Virtual Private Cloud (VPC) supports the ClassicLink feature, which allows classic network-connected Elastic Compute Service (ECS) instances to communicate with cloud resources in VPC networks.

Note The ClassicLink feature is supported only in regions that support classic networks. For more information, see View privileges and quotas by resource type.

Limits

Before you use the ClassicLink feature, note the following limits:
  • You can connect up to 1,000 classic network-connected ECS instances to a VPC network.
  • A classic network-connected ECS instance can be connected to only one VPC network created under the same account in the same region.

    If you want to connect an ECS instance of Account A to a VPC network that is under Account B, you must first transfer the ECS instance from Account A to Account B.

  • Classic network-connected ECS instances can communicate only with ECS instances in the primary CIDR block of a VPC network. Classic network-connected ECS instances cannot communicate with ECS instances in the secondary CIDR block of the VPC network.
  • To enable the ClassicLink feature for a VPC network, the following conditions must be met.
    CIDR block of the VPC network Limit
    172.16.0.0/12 The VPC network does not contain a custom route entry with the following destination CIDR block: 10.0.0.0/8.
    10.0.0.0/8
    • The VPC network does not contain a custom route entry with the following destination CIDR block: 10.0.0.0/8.
    • Make sure that the CIDR block of the VSwitch that is used to communicate with the classic network-connected ECS instances falls within 10.111.0.0/16.
    192.168.0.0/16
    • The VPC network does not contain a custom route entry with the following destination CIDR block: 10.0.0.0/8.
    • Add a route to each classic network-connected ECS instance. This route points 192.168.0.0/16 to the Elastic Network Interface (ENI) of the ECS instance where the route is added. You can add the route by using the provided script. Download script.
      Note Before you run the script, read the readme file in the downloaded package.

Scenarios

The following table describes how ECS instances in a classic network are connected to a VPC network.

Source network type Region/Account Destination network/Internal communication
Classic network VPC network
Classic network

In the same region

Under the same account

 Modify the security groups of the ECS instances to allow intercommunication under the same account. Establish a ClassicLink connection.

In the same region

Cross accounts

 Modify the security groups of the ECS instances to allow intercommunication across accounts.
  • Plan A:
    1. Migrate the classic network-connected ECS instances to a VPC network.
    2. Connect the VPC network to the destination VPC network.
  • Plan B:
    1. Transfer the classic network-connected ECS instances to the account to which the source VPC network belongs.
    2. Establish a ClassicLink connection.

Cross regions

Under the same account
  1. Migrate the ECS instances in the source and destination networks to two VPC networks, respectively.
  2. Connect the two VPC networks.
  1. Migrate the ECS instances from the source network to a VPC network.
  2. Connect the VPC network to the destination VPC network.

Cross regions

Cross accounts
VPC network

In the same region

Under the same account

 Establish a ClassicLink connection. Connect the two VPC networks.

In the same region

Cross accounts
  • Plan A:
    1. Migrate the classic network-connected ECS instances to a VPC network.
    2. Connect the VPC network to the destination VPC network.
  • Plan B:
    1. Transfer the classic network-connected ECS instances to the account to which the destination VPC network belongs.
    2. Establish a ClassicLink connection.

Cross regions

Under the same account
  1. Migrate the ECS instances from the destination classic network to a VPC network.
  2. Connect the VPC network to the destination VPC network.

Cross regions

Cross accounts

How ClassicLink works

Connections between classic network-connected ECS instances and a VPC network can be established in the same way as those between two classic networks. Therefore, both the latency and the bandwidth limit of internal network connections remain unchanged. An established ClassicLink connection remains unchanged after you migrate, start, stop, or restart the instance, replace the system disk, or perform other operations on the instance.

Classic network and VPC network are two different network planes. A ClassicLink connection connects the two network planes and enables them to communicate with each other through routes. To use ClassicLink, you must plan network addresses properly to avoid overlapped CIDR blocks.

The CIDR block used in classic networks of Alibaba Cloud is 10.0.0.0/8 (excluding 10.111.0.0/16). To use ClassicLink to establish connections, make sure that the CIDR block of the VPC network does not overlap with that of the classic network. The CIDR blocks of VPC networks that can be connected to classic networks are 172.16.0.0/12, 10.111.0.0/16, and 192.168.0.0/16.

Usage notes

After you use ClassicLink to connect ECS instances in a classic network to a VPC network:

  • The ECS instances in the classic network can communicate with all cloud resources in the VPC network.

    The ECS instances in the classic network can access cloud resources in the VPC network, such as ECS instances, ApsaraDB for RDS (RDS) instances, and Server Load Balancer (SLB) instances. For example, ECS instances in the classic network are connected to a VPC network whose CIDR block is 10.0.0.0/8, and the VSwitch of the VPC network is assigned the CIDR block 10.111.1.0/24. If you have deployed cloud resources such as ECS instances and RDS instances in the VSwitch, the ECS instances in the classic network can access these resources through ClassicLink connections.

  • ECS instances in the VPC network can access only ECS instances in the classic network. ECS instances in the VPC network cannot access other cloud resources in the classic network or ECS instances deployed outside the classic network.