Is subnetting any different in the cloud?

Traditional network engineers stumble with this question. Let's dive in and take a look at cloud networking!

In a traditional on-pemise networks, you create subnets for several reasons, such as to minimize the broadcast domain or to group similar servers together, create DMZ and restrict or permit what traffic flows where.

To start, you will need a public and a private subnet, and at least one subnet per VPC.

In public clouds, broadcast traffic is often eliminated. Securing traffic to and from the server is accomplished with security groups, which are applied directly on virtual instances. This diminishes the benefit of grouping like servers together to simplify firewall rules.

Network ACLs are applied at the VPC, although since every subnet must have a unique CIDR block, you can write filters based on subnet IP addresses.

Route tables are applied at the subnet, with all subnets using the "main" route table by default.

You should actually group as much as possible into the same subnet in AWS since there are costs associated with routing between subnets. For routing between subnets it is $0.01 per GB, compared to $0.02 GB to route between regions.

In Amazon's AWS and Azure's Cloud there are requirements

1. Subnets do not span multiple availabilty zones. If you want your resources spread across multiple availability zones, you need multiple subnets.
2. Internet GW allows both inbound and outbound access to the internet whereas the NAT Gateway only allows outbound access. "Public" subnets have to use the Internet GW as the default gateway. "Private" subnets use a NAT gateway or 3rd party router or firewall.
3. NAT gateways are tied to availability zones, so for private subnets, each subnet needs its own route table, in order to route to the correct gateway.

In Google's GCP Cloud gateway selection was simplified

In GCP, Subnets are regional, as are NAT gateways. NAT gateways and regular internet gateways can be mixed and matched on the same network within the same route table. GCP will automatically determine which gateway is needed!

No matter which cloud you use, remember to leave enough room to grow!

Like traditional networking, you still have to worry about running out of IPs, and isn't always easy to renumber, or redesign later. You will need to avoid overlapping subnets if you plan to peering your Cloud VPCs, much like traditional networks and datacenters!