Virtual Network is a computer network that contains at least part of virtual network links. Virtual Network link does not include a physical connection between two computing devices, it is implemented through network virtualization.
The two most common forms of virtual networks are protocol-based virtual networks (such as VLAN, VPN, VPLS, etc.) and virtual networks based on virtual devices (such as the network inside the hypervisor connecting virtual machines).
VLAN is established on the basis of switching technology, and divides the network nodes into several "logical working groups" according to the nature of work and needs. A "logical working group" is a virtual network.
There are four implementation techniques for VLAN: use switch port (Port) numbers to define virtual networks, use MAC addresses to define virtual networks, use IP broadcast groups to define virtual networks, and use network layer addresses to define virtual networks. The division and management of "logical working groups" are realized by software.
By dividing the virtual network, the broadcast can be restricted within the range of each virtual network, thereby reducing the transmission of broadcast packets in the entire network range and improving the transmission efficiency of the network. At the same time, each virtual network cannot communicate directly, but must be forwarded through a router, which provides the possibility for advanced security control and enhances the security of the network.
VPN refers to the technology of establishing a private network on a shared network. It is called a virtual network mainly because the connection between any two nodes of the entire VPN network does not have the point-to-point physical link required for traditional private network construction. It is a logical network built on the network platform provided by the public network service provider ISP.
The user's data is transmitted through a logical tunnel (Tunnel) established by the ISP in the public network (Internet), that is, a point-to-point virtual private line. Through the corresponding encryption and authentication technology to ensure that the user's internal network data is safely transmitted on the public network, so as to truly realize the exclusiveness of the network data.
VPN Gateway offers the following benefits:
Virtual Private Network (VPN) Gateway is an Internet-based service that securely and reliably connects enterprise data centers, office networks, and Internet terminals to Alibaba Cloud VPCs through encrypted channels. VPN Gateways provides flexible configurations to meet the demands of different scenarios.
You can connect an on-premises data center to a VPC to build a hybrid cloud through the following two ways:
The route-based IPsec-VPN not only facilitates the configuration and maintenance of VPN policies but also provides flexible traffic routing methods.
Note: To establish a VPN connection between a VPC and an on-premises data center, the IP address ranges of the on-premises data center and the VPC cannot conflict with each other, and a static public IP address must be configured for the gateway device of the on-premises data center.
You can rapidly interconnect two VPCs through IPsec-VPN.
The route-based IPsec-VPN not only facilitates the configuration and maintenance of VPN policies but also provides flexible traffic routing methods.
Not: The IP address ranges of the VPCs cannot conflict with each other.
You can connect a client to a VPC through an SSL-VPN tunnel to meet the needs of remote working. With SSL-VPN connections, you can securely access a VPC through the Internet at any time, anywhere.
SSL-VPN connections support remote access from clients running Windows, Linux, Mac, IOS, or Android operating systems.
Note: The IP address ranges of the clients cannot conflict with the IP address range of the VSwitch in the VPC.
You can establish secure communications among multiple sites by using the Hub Spoke function to interconnect the sites through the VPN Gateway of the VPC. Hub Spoke can meet the needs of large enterprises to establish intranet communication between office sites.
You can use IPsec-VPN and SSL-VPN connections together to expand your network topology. Once the connections are established, the client can access the applications deployed in the connected VPC, and can also access the applications deployed in the connected office sites.
Note: All private IP address ranges to be connected cannot conflict with one another.
Many cloud service providers simply providing network connectivity for their enterprise customers. They also offer additional services & network functions like network address translation (NAT), firewalls, encryption, domain name service (DNS), caching and others. Traditionally, these network functions will deploy using proprietary hardware at the customer premises. This approach provides additional revenue. But deploying multiple proprietary devices is costly and makes upgrades difficult.
Service providers began exploring ways to reduce cost and accelerate deployment through Network Functions Virtualization/Virtual Private Cloud. Alibaba VPC de-couples' function like firewalls, encryption from dedicated hardware and moves the functions to virtual servers.
Instead of installing expensive proprietary hardware, service providers can purchase an inexpensive switches, storage and servers to run virtual machines that perform network functions. If a customer wants to add a new network function, the service providers can spin-up a new virtual machine to perform out function.
Virtual Private Network (VPN) Gateway is an Internet-based service that securely and reliably connects enterprise data centers, office networks, or Internet-facing terminals to Alibaba Cloud Virtual Private Cloud (VPC) networks through encrypted connections. VPN Gateway supports both IPsec-VPN connection and SSL-VPN connection.
VPN Gateway is used to transmit encrypted traffic between Alibaba Cloud VPCs and enterprise data centers, enterprise office networks, or Internet platforms over the Internet. You can use this service to establish reliable and secure connections for data transmission. According to China’s regulations and laws, Alibaba Cloud VPN Gateway cannot be used as an Internet access service.
VPC helps you build an isolated network environment based on Alibaba Cloud including customizing the IP address range, network segment, route table, and gateway. In addition, you can connect VPC and a traditional IDC through a leased line, VPN, or GRE to provide hybrid cloud services.
Why Switch to Alibaba Cloud? Seven Excellent Reasons from Our Customers
The Most Lightweight New Mock Tool of Alibaba for Unit Testing Is Open-Source!
2,599 posts | 758 followers
FollowRegional Content Hub - March 25, 2024
Alibaba Cloud Community - December 30, 2021
Alibaba Cloud Community - January 6, 2022
Alibaba Clouder - October 30, 2018
Balaban - July 23, 2021
Alibaba Clouder - March 27, 2018
2,599 posts | 758 followers
FollowA virtual private cloud service that provides an isolated cloud network to operate resources in a secure environment.
Learn MoreAlibaba Cloud DNS PrivateZone is a Virtual Private Cloud-based (VPC) domain name system (DNS) service for Alibaba Cloud users.
Learn MoreApsara Stack is a full-stack cloud solution created by Alibaba Cloud for medium- and large-size enterprise-class customers.
Learn MoreHighly reliable and secure deployment solutions for enterprises to fully experience the unique benefits of the hybrid cloud
Learn MoreMore Posts by Alibaba Clouder
Dikky Ryan Pratama May 6, 2023 at 12:18 pm
very easy to understand.