Skip to main content
IMHCloud Logo
Back to glossary

Networks

A network in cloud hosting is an isolated virtual network segment where you can place and connect cloud resources using private IP addresses. It controls how instances communicate with each other and external networks.

Networking

What is a Network in cloud hosting?

A network in cloud hosting is an isolated virtual network segment where you can place and connect cloud resources using private IP addresses. When you create a network, you define an IP address range and routing rules that control how instances within that network can communicate with each other and with external networks.

Networks operate at Layer 2 (data link layer) and Layer 3 (network layer) of the networking stack. The cloud platform handles the underlying infrastructure, so you configure networks through API calls or web interfaces rather than managing physical switches or cables.

Why Networks Exist

Without networks, all cloud resources would exist on a single shared network segment. This creates security risks because any instance could potentially communicate with any other instance. It also makes it difficult to implement custom routing rules, IP address schemes, or network isolation for different applications or environments.

Networks solve this by letting you create multiple isolated network segments. You can deploy production resources on one network and development resources on another, ensuring they cannot interfere with each other. You can also design complex network topologies with specific routing rules, IP ranges, and connectivity patterns.

What Does a Network Actually Do?

  • Assigns private IP addresses to instances from a defined address range
  • Isolates network traffic between different networks by default
  • Controls Layer 2 broadcast domains to limit unnecessary network chatter
  • Enables routing between networks through virtual routers
  • Provides the foundation for attaching security groups and firewall rules
  • Allows you to design custom IP address schemes that match your infrastructure needs
  • Supports connecting to external networks like the internet or on-premises data centers

When Would I Use a Network?

You need a network whenever you deploy cloud instances. Every instance must connect to at least one network to communicate with other resources or the internet.

Use multiple networks to separate different environments. Create one network for production workloads and another for development to ensure test traffic never impacts production systems.

Use multiple networks for security boundaries. Place database servers on a private network without internet access, and connect web servers to both a public network (for internet traffic) and the private network (for database queries).

Use multiple networks for multi-tier application architecture. Deploy frontend servers on one network, application servers on another, and database servers on a third, then use routers to control traffic flow between layers.

When Would I NOT Use a Network?

You cannot avoid using networks entirely. Every cloud instance requires network connectivity to function.

You might not need multiple networks if you run a simple application with minimal security requirements. A single network with security groups can handle basic workloads without the complexity of multi-network designs.

Avoid creating excessive networks for organizational purposes. Managing dozens of networks adds complexity with little benefit. Use subnets within a single network instead of creating separate networks for minor segmentation needs.

Real-World Example

Company A runs an e-commerce platform on cloud infrastructure. They create three networks: a public network (10.0.1.0/24) for load balancers that accept customer traffic, an application network (10.0.2.0/24) for web servers and API services, and a database network (10.0.3.0/24) for data storage.

They attach a router to connect these networks with specific rules: the public network can forward traffic to the application network on ports 80 and 443, the application network can connect to the database network on port 3306, but the database network cannot initiate outbound connections. This network design ensures customers can access the website, web servers can query databases, but a compromised database server cannot be used to attack other systems or exfiltrate data to the internet.

Frequently Asked Questions

Do I need more than one network?

Most production deployments benefit from multiple networks. You will need at least two networks if you want to separate public-facing resources from private backend systems. Single-network deployments are only suitable for simple applications where all components can exist on the same network segment with shared security policies.

Does creating a network affect existing resources?

Creating a new network does not impact existing instances or networks. Networks are isolated by default, so adding a network has no effect on other network segments. If you want instances on different networks to communicate, you will need to connect the networks using a router and configure routing rules.

What happens if I delete a network?

You cannot delete a network that has active connections. The cloud platform will reject deletion attempts if instances, routers, or other resources are attached to the network. You must first detach or delete all connected resources, then you can delete the empty network.

Can instances connect to multiple networks?

Yes, instances can attach to multiple networks simultaneously. Each network connection appears as a separate virtual network interface with its own IP address. You might connect a web server to both a public network for customer traffic and a private network for database connections. The instance routes traffic to the appropriate network based on destination IP addresses.

How do networks relate to subnets?

Networks are the top-level container, while subnets are subdivisions within a network. Some cloud platforms let you create a network and then carve it into multiple subnets for finer-grained control. Other platforms combine network and subnet concepts into a single object. You will need to check your cloud platform's specific implementation to understand whether you define networks and subnets separately or together.

Summary

  • A network is an isolated virtual network segment where you place and connect cloud instances using private IP addresses
  • Networks control Layer 2 and Layer 3 connectivity between resources, enabling custom routing rules and IP address schemes
  • Multiple networks provide security boundaries by isolating different environments, applications, or tiers from each other
  • Every instance must connect to at least one network, but complex deployments typically use multiple networks with routers controlling traffic flow between them
  • Networks form the foundation for cloud networking, with subnets, security groups, and routers building on this base layer

Related Terms

  • Subnet: A subdivided portion of a network with its own IP address range, such as dividing a 10.0.0.0/16 network into 10.0.1.0/24 and 10.0.2.0/24 for frontend and backend services.
  • Instance (virtual machine): A virtual server that connects to one or more networks through virtual network interfaces, such as attaching a web server instance to both a public and private network.
  • Router: A virtual routing device that connects multiple networks and controls traffic flow between them, such as routing traffic between your private network and the internet.
  • Security group: A set of firewall rules that controls network traffic to instances, such as allowing HTTP traffic on port 80 from the internet while blocking all other inbound connections.
  • Floating IP: A public IP address that can be dynamically assigned to instances on private networks, such as attaching a static public IP to your web server for external access.