Demystifying the Shape of Traffic in the Cloud: How Cloud Monitoring Differs from Traditional On-Prem Solutions

Cloud systems are a network made up of many connected, distinct private clouds, whereas traditional on-premise networks are typically more straightforward with clear-cut edges and obvious directionality. In the cloud, network traffic sensors and flow log collectors are deployed alongside resources in distinct user-managed private clouds. This novel system of traffic monitoring differs significantly from traditional on-prem solutions where sensors are typically deployed on the edge of clearly defined, static networks. Distributed cloud sensors over distinct and uniquely routed cloud networks challenge typical assumptions of flow labeling, requiring analysts to re-frame notions of directionality and assumptions about internal and external traffic routing.

Configurations such as subnet settings, gateway types, endpoint locations, service types, route table configurations, and peering connections all change the way traffic is routed throughout cloud systems. Small changes in architectures can completely change how flows are routed between virtual private clouds (VPCs) and to and from global services. These routing changes alter the structure of flow logs. Understanding how architecture elements influence the shape of traffic gives analysts context crucial to deciphering flows.

At the Software Engineering Institute, we are exploring different cloud configurations and architecture designs to better understand and document how deployment settings impact traffic routing and monitoring throughout the cloud. We leverage Amazon Web Services’ VPC Flow Logs and cloud-deployed sensors to monitor simulated traffic and analyze how traffic flows throughout different architectures.