This topic describes the network solutions provided by Alibaba Cloud for connecting your VPC to the Internet, other VPCs, and on-premises data centers.

Connect a VPC to the public network

The following table lists the products that you can use to connect a VPC to the public network.
Product Function Benefits
ECS public IP address A public IPv4 address that can be automatically assigned upon request when you create an ECS instance in a VPC network. An ECS public IP address enables the ECS instance access to or from the public network.

An ECS public IP address cannot be dynamically detached from the corresponding ECS instance in VPC network, but it can be converted to an EIP. For more information, see Convert an automatically assigned public IP address to an EIP for a VPC network-connected ECS instance.

After purchasing a Data Transfer Plan, the traffic generated by an ECS instance is automatically deducted from the Data Transfer Plan. You can add an ECS instance to Internet Shared Bandwidth after converting its public IP address to an EIP.

Elastic public IP address (EIP) Enables access to or from the public network for the associated ECS instances.

EIPs can be associated to or disassociated from ECS instances.

You can purchase Internet Shared Bandwidth and Data Transfer Plan and associate them with EIPs to reduce Internet costs.

NAT Gateway Allows multiple ECS instances to access the Internet (SNAT) and be accessed from the Internet (DNAT).
Note NAT gateways do not support traffic balancing, which is a supported feature of Server Load Balancer (SLB).
A NAT Gateway can be used for multiple ECS instances to access the Internet, while an EIP can be used for only one ECS instance of the VPC network type to access the Internet.
Server Load Balancer (SLB)
Provides layer-4 and layer-7 server load balancing, which makes ECS instances accessible from the public network.
Note ECS instances of the VPC network type cannot access the public network through SLB (SNAT not supported).
The DNAT function of SLBs allows them to forward an Internet request to multiple ECS instances.

SLB expands the external service capabilities by distributing traffic to multiple ECSs, and improves the availability of application systems by eliminating single points of failure.

After you associate an EIP with an SLB instance, you can use Internet Shared Bandwidth and Data Transfer Plan to reduce Internet costs.

Connect two VPCs

The following table lists the products that you can use to connect a VPC to another VPC.
Product Function Benefits
Cloud Enterprise Network (CEN)

Allows you to connect VPCs in different regions under different accounts to build an interconnected network.

For more information, see Tutorial overview.

  • Global access
  • Low latency and fast speed
  • Nearest access and shortest path
  • Link redundancy and disaster recovery
  • Systematic management
VPN gateway Allows you to create an IPsec-VPN connection to build an encrypted channel between two VPCs.

For more information, see Establish a connection between two VPCs.

  • High security
  • High availability
  • Low cost
  • Easy configuration

Connect a VPC to an on-premises data center

The following table lists the products that you can use to connect a VPC to an on-premises data center.
Product Function Benefits
Express Connect Connects a VPC to an on-premises data center through a physical connection.

For more information, see What is physical connection.

  • Based on the backbone network, low latency
  • Secure and reliable physical connection
VPN gateway
  • Allows you to create an IPsec-VPN connection between a VPC and an on-premises data center.
  • Allows you to connect a local client to a VPC by creating an SSL-VPN connection.
  • High security
  • High availability
  • Low cost
  • Easy configuration
CEN
  • Connects VBR to an on-premises data center

    You can attach the Virtual Border Router (VBR) associated with an on-premises data center to a CEN instance. By doing so, you can build an interconnected network.

  • Connects multiple VPCs to an on-premises data center

    You can attach multiple networks (VPC/VBR) to a CEN instance to build an interconnected network.

  • Global access
  • Low latency and fast speed
  • Nearest access and shortest path
  • Link redundancy and disaster recovery
  • Systematic management
Smart Access Gateway
  • Connects on-premises branches (such as data centers and outlets) to Alibaba Cloud to build a hybrid cloud.
  • Interconnects on-premises branches.
  • SAGs feature automated configuration, out-of-the-box experience, and quick adaptation to network topology changes.
  • Access is provided from the nearest endpoint over the Internet. Multiple local branches can access Alibaba Cloud by using active and standby SAGs or active and standby links.
  • Local branches and Alibaba Cloud are connected through an encrypted private network. The transmission over the Internet is also encrypted.