FAQs about VPC
Created#More Posted time:Dec 7, 2016 10:23 AM
1) What is Virtual Private Cloud (VPC)?
Virtual Private Cloud (VPC) helps you establish an isolated network environment based on Alibaba Cloud. You can have full control over your own virtual network, including choosing your preferred IP address range, dividing network segments, and configuring route tables and gateways. In addition, you can also establish a customized network environment by connecting the VPC and traditional data center through the leased line connection/VPN to achieve smooth application migration to the cloud.
2) What is the difference between VPC and the classic network?
The cloud products of the classic network type are uniformly deployed in Alibaba Cloud's public infrastructure network. The network planning and management are Alibaba Cloud's responsibility. The classic network is more suitable for customers with high ease-of-use requirements. VPC enables you to establish a customizable isolated private cloud on Alibaba Cloud's basic network and define the network topology and IP address of this VPC. Compared with the classic cloud, the VPC is more suitable for customers who require and are able to manage their networks.
3) What are the functions and roles of a security group?
A security group is a logical group consisting of instances with the same security requirements and mutual trust.
In a classic network, instances in the same region can be put into the same security group. In a VPC, a security group can only include instances in the same VPC.
Security groups, like firewalls, are used to set network access control policies for one or more ECSs. They are an important security isolation means;
Each instance belongs to at least one security group and this needs to be specified at the instance creation. By default, instances in different security groups cannot communicate over the intranet, but exchange can be authorized between two security groups.
4) In which regions is the VPC service available?
Currently, the VPC service has been provided in Beijing, Hangzhou, Shenzhen, Shanghai, Asia-Pacific (Singapore), the United States and Hong Kong and will be supported in other regions gradually.
5) Which zones can be created as the ECS of the VPC type at present?
Beijing Zone A/C, Hangzhou Zone B/D, Shenzhen Zone A/B, Shanghai Zone A/B, Asia-Pacific 1 Zone A, West US Zone 1B, and Hong Kong Zone B. You can check out the details on the ECS purchase page.
6) Which cloud products can be created as the VPC type?
ECS, SLB, RDS, OSS and OCS (in Beijing Zone A only). Other cloud products will support this feature gradually. Please pay attention to the official website for updates.
7) Can the ECS in a classic network and the ECS in a VPC communicate via the intranet?
The ECS instance in a classic network and a VPC-type ECS instance cannot communicate via the intranet, but they can communicate via the internet.
8) Can VPCs communicate with each other via the intranet?
Different VPCs are completely isolated and cannot communicate with each other via the intranet. Currently, you can establish a VPN via the internet to achieve interconnection between VPCs.
9) Can the network segment of a VPC be modified?
Once a VPC is created, its network segment (CIDRBlock) cannot be modified.
10) Can an ECS inside a VPC access cloud products outside the VPC?
The ECS instance deployed inside a VPC can use its NatIP to access non-VPC cloud products (such as ODPS).
11) Can an ECS instance in a classic network be transformed into an ECS instance of the VPC type?
Not for the time being. You can create a snapshot for the system disk of the instance and create a user-defined image, and use this image when creating a new ECS in the VPC.
12) Can a VPC-type ECS instance bind multiple private IP addresses?
Not for the time being.
13) Can an ECS instance bind multiple NICs?
An ECS of the classic network type includes two NICs, a public network card and a private network card. A VPC-type ECS currently supports only one private network card.
14) How should an ECS inside a VPC access the internet?
An EIP can be bound to a VPC-type ECS to enable the ECS to access the internet. You can also configure the ECS to which an EIP is bound as a public network gateway to manage the internet access of other ECSs in the VPC.
15) Can a VPC have more than one VRouter?
Each VPC has only one VRouter which manages one route table (RouteTable).
16) How many route entries (RouteEntry) can be created in a route table?
By default, a maximum of 48 route entries can be created in each route table. If you need more route entries, submit a ticket for application.
17) How many VSwitches can a VPC accommodate?
A maximum of 24 VSwitches can be created in each VPC.
18) How many cloud product instances can be accommodated in a VPC?
Each VPC can support a maximum of 5,000 cloud product instances.
19) How many cloud product instances can be accommodated by a VSwitch?
The VSwitch itself does not limit the quantity of cloud product instances. The quantity of instances that can be mounted to a VSwitch depends on the quantity of cloud product instances in that particular VPC. Currently, a maximum of 5,000 cloud product instances can be created for a VPC.
20) Can the network segment of a VSwitch be modified?
21) What is the difference between a VPC and a security group?
VPC enables you to establish a customizable isolated VPC in Alibaba Cloud's infrastructure network and define the network topology and IP addresses of this VPC. A security group is a logical group consisting of instances with the same security requirements and mutual trust. It is used to set network access control policies for one or more ECSs.
22) Does VPC support leased line access?
The user can connect an off-cloud data center with the VPC using leased lines.
23) Does the VPC provide the VPN function?
The VPC currently does not provide the VPN function (neither Site2Site nor dialup VPN), but you can use an ECS to which an EIP is bound, in combination with a “FlexGW” or “Sangfor SSL VPN” image on the image market to set up a software VPN Gateway.
24) Does FlexGW support hardware VPN or hardware firewalls?
FlexGW supports the IPSec protocol and can establish an IPSec VPN with hardware equipment. However, for different hardware equipment, different VPN configuration parameters are used. You need to configure FlexGW to adapt to the hardware equipment in use.
25) Why is the login password for an ECS using the Sangfor SSL VPN image always incorrect?
The ECS using this image can only serve as a VPN gateway and does not support SSH access.
26) What is the difference between a VPC and a VPN?
They belongs to different categories. VPC is a Layer-2 isolated network environment, while VPN is a remote access technology that builds private networks over the internet.