As enterprises scale their operations across multiple regions and countries, leveraging the global infrastructure of Amazon Web Services (AWS) or Microsoft’s Azure becomes an obvious choice. These cloud providers offer an extensive network of data centers worldwide, enabling organizations to deploy applications closer to end users, meet compliance requirements, and achieve high availability.
It hasn’t always been easy though. Early adopters to cloud probably quickly ran into challenges when it came to their networking. Even those that arrived later may have applied strategies that worked well on-prem, only to find out they’re not so effective in the cloud.
In fact, it’s common to find enterprises of many types start to face network growing pains as their cloud footprint grows. Let’s explore some of the most common networking challenges enterprises face using AWS.
VPC’s, VPC’s, VPC’s
When enterprises first adopt AWS, they often begin with a few Virtual Private Clouds (VPCs) in a single region. But as they scale up, things get complicated fast. Here are some of the most pressing challenges enterprises encounter:
Spaghetti Architecture with VPC Peering
One of the earliest AWS networking features, VPC peering, allows point-to-point connectivity between two VPCs. While simple and effective for small environments, it quickly becomes unmanageable in large-scale deployments.
Each peering connection must be individually created and maintained. And because VPC peering is non-transitive, meaning you can’t use peering with one VPC to connect with a VPC it’s peered with, each VPC must be peered with each other one it needs to connect with. As the number of VPCs grows, the number of possible connections increases quadratically. Enterprises often end up with a tangled mesh of connections—known jokingly as “VPC spaghetti.”
Multi-Account and Multi-Region Fragmentation
Modern cloud governance encourages the use of multiple AWS accounts to separate environments (e.g., dev, test, prod) and teams. Similarly, multi-region deployments help enterprises achieve low latency and redundancy.
But every new account and region can mean a new VPC. And connecting these securely and efficiently becomes a major operational burden. DNS resolution, route propagation, and access control must be coordinated across accounts and regions, often with custom scripts or third-party tools.
Service-to-Service Communication
Even within a single region or account, enabling secure and discoverable communication between services (especially microservices) across VPCs requires load balancers, private DNS, and custom logic. Multiply that by dozens or hundreds of services, and you get a fragile, complex setup prone to configuration errors.
CIDR Block Depletion
If you’re connecting your VPC’s through peering or via a Transit Gateway, and you have a lot of them, or you’re connecting to on-prem networks, one of the other challenges you might face is a depletion of your available CIDR blocks.
The single largest block of private IP’s available is 10.0.0.0/8, which contains 16,777,216 individual addresses. That may sound like plenty. But if you start to spread that out across your VPC’s in AWS, and maybe a second cloud provider like Azure, and on-prem, in large blocks, you could start to run into constraints. And don’t forget scaling services, like Kubernetes or Lambda, which might need VPC’s of their own. Managing these CIDR blocks in fully connected networks with no address overlap can become a nightmare against this constraint..
Lots of Pain- so what’s the solution?
If you run networking in a public cloud or hybrid environment, you’re probably bumping up against one of more of these challenges. Service connectivity, network segmentation, and efficient address management in the enterprise cloud environment are all important. But they become hard to manage when you face challenges like the ones I mentioned.
So what is the solution? There’s no simple answer to these challenges, but luckily AWS has released several new services over the last several years that make it a lot easier for organizations to tackle these items head on. In my next post, I’ll walk through what some of these are.
Feel free to drop a comment below or send me a message on your experience or questions!
