When you deploy Elastic Compute Service (ECS) instances, Server Load Balancer (SLB) instances, or ApsaraDB RDS instances, you need an isolated network where you control address allocation, routing, and access policies. A Virtual Private Cloud (VPC) provides this isolation. Each VPC operates as an independent private network on Alibaba Cloud, giving you full control over CIDR blocks, subnets, route tables, and network policies.
Components
Every VPC consists of three core components: a private CIDR block, a vRouter, and one or more vSwitches.
Private CIDR block
When you create a VPC, assign a private IP address range in CIDR notation. Use one of the standard CIDR blocks below, or define a custom range. For detailed guidance, see Plan networks.
CIDR block | Available private IP addresses (excluding system-reserved) |
192.168.0.0/16 | 65,532 |
172.16.0.0/12 | 1,048,572 |
10.0.0.0/8 | 16,777,212 |
Custom CIDR block | Any range except 100.64.0.0/10, 224.0.0.0/4, 127.0.0.0/8, 169.254.0.0/16, and their subsets |
vRouter
A vRouter is a virtual router that connects all vSwitches in a VPC and serves as the gateway between the VPC and external networks. When you create a VPC, Alibaba Cloud automatically creates a vRouter and associates it with at least one route table. For more information, see VPC route tables.
vSwitch
A vSwitch is the basic network device of a VPC that divides the VPC into one or more subnets. All cloud resources in a VPC, such as ECS instances, must reside in a vSwitch. vSwitches in the same VPC can communicate with each other.
To improve service availability, deploy your applications across vSwitches in different zones. For more information, see VPCs and vSwitches.
Connectivity
Instances in a VPC can connect to the following types of networks:
The Internet -- Allow public access to and from your cloud resources.
Other VPCs -- Communicate between workloads in separate VPCs.
On-premises data centers -- Link your local infrastructure to Alibaba Cloud for hybrid deployments.
For available connectivity options, see Manage VPC connections.
Create a VPC and vSwitch
To deploy cloud resources in a VPC, create a VPC and at least one vSwitch. Before you create a VPC, plan your network based on your business requirements. For detailed guidance, see Plan networks.