Alibaba Cloud provides many solutions to connect a VPC to the Internet, other VPCs, or local data centers.

Connect to Internet

When the cloud products in a VPC needs to communicate with the Internet, you can use NAT Gateway, EIP, and SLB to establish Internet connection.

Product Features
EIP Bind an EIP to a VPC ECS instance and unbind from it when the Internet access is not needed.

After binding an EIP, the ECS instance in the VPC network can access the internet (SNAT) and you can also access the ECS instance from the Internet (DNAT).

Public IP of the VPC ECS

The public IP is allocated if the Assign public IP option is selected when creating the ECS instance in a VPC network.

With the public IP, the ECS instance in the VPC network can access the Internet (SNAT) and you can also access the ECS instance from the Internet (DNAT). However, you cannot unbind the public IP from the ECS instance.

NAT Gateway

NAT Gateway is an enterprise-class Internet gateway that provides NAT proxy services (SNAT and DNAT).

Server Load Balancer

Server Load Balancer (SLB) is a traffic distribution control service that distributes the incoming traffic among multiple Elastic Compute Service (ECS) instances according to the configured forwarding rules.

With an Internet SLB, users can access the applications deployed on the ECS instance.

Connect to other VPC or local IDC

When the cloud products in a VPC needs to establish a connection with other VPC or local IDC, you can use VPN Gateway, Express Connect, CEN to build a hybrid cloud environment.

Table 1. Private network connection
Product Features Benefits
Express Connect
  • Connect VPCs

    Support intranet communication between VPCs regardless of the region or account

  • Connect a VPC with a local data center

    Use a leased line to connect a VPC to a local data center.

  • Based on the backbone network, low latency.

  • The leased line access features higher security and reliability, faster speed, and lower latency.

VPN Gateway
  • Connect VPCs

    Provide the IPsec-VPN function and build an encrypted communication channel by creating an IPsec connection between two VPCs.

  • Connect a VPC with a local data center

    Provide the IPsec-VPN function and connect a local data center to a VPC through the IPsec connection.

  • Connect multiple local data centers

    VPN Gateway supports the VPN-Hub function and multi-site connection by default. The sites not only can communication with the VPC, but also can communicate with one another through VPN-Hub communication.

  • Client remote access

    Create an SSL-VPN connection to achieve the client remote access.

  • Low cost, secure and simple configuration. However, the quality of the network depends on the Internet.

  • IPsec-VPN supports IKEv1 protocol and IKEv2 protocol. Any devices supporting the two protocols can connect to the VPN Gateway of Alibaba Cloud, such as Huawei, H3C, Hillstone, Cisco ASA, Juniper, SonicWall, Nokia, IBM, Ixia and so on.

  • SSL-VPN connection supports connecting a VPC from a remote computer using the Linux, Windows, and Mac operating systems.

Cloud Enterprise Network
  • Connect VPCs

    Support connecting VPCs in different regions and under different accounts to build a interconnected network.

  • Connect a VPC with a local data center

    Support attaching the VBR associated with the local data center to a CEN instance to build an interconnected network.

  • Connect VPCs with local data centers

    Support attaching multiple networks (VPCs and VBRs) to a CEN instance to build an enterprise-class interconnected network.

  • Simple configuration, and automatic route learning and distribution.

  • Low latency and fast speed.

  • The networks (VPCs/VBRs) attached to a CEN instance are connected with each other.

  • The network connection in the same region is free of charge.

Smart Access Gateway
  • Connect local branches to the Alibaba Cloud to build a hybrid cloud for large organizations.

  • Connect local branches

  • Highly automatic and out-of-the-box configuration. Smart Access Gateway automatically adapts the network node changes and automatically switches to the backup node when the master node fails.

  • Nearby access through the Internet is implemented to achieve access from within a city, and multiple local branches can access to the Alibaba Cloud using the Smart Access Gateway devices with master-slave links.

  • The local branches and the Alibaba Cloud are connected through an encrypted private network and encryption authentication is implemented during the Internet transmission.