Community Blog Multi-Tier Approach With Virtual Private Cloud – Part 2

Multi-Tier Approach With Virtual Private Cloud – Part 2

Part 2 of this 3-part series discusses the core components that make up the VPC architecture and the significant features and benefits.

By Shantanu Kaushik

In Part 1, we introduced the VPC solution and gave a detailed architectural layout of the solution. In this article, we will discuss the core components that make up the VPC architecture and the significant features and benefits.

A Virtual Private Cloud can be divided into various subnets. The functionality uses ECS instances in the same subnet with vSwitch to communicate with each other, but the ECS instances in different subnets will have to use vRouters to enable communication with each other.

Core Components of VPC



A virtual switch (vSwitch) is an application or tool that allows communication between virtual machines. A vSwitch is a network component that connects different cloud resources working within a Virtual Private Cloud. After you create a VPC, you can create a vSwitch to help divide your Virtual Private Cloud into multiple subnets.

However, a vSwitch does more than forward data packets from point A to point B. vSwitches intelligently direct the communication over a network and check data packets before transmitting them to any destination. The vSwitches deployed within a VPC can communicate with each other using the private network and deploy your applications in different zones to improve service availability.

Some of the advantages related to vSwitches are listed below:

  • vSwitch reduces the overall complexity of network configuration.
  • A finite number of vSwitches are used and managed based on factors, such as network size, capacity, and data packet quantity.
  • vSwitches are intelligent and efficient enough to transmit data packets without human intervention.
  • vSwitches can ensure the integrity of the virtual machine, including network configuration and security settings.
  • vSwitches enable easy deployment scenarios.
  • vSwitches enable seamless virtual server migration.
  • vSwitches allow hypervisor-based management of virtual switches efficiently by the network administrators.


A virtual router (vRouter) works the same way a physical Internet router works. A vRouter is the hub connection for a Virtual Private Cloud (VPC) and serves as a gateway between the VPC and other networks and is associated with a route table. Alibaba Cloud VPC can create a vRouter right after a VPC.

CIDR Blocks

Classless Inter-Domain Routing (CIDR) is an IP addressing scheme that helps improve the allocation of IP addresses and showcases two concepts of IP addressing and IP Routing. When you create a VPC and a vSwitch, you have to specify the private IP address range for the VPC in CIDR notation. CIDR takes away the IP addressing classes A, B, and C and increases the performance.

Alibaba Cloud VPC – Features and Benefits

Security – Isolation

Any information passed using Alibaba Cloud VPC is completely isolated from the outside world, including the Internet. Alibaba Cloud VPC ensures the highest levels of security even if you and thousands of other tenants are using shared backend infrastructure. VPCs can only be interconnected by mapping an Elastic IP address (EIP) or configuring the NAT Gateway to point to an IP address associated with a VPC. Data packets that belong to specific ECS instances are encapsulated using the tunneling technique and are not shared with the physical network.

VPC is based on the industry-leading research and development capabilities of Alibaba Cloud. This enables VPC to share the same standards of availability, flexibility, and security. Alibaba Cloud VPC has a unique tunnel ID that corresponds to a virtual network, and these VPCs are isolated with unique tunnel IDs. Alibaba Cloud VPC uses a layer-2 logical isolation mechanism between different VPC instances using Vxlan. Network virtualization creates an overlay between physical networks and the VPC.

Access Control and Division

Alibaba Cloud provides a highly flexible access control mechanism that utilizes the Alibaba Cloud Identity and Access Management solution, RAM. You can use Alibaba Cloud RAM to manage network permissions and create security group functions. You can easily classify the VPC product instances into different security domains using these functions and assign custom access control rules to each one.

Performance and Flexibility

Alibaba Cloud VPC helps you accelerate specific applications and increase overall performance. Designing cloud architecture that best serves your organizational requirements offers flexibility. Alibaba Cloud VPC uses the SDN to configure the network according to the presented requirements. You can easily customize the IP address range and use custom route tables.

Internet Access

Alibaba Cloud VPC is designed to meet all the requirements for VPC resources to actively access the Internet to provide external services. You can bind Elastic IP addresses (EIPs) to VPC cloud products in the same region to give the instances to access the Internet.

Alibaba Cloud VPC works closely with the NAT Gateway. NAT Gateway supports the SNAT configurations that can facilitate the bridge between Internet access and cloud product instances. If you need active Internet services for multiple cloud products, you can always use DNAT configurations that enable:

  • IP Address Mapping
  • Port Mapping
  • 10Gbit/s Forwarding Capabilities

Hybrid Cloud Architecture

Alibaba Cloud VPC is among the primary requirements to set up hybrid cloud network connections. Alibaba Cloud VPC can connect to an on-premises or private cloud using a virtual private network. Similarly, Express Connect can create intranet connections between VPC instances in different regions to enable interconnected networks across the Alibaba Cloud infrastructure.

Wrapping Up

Alibaba Cloud offers this VPC environment free of charge. The integrated environment created by Alibaba Cloud provides an unmatched service quality that includes regular platform upgrades and necessary security services. Part 3 of this 3-part series focuses on the different usage scenarios related to Alibaba Cloud VPC.

Upcoming Articles

  1. Multi-Tier Approach With VPC – Part 3
0 0 0
Share on

Alibaba Clouder

2,600 posts | 750 followers

You may also like