All Products
Search
Document Center

Virtual Private Cloud:Overview of VPCs and vSwitches

Last Updated:Mar 14, 2024

You can use Alibaba Cloud resources in your virtual private cloud (VPC) and create multiple vSwitches in your VPC to create subnets. By default, the subnets in a VPC can communicate with each other. This topic describes the concepts and features of VPCs, vSwitches, and vRouters. This topic also describes the features of IPv4 and IPv6, and their differences.

VPCs and vSwitches

Your VPCs are dedicated for your use. You can deploy cloud resources in vSwitches (subnets) in your VPC.

A vSwitch is a basic network device in a VPC and is used to connect cloud resources. You can deploy a VPC only in one region and cannot deploy a VPC across regions. However, a VPC covers all zones of the region to which the VPC belongs. You can create one or more vSwitches in a zone to create one or more subnets for the VPC.交换机和VPC

CIDR blocks and IP addresses

VPCs support both IPv4 and IPv6. By default, VPCs use IPv4. You can enable IPv6 based on your business requirements. For more information, see Enable IPv6 for a VPC.

VPCs support the dual-stack mode. In dual-stack mode, resources in a VPC can communicate through both IPv4 and IPv6 addresses. IPv4 and IPv6 addresses are independent of each other. Therefore, you must configure routes and security groups for both IPv4 and IPv6 addresses.

The following table lists the differences between IPv4 and IPv6 addresses.

Item

IPv4 VPC

IPv6 VPC

IP address format

An IPv4 address is 32 bits in length and contains four groups. Each group consists of at most three decimal digits.

An IPv6 address is 128 bits in length and contains eight groups. Each group consists of four hexadecimal digits.

Feature status

By default, IPv4 is enabled for all VPCs.

You can manually enable IPv6.

VPC CIDR block size

The subnet mask of a VPC CIDR block can range from /8 to /28.

The subnet mask of a VPC CIDR block is /56.

vSwitch CIDR block size

The subnet mask of a vSwitch CIDR block can range from /16 to /29.

The subnet mask of a vSwitch CIDR block is /64.

Whether you can specify a CIDR block

You can specify an IPv4 CIDR block.

You cannot specify an IPv6 CIDR block. The system automatically assigns an IPv6 CIDR block to your VPC from the IPv6 address pool.

Supported instance families

Supported by all instance families.

Not supported by specific instance families.

For more information, see Instance families.

Whether ClassicLink connections are supported

ClassicLink connections are supported.

ClassicLink connections are not supported.

Whether elastic IP addresses (EIPs) are supported

IPv4 EIPs are supported.

IPv6 EIPs are not supported.

Whether gateways are supported

VPN gateways and NAT gateways are supported.

VPN gateways and NAT gateways are not supported.

By default, IPv4 and IPv6 addresses provided for VPCs support only communication over private networks. Cloud resources deployed in different vSwitches that belong to the same VPC can communicate with each other over private networks.

  • If you want to connect a VPC to another VPC, you can create VPC peering connections or use Cloud Enterprise Network (CEN) or VPN gateways.

  • If you want to connect a VPC to a data center, you can purchase VPN gateways, Express Connect circuits, or Smart Access Gateway (SAG) devices.

For more information, see Network connection overview.

To enable cloud resources in a VPC to communicate with the Internet, configure the following items:

Route

The system automatically creates a system route table and adds system route entries to control the traffic of the VPC. A VPC has only one system route table. You cannot create or delete a system route table.系统路由表

You can create and associate custom route tables with vSwitches to facilitate network management. A vSwitch can be associated with only one route table. For more information, see Create and manage route tables. 自定义路由表

You can also add a custom route entry to route traffic to a specified destination. When multiple routes in a route table can match the destination IP address, the longest prefix matching algorithm is used. The route with the longest (most accurate) mask is used and the next hop is determined based on the route. For more information, see Add and delete route entries.