Multi-Cloud Networking Glossary

Virtual Private Cloud provides logically isolated network sections within AWS where you launch resources in a virtual network you define.

Azure Virtual Network is the fundamental building block for private networks in Azure, enabling resources to securely communicate with each other, the internet, and on-premises networks.

Google Virtual Private Cloud provides global, scalable networking for cloud resources and hybrid connectivity with fine-grained network policies.

A range of IP addresses in a VPC. Subnets can be public or private and reside within a single Availability Zone.

A subdivision of a VNet address space that segments resources into logical groups and applies network security rules.

Regional subdivisions of a VPC network. GCP subnets are regional and can span all zones within a region.

A horizontally scaled, redundant, and highly available gateway that allows communication between a VPC and the internet.

Azure provides implicit internet connectivity through its networking stack. Public IPs and load balancers are used instead of an explicit gateway resource.

Cloud Router dynamically exchanges routes between a VPC and on-premises or other networks using BGP, enabling internet and hybrid connectivity.

A managed network address translation service that enables instances in a private subnet to connect to the internet while preventing inbound connections.

Azure NAT Gateway provides outbound internet connectivity for virtual networks, simplifying outbound-only internet access for private resources.

Cloud NAT provides outbound NAT for Compute Engine VMs and GKE nodes without external IP addresses, offering high availability and scalability.

Elastic Load Balancing distributes incoming traffic across targets. ALB operates at Layer 7 (HTTP/HTTPS), NLB at Layer 4 (TCP/UDP), and CLB is the legacy option.

Azure Load Balancer operates at Layer 4 for TCP/UDP traffic. Application Gateway is a Layer 7 load balancer with WAF, SSL termination, and URL-based routing.

A fully distributed, software-defined load balancing service that supports HTTP(S), TCP/SSL, and UDP traffic with global and regional options.

A fast content delivery network that securely delivers data, videos, applications, and APIs with low latency and high transfer speeds through global edge locations.

Azure Content Delivery Network caches content at strategically placed edge locations to minimize latency and accelerate delivery of web content to users.

Cloud CDN leverages Google's globally distributed edge points of presence to cache HTTP(S) content close to users, providing low-latency delivery.

A scalable domain name system web service that provides DNS routing, domain registration, and health checking with 100% availability SLA.

A hosting service for DNS domains that provides name resolution using Microsoft Azure infrastructure with high availability and fast performance.

A scalable, reliable, and managed authoritative DNS service running on the same infrastructure as Google, with 100% uptime SLA.

Creates an encrypted IPsec VPN tunnel between a VPC and an on-premises network or another AWS VPC over the public internet.

A virtual network gateway that sends encrypted traffic between an Azure VNet and on-premises locations over the public internet using IPsec/IKE tunnels.

Cloud VPN securely connects on-premises networks to Google Cloud VPC networks through an IPsec VPN connection with HA VPN or Classic VPN options.

A dedicated private network connection from on-premises to AWS that reduces bandwidth costs, provides consistent network performance, and bypasses the public internet.

A private connection between Azure datacenters and on-premises infrastructure or a colocation facility, offering higher reliability, faster speeds, and lower latencies than internet connections.

Provides low-latency, high-availability connections between on-premises and Google Cloud VPC networks via Dedicated Interconnect or Partner Interconnect.

A networking connection between two VPCs that enables routing traffic between them using private IPv4 or IPv6 addresses, within or across accounts and regions.

Connects Azure virtual networks seamlessly, enabling resources in either VNet to communicate with each other with low latency and high bandwidth using the Microsoft backbone.

Allows private RFC 1918 connectivity across two VPC networks, whether they belong to the same project or different organizations, using Google's internal network.

Security Groups act as stateful virtual firewalls at the instance level. Network ACLs are stateless firewalls at the subnet level for additional defense-in-depth.

Network Security Groups filter traffic at the subnet or NIC level. Azure Firewall is a managed, cloud-based network security service for VNet resources.

Distributed firewall rules that allow or deny connections to or from VM instances. Rules are applied at the network level and enforced per-instance.

Provides private connectivity between VPCs, AWS services, and on-premises networks without exposing traffic to the public internet via interface VPC endpoints.

Enables access to Azure PaaS services and customer-owned services over a private endpoint in your virtual network, keeping traffic on the Microsoft backbone.

Allows private consumption of services across VPC networks by creating private endpoints that map to Google APIs or producer services.

A web application firewall that protects web applications from common exploits by filtering malicious web traffic based on customizable rules.

Provides centralized protection of web applications from common exploits and vulnerabilities, integrated with Application Gateway and Front Door.

Provides DDoS protection and WAF capabilities for applications behind external load balancers with customizable security policies and pre-configured rules.

AWS Shield provides managed DDoS protection. Shield Standard is free and automatic; Shield Advanced adds enhanced detection, mitigation, and cost protection.

Azure DDoS Protection provides enhanced mitigation for Azure VNet resources against volumetric, protocol, and application-layer DDoS attacks.

Cloud Armor provides built-in DDoS protection for applications behind Google Cloud load balancers with always-on detection and automatic mitigation.

A service mesh that provides application-level networking for microservices with traffic management, observability, and security features using Envoy proxies.

Azure does not offer a first-party service mesh. Azure Kubernetes Service supports open-source meshes such as Istio, Linkerd, and Open Service Mesh.

A fully managed traffic control plane for service mesh that configures Envoy sidecar proxies for global load balancing, traffic policies, and telemetry.

A fully managed service to create, publish, maintain, monitor, and secure REST, HTTP, and WebSocket APIs at any scale.

A hybrid, multi-cloud management platform for APIs that provides a gateway, developer portal, and analytics for publishing APIs securely at scale.

API Gateway provides serverless API management for Cloud Functions and Cloud Run. Apigee is a full-lifecycle API management platform for enterprise workloads.

A network transit hub that connects VPCs and on-premises networks through a central gateway, simplifying network architecture and reducing peering complexity.

A networking service that consolidates networking, security, and routing functions into a single operational interface for branch, VNet, and user connectivity.

A hub-and-spoke model for network connectivity management that unifies hybrid, multi-cloud, and Google Cloud connectivity through a central hub.