Route of All Evil
Summary
Cloud networking still breaks when teams assume the platform will “just handle it,” and Carl and Brandon dig into why. They challenge that myth and show where parity falls apart across providers: VNet, VPC, and VCN primitives look familiar but behave differently in defaults, region and zone design, and routing/security expectations. From there, the episode moves into foundational design pressure points such as IPv4 range planning, overlapping CIDRs, Kubernetes networking overlays, and the route-level surprises that cause hard-to-diagnose failures, including asymmetric paths, BGP mistakes, and MTU mismatches.
The second half focuses on the practical failure modes teams feel in production: SNAT exhaustion that appears as random timeouts, endpoint and DNS choices that silently change traffic paths, and egress patterns that impact both reliability and cost. Load balancing choices (Layer 4 vs Layer 7), TLS termination strategy, and cloud-specific security control models all shape the final behavior of a system. The throughline is consistent: make network intent explicit, treat egress and observability as first-class design surfaces, and standardize repeatable patterns that survive provider changes.
Links
Core Networking Concepts
- RFC 1918: Address Allocation for Private Internets
- RFC 4632: Classless Inter-domain Routing (CIDR)
- RFC 4271: Border Gateway Protocol 4 (BGP-4)
- Maximum Transmission Unit (MTU)
- Asymmetric routing
Cloud Networking and Edge Services
- Azure Front Door overview
- How Cloudflare works
- Azure Virtual Network overview
- Amazon VPC user guide
- OCI Virtual Cloud Network (VCN) overview
NAT, Private Access, and Egress
Load Balancing, Security, and Operations
- Azure Load Balancer overview
- Azure Application Gateway overview
- Azure Traffic Manager overview
- Microsoft Zero Trust guidance
- Azure Network Watcher flow logs overview