102 - Network

Ping

Read the Docs

If you want to get a better idea about the object that we will be working with in this module, you can review the docs here:

• Network

• Subnet

For a more general discussion, take a look here.

Objectives

The purpose of this short module is to demonstrate how to create a network using Tuono. We'll describe the objects created within the public cloud at deployment time and how these translate the intention described in the Blueprint to physical infrastructure matching the desired configuration.

Network Terminology

AWS

Virtual Private Cloud (VPC)

A VPC is a region-scoped pool of IPv4/IPv6 addresses, from which subnets are carved. Subnets are carved out from an associated VPC and VMs are not directly attached to these objects. An example might be 10.0.0.0/16.

Subnet

A subnet is Availability Zone-scoped, and represents a subset of the VPC CIDR range. An example may be 10.0.0.0/24. VMs are directly attached to to subnet.

Internet Gateway

An internet Gateway is attached to the VPC and allows egress and ingress communication with the public internet. It is not created by default on a private subnet and only instantiated when you need public access to your workloads.

Route Table

Directs traffic from a subnet or gateway though a set of rules called routes. A public subnet contains a route to an AWS Internet Gateway.

Azure

Virtual Network (VNet)

A VNet is region-scoped pool of IPv4/IPv6 IP addresses, from which subnets are carved. Subnets are carved out from an associated VNet and VMs are not directly attached to these objects. An example might be 10.0.0.0/16.

Subnet

A subnet is region-scoped, and represents a subset of the VNet CIDR range. An example may be 10.0.0.0/24. VMs are directly attached to to subnet.

Key Networking Concepts

Network Schema

The network allows us to define a network named vnet-walkthrough.Here we define the size of the network which corresponds to how many IP addresses will be allocated and we similarly define the scope.

As you can see, we abstract the configuration away from the implementation. We use common terms that should be well understood, but we'll show how these are implemented within the venue as we go.

We will define a public scope which allows outbound access to the internet. Tuono automatically secures inbound traffic by limiting inbound ports to ones you define.

  network:
    vnet-walkthrough:
      range: 10.0.0.0/16
      scope: public

Subnet Schema

The subnet allows us to define a subnet name subnet-walkthrough and defines a range carved out of the network. We define the network we will create the subnet in by defining the network vnet-walkthrough and will also provide the subnet with a public scope. Subnets can have various scopes inside a network allowing us to have different levels of control between each defined subnet.

  subnet:
    subnet-walkthrough:
      range: 10.0.0.0/24
      network: vnet-walkthrough
      scope: public
      firewall: fw-external-access # Module 3 defines the firewall

For additional information about scope have a read through our Network Scope documentation.

https://docs.tuono.com/userguide/cloud-provisioning/networking-security/network-scopedocs.tuono.com