Virtual Private Cloud (VPC)

A virtual private cloud service that provides an isolated cloud network to operate resources in a secure environment.

VPC helps you build an isolated network environment based on Alibaba Cloud including customizing the IP address range, network segment, route table, and gateway. In addition, you can connect VPC and a traditional IDC through a leased line, VPN, or GRE to provide hybrid cloud services.


Secure Isolation
Builds an isolated network environment based on Alibaba Cloud. Layer-2 logical isolation is achieved between different VPC instances.
SDN configures the network as required, customizes the IP address range and route table.
Works with multiple products and easily manages Internet portals to provide a hybrid cloud architecture.
Free of Charge
Achieve a fully isolated VPC environment for free on the Alibaba Cloud platform.


  • Layer-2 logical isolation

    Builds an isolated network environment based on Alibaba Cloud. Layer-2 logical isolation is achieved between different VPC instances.

    Virtual networks are built on a physical network based on the OverLay technology.

    Network virtualization

    VPC instances are isolated using Vxlan. Layer-2 logical isolation is achieved between different VPC instances to prevent them from communication.

    Full isolation among VPC instances

  • Custom network environment

    You can customize the IP address range, network segment, route table, and gateway. You can also plan and manage the network as needed.

    Subnet division

    You can divide the private IP address of VPC into one or several subnets using VSwitches and deploy applications and other services under the corresponding VSwitch as needed.

    Custom route rules

    The route rules of VRouters are configured based on business needs to manage the forwarding routes of VPC traffic.

  • Access control

    Flexible access control rules are compliant with the secure isolation regulations for government and financial users

    Security group

    With the help of the security group function, product instances in VPC can be classified into different security domains and each security domain can have custom access control rules.


    RAM can be used to manage network permissions.

  • Internet portal management

    Meets the requirement for VPC resources to actively access the Internet and provide external services.

    Internet access

    EIPs can be bound to cloud product instances of the VPC type in the same region as needed to allow the instances to access the Internet.

    Internet portal management

    NAT Gateway supports SNAT configuration to meet the needs of VPC resources to actively access the Internet. It also supports DNAT configuration and provides IP address mapping, port mapping, and 10 Gbit/s forwarding capabilities to enable multiple services to share the bandwidth so as to save costs.

  • Hybrid cloud architecture

    VPC can be connected to a traditional IDC through leased lines or VPN to build a hybrid cloud.

    VPC intranet communication

    Express Connect can be used to establish an intranet connection between VPC instances in different regions and of different users, to achieve interconnection of user networks on Alibaba Cloud.

    Hybrid cloud architecture

    Through leased lines, VPC can communicate with intranets of an IDC with excellent communication quality to easily build a hybrid cloud.

Common Scenarios

  • On-cloud Intranet
  • Hybrid Cloud Architecture
  • External Service Provision
  • Multi-region High-speed Interconnection
On-cloud Intranet

On-cloud Intranet

Fully isolated network environment

The service system can be deployed in both local and on-cloud IDCs. Different service modules are built on Alibaba Cloud VPC to create fully isolated on-cloud environments. On-cloud and off-cloud services are interacted with each other through the Internet.


  • Flexible Configuration

    VPC is an SDN that enables you to customize network settings as required. Management operations take effect in real time.

  • Secure Isolation

    VPC instances of different users are fully isolated from each other and do not share the Internet.

Hybrid Cloud Architecture

Hybrid Cloud Architecture

High-speed data interconnection on and off the cloud

An on-cloud IDC is built on Alibaba Cloud VPC and connected to the off-cloud IDC over a leased line. This protects the user's core data, perfectly copes with service surges and fast data synchronization, and implements a hybrid cloud solution.


  • Enhanced Data Security

    Core data is stored in the off-cloud IDC to ensure security.

  • Service Surge Protection

    The on-cloud IDC is used to handle surge of real-time service access.

  • Fast Data Synchronization

    By using leased lines, on-cloud and off-cloud data can be fast synchronized in batches.

External Service Provision

External Service Provision

Multiple services share Internet bandwidth

If you create multiple applications based on Alibaba Cloud VPC, where each application must provide external services and their traffic fluctuations are inconsistent, you can share bandwidth among multiple IP addresses to minimize the effect of these fluctuations and reduce costs.


  • External Service Provisioning

    Port mapping and IP address mapping are provided, allowing VPC ECS instances to provide external services.

  • Low-cost

    Multiple VPC ECS instances can share Internet bandwidth to optimize costs.

  • High-performance

    NAT Gateway provides the large-bandwidth throughput and a large number of connections.

Multi-region High-speed Interconnection

Multi-region High-speed Interconnection

Widely spread services and high-speed data interconnection

On-cloud services can be built fully based on VPC with users spread across all regions. To speed up user access, networks of the service systems in different nodes must be interconnected with each other at high speed.


  • Secure Isolation

    Services are deployed on Alibaba Cloud VPC, which is secure and reliable.

  • High Reliability

    Express Connect is used to connect different VPC instances, ensuring the quality of cross-region interconnection.

  • High-performance

    VPC with Express Connect provides the maximum interconnection bandwidth of 10 Gbit/s, easily meeting the needs of massive applications.

Upgraded Support For You

1 on 1 Presale Consultation, 24/7 Technical Support, Faster Response, and More Free Tickets.

1 on 1 Presale Consultation

Consulting by experienced cloud experts.Learn More

24/7 Technical Support

Extended service time from 10 hours 5 days a week to 24/7. Learn More

6 Free Tickets per Quarter

The number of free tickets doubled from 3 to 6 per quarter. Learn More

Faster Response

Shorten after-sale response time from 36 hours to 18 hours. Learn More
phone Contact Us