How to use VPC elegantly?

Webmasters and developers often asked me about the difference between a private network and a public one. Are there private and public networks on Alibaba Cloud? Alibaba Cloud names the networks as classic network and VPC, which confuses many. So now, let’s talk about the difference between a VPC and a classic network, and what scenarios are more suitable for deploying VPC.

First, let's talk about the difference between a classic network and a VPC:
The classic network refers to a system with the IP addresses automatically allocated. It is easier to use and suitable for most users with general website building demands.
VPC is more professional and suitable for more demanding customers that have scaling requirements. You can create and manage your cloud product instances such as ECS, SLB and RDS in the VPC you created.

An example of the applicable scenario of VPC
Our VPC is generally used for a company's product. For example, games can be deployed in a VPC allowing you to manage its security rules, server redundancy and backups as well as interconnectivity and access of on-cloud and off-cloud products.


The general structure will be:
Some content should be stored in the ephemeral servers, but some other businesses want to achieve quick computing and storage leveraging Alibaba Cloud. To this end, we used a VPC to pool multiple ECS servers and configured a tunnel to the ephemeral storage of the company. This interconnects the on-cloud and off-cloud data, perfectly solving the troubles of the company.

Now let’s have a discussion.
How are your websites or applications established? Is there any scenario where VPC can play a role?
Or what scenarios do you think are more suitable for deploying the VPC?

VPC mainly functions on the network layer. It aims to allow you to establish an isolated virtual network environment on the Alibaba Cloud platform for you to manage configurations and policies, so as to further elevate the security of your resources in Alibaba environments. You can manage your own subnet structures, IP address ranges and allocation methods, as well as the routing policies in the network in the VPC environment. Since you can control and isolate resources in the VPC, the VPC is like a private cloud computing environment of your own.
Express Connect enables interconnectivity between VPCs for private network communications. You can initiate communications between your own VPCs, or with other VPCs in the same or a different region.
Express Connect enables intranet communications between physical IDCs and Alibaba Cloud VPCs to integrate networks, and facilitate data transmission in a file sharing network.

I'd like to introduce several scenarios:
For example, during the development you need to install and debug RocketMQ which is huge in size. The ephemeral virtual servers won't be able to prop it up for sure. So we put it in the VPC and have the local Ellipse connected. VPC is the key to solving the development problems.
The second scenario is the gaming company. In general, you should prepare a disaster tolerance mechanism for the data, You can deploy resources in multiple regions on the cloud so that failure at a single point won't affect the normal service.
The third scenario is to build an on-cloud business system with VPC, RDS and ECS. The core data is placed in the on-premise self-built data center and connected to the VPC through Express Connect on leased lines. So that the on-cloud and off-cloud data are connected to form a hybrid cloud environment.
The fourth scenario is to achieve full isolation of various businesses to guarantee security. You can use VPC to build the services. This scenario caters to the need of payment websites.
The fifth scenario is for internet companies engaged in article grabbing to ensure their server security and protect the IP addresses from being exposed on the internet and then attacked. A VPC will get things done - using SNAT and EIP.
The sixth scenario is when your IT systems have multiple internet applications at the same time. Every application needs to provide external services and their business peak periods vary. NAT gateways can achieve bandwidth sharing among multiple IP addresses to relieve the peak and valley effects and cut down costs.

VPC has many application scenarios and you have done a great job in summarizing them up. The cloud is quite helpful in complicated processing and gaming companies or others also choose VPC to meet their demands.

The gaming logic runs on the ECS, and VPC is used in businesses. External services are provided through self-built ULB. The gaming logic runs in the ECS cluster, the backend data is stored in the RDS cluster and the front-end ensures high availability of businesses through SLB. LOG Service and MaxCompute will be introduced at the same time to support big data businesses. This enables the O&M of more than 1,000 gaming servers to be handled with ease.

I talked to a person in charge of Alibaba VPC. I also want to share something for your reference.
We can understand VPC as a server room in which you can establish and plan your own network. The allocated addresses are all in the private network and you can use SLB or EIP for internet access, or you can choose to pay by traffic to have an internet IP address when you purchase the VPC. You can enable the forwarding feature for intranet access through proxy. If the VSwitch is in a different segment, you should add it to the route of the ECS with an internet IP address. Alibaba's routers and switches are isolated on the logic layer, they're not real routers and switches.

VPC mainly functions on the network layer. It aims to allow you to establish an isolated virtual network environment on the Alibaba Cloud platform for you to manage configurations and policies, so as to further elevate the security of your resources in Alibaba environments. You can manage your own subnet structures, IP address ranges and allocation methods, as well as the routing policies in the network in the VPC environment. Since you can control and isolate resources in the VPC, the VPC is like a private cloud computing environment of your own.
Express Connect enables interconnectivity between VPCs for private network communications. You can initiate communications between your own VPCs, or with other VPCs in the same or a different region.
Express Connect enables intranet communications between physical IDCs and Alibaba Cloud VPCs to integrate networks, and facilitate data transmission in a file sharing network.

VPC is a Layer-2 isolation network of tenants. Every VIPC is an independent address plane, hence its network planning capacity which is not available in a classic network. You can specify the private network address of the ECS. Logic isolation is mandatory for security compliance in some industries and the premise for using cloud computing.
With regard to the updates source, Alibaba Cloud has an intranet source. If you want to access a third-party website, you need to access the internet through EIP. EIP is the NAT IP. The ECS with an EIP bound will receive the traffic accessing the EIP. For example, you can configure the ECS with an EIP bound as the NAT gateway to become the only egress of the VPC network. In this way, all instances in the network can communicate with the internet through one IP address. For another example, you can configure the ECS with an EIP bound as the VPN gateway or directly connect the VPC with a leased line. After the connection with the access side is ready, connect the VPC with the user-side intranet. In this way, the isolation from the external environment is retained. This is also the most basic hybrid cloud scenario.