[lukevp]

A colocated rack is a much more limited concept than a VPC. VPCs let your architect an entire network. You can have multiple private and public subnets, set security groups to filter traffic between them, do service discovery, use policy based access control, health check load balance, and host PaaS entities into the network (like Aurora serverless). On top of that, you can flex your compute. VPC is more like a rack with a firewall, an f5, a smart switch with vlans, something like kubernetes to automatically scale compute… but there are things that aren’t even possible in a rack because you can transparently both manage your own compute with ec2 and add PaaS managed offerings like RDS, elasticsearch, kafka, etc. all to the same network.

[Spivak]

The last bit doesn’t make a whole lot of sense because AWS is all hosted in racks. It’s just that people don’t typically set up virtualized networking that way.

We did and it was fantastic. All of our “environments” were overlay networks spanning our hypervisors and we provided “ops” services outside those networks just like AWS where they just got an interface in the environments.

I'm convinced that there is no other way to manage networks after this. The ops team has their own completely separate view of the infrastructure that can be managed, moved, and shifted around so long as you keep the fiction the same.