A colocated rack is a much more limited concept than a VPC. VPCs let your architect an entire network. You can have multiple private and public subnets, set security groups to filter traffic between them, do service discovery, use policy based access control, health check load balance, and host PaaS entities into the network (like Aurora serverless). On top of that, you can flex your compute. VPC is more like a rack with a firewall, an f5, a smart switch with vlans, something like kubernetes to automatically scale compute… but there are things that aren’t even possible in a rack because you can transparently both manage your own compute with ec2 and add PaaS managed offerings like RDS, elasticsearch, kafka, etc. all to the same network.
The last bit doesn’t make a whole lot of sense because AWS is all hosted in racks. It’s just that people don’t typically set up virtualized networking that way.
We did and it was fantastic. All of our “environments” were overlay networks spanning our hypervisors and we provided “ops” services outside those networks just like AWS where they just got an interface in the environments.
I'm convinced that there is no other way to manage networks after this. The ops team has their own completely separate view of the infrastructure that can be managed, moved, and shifted around so long as you keep the fiction the same.
A VLAN (Virtualized [private] LAN) is a LAN all to yourself, on top of a real shared multitenant LAN, through the magic of virtualization.
So a VPC (Virtualized Private Cloud) is "a cloud" (e.g. the whole of AWS), all to yourself, on top of a real shared multitenant Cloud, through the magic of virtualization.
In both cases, the traffic going over the LAN or Cloud is isolated from other tenants by the virtualization mechanism, so you don't need to encrypt said traffic the way you would in an untrusted "just leasing several random VMs in separate racks in a colo and having them communicate over the colo's shared LAN" environment (which is what AWS's pre-VPC "Classic" EC2 environment was.)
Right. What really makes this work is that Amazon builds their own specialized routers.[1] They have a control plane hidden from their customers, one which lets them set customer-visible MAC and IP addresses more or less arbitrarily.
'All problems in computer science can be solved by another layer of indirection. But that usually will create another problem'. - David Wheeler.
Logical isolation of resources instead of physical and virtualized compute, networking, and storage.
“Virtualized racks” doesn’t make a whole lot of sense since the metaphor is lost. You don’t think of power, top of rack space how many U’s some resource will take.
If you hate the word “cloud” then IaaS might make for a better name.
