A virtual private cloud (VPC) is a private network dedicated for your use. You have full control over your VPC. For example, you can specify the CIDR block and configure route tables and gateways. In a VPC, you can deploy Apsara Stack resources, such as Elastic Compute Service (ECS) instances, ApsaraDB RDS instances, and Server Load Balancer (SLB) instances.

Furthermore, you can connect your VPC to other VPCs or on-premises networks to create a custom network environment. This way, you can migrate applications to the cloud and extend data centers.



Each VPC consists of one vRouter, at least one private CIDR block, and at least one vSwitch.

Components of a VPC
  • Private CIDR blocks

    When you create a VPC and a vSwitch, you must specify the private IP address range for the VPC in CIDR notation.

    You can use the standard private CIDR blocks listed in the following table and their subsets as CIDR blocks for your VPCs. For more information, see Plan and design a VPC.

    CIDR blocks Number of available private IP addresses (system reserved ones excluded) 65,532 1,048,572 16,777,212
  • vRouters

    A vRouter is the hub of a VPC and serves as a gateway between the VPC and other networks. After a VPC is created, a vRouter is automatically created for the VPC. Each vRouter is associated with a route table.

    For more information, see Overview.

  • vSwitches

    A vSwitch is a basic network component that connects different cloud resources in a VPC. After you create a VPC, you can create a vSwitch to divide your VPC into multiple subnets. vSwitches deployed in a VPC can communicate with each other over the private network. You can deploy your applications in vSwitches that belong to different zones to improve service availability.

    For more information, see vSwitches.