYOD
Legacy systems that are installed on the data center rely on specific HSM modules could be part of a mission critical system.
When planning on migrating such systems to cloud, “lift and shift” strategy don’t work because most cloud service providers do not allow BYOD.
IP Address Allocation
Cloud networking usually reserve a few IPs on each subnet for the cloud infrastructure.
For example, AWS reserves first four IP addresses and the last IP address in each subnet CIDR block. See detail