To get started with Virtual Private Cloud, you must create at least one Virtual Private Cloud (VPC) and one or more VSwitches. You can create more than one VSwitch to divide a VPC into multiple subnets. By default, the subnets in a VPC network can communicate with each other over the private network.
VPCs and VSwitches
A VPC is a virtual private network in which you can deploy your cloud resources.
CIDR blocks and IP addresses
VPCs support both IPv4 and IPv6 addressing protocols. By default, VPCs use the IPv4 addressing protocol. However, you can enable the IPv6 addressing protocol based on your business requirements.
VPCs can communicate in dual-stack mode. Cloud resources in a VPC network can communicate by using IPv4 and IPv6 addresses. IPv4 and IPv6 addresses are independent of each other. Therefore, you must configure routing and security groups in your VPC network for IPv4 and IPv6 addresses.
|IPv4 VPC||IPv6 VPC|
|32 bits, 4 groups. Each group consists of up to 3 decimal digits.||128 bits, 8 groups. Each group consists of 4 hexadecimal digits.|
|By default, IPv4 addressing protocol is enabled for all VPCs.||IPv6 addressing protocol is optional for a VPC network.|
|The classless inter-domain routing (CIDR) block size for a VPC network can be from /8 to /24.||The size of CIDR block for a VPC network is /56.|
|The size of CIDR block for a VSwitch can be from /16 to /29.||The size of CIDR block for a VSwitch is /64.|
|You can select an IPv4 CIDR block for your VPC network.||You cannot select an IPv6 CIDR block. The system automatically assigns an IPv6 CIDR block to your VPC from the IPv6 address pool.|
|Supported by all instance types.||Not supported on specific instance types.
For more information, see Instance families.
|ClassicLink connections are supported.||ClassicLink connections are not supported.|
|Elastic IPv4 addresses are supported.||Elastic IPv6 addresses are not supported.|
|VPN gateways and NAT gateways are supported.||VPN gateways and NAT gateways are not supported.|
By default, the IPv4 and IPv6 addresses provided for VPCs can only be used to communicate within the private network. Cloud resources under different VSwitches in a VPC can only communicate with each other over a private network. To connect a VPC to another VPC or a data center, you can configure Smart Access Gateway (SAG), Express Connect, or VPN Gateway. For more information, see Connect an on-premises data center to a VPC network.
- IPv4 communication
You can configure a NAT gateway or associate elastic IP addresses (EIPs) with Elastic Compute Service (ECS) instances in a VPC. This way, these ECS instances can access the Internet by using IPv4 addresses.
For more information, see Associate an EIP with an ECS instance and Enable ECS instances to access the Internet through SNAT.
- IPv6 communication
To enable cloud resources in a VPC network to access the Internet by using IPv6 addresses, you must purchase Internet bandwidth plans for IPv6 addresses. You can configure an egress-only rule for an IPv6 address. This allows cloud resource instances in the VPC network to access the Internet by only using the IPv6 address. IPv6 clients are not allowed to establish connections with these cloud resource instances.
If one destination address matches more than one route entry in a route table, the system selects an entry by implementing the longest prefix match algorithm. When multiple IP addresses match the destination IP address, the IP address with the longest mask is selected as the next hop. You can also add a custom route entry to route traffic to a specified IP address. For more information, see Add a custom route entry.