All Products
Search
Document Center

Elastic Compute Service:Network types

Last Updated:Jan 22, 2025

The classic network type is an early traditional network type supported by Elastic Compute Service (ECS) instances in Alibaba Cloud. In 2014, Alibaba Cloud released the Virtual Private Cloud (VPC) network type. Over several years, the VPC network type increasingly became the default choice for Alibaba Cloud users. Compared with the classic network type, the VPC network type provides a higher level of security from multiple aspects. The VPC network type is suitable for enterprises and organizations that require a high level of data security.

Classic network

Important
  • ECS instances of the classic network type will reach end of life (EOL) on February 28, 2025. For more information, see EOL notice for Alibaba Cloud ECS instances in the classic network. If you have ECS instances that are deployed in the classic network, we recommend that you migrate the instances to VPCs at the earliest opportunity.

  • Alibaba Cloud provides a variety of tools and services to simplify the migration process. Alibaba Cloud also releases detailed migration documentation and provides technical support to help you migrate ECS instances from the classic network to a VPC. For more information, see Migrate ECS instances from the classic network to a VPC.

The classic network type refers to the early traditional network type used by ECS instances in Alibaba Cloud. ECS instances of the classic network type are isolated at Layer 3 (the network layer). All ECS instances of the classic network type are deployed in a shared infrastructure network.

Tenants in the classic network cannot be isolated at the network level, and multiple tenants use IP addresses that belong to the same IP address pool. Tenants cannot build custom network topologies or use custom IP addresses. If vulnerabilities exist in applications exposed to the classic network, a tenant may be vulnerable to attacks from other tenants in the cloud.

VPC

A VPC is a custom private network that you can create on Alibaba Cloud. VPCs are logically isolated from each other at Layer 2 (the data link layer). You can create and manage cloud service instances deployed in your VPC, such as ECS, Server Load Balancer (SLB), and ApsaraDB RDS instances. For more information, see What is a VPC?

VPCs provide an independent and fully isolated virtual network for each tenant. The resources in one VPC are not directly exposed to other VPCs or the Internet. This design significantly improves data security and enhances privacy protection capabilities. Even if security issues occur on the internal services of a tenant, the issues do not affect other tenants. In addition, VPCs can protect internal services from external malicious access.

As a more advanced and secure choice in the current cloud computing field, the VPC network type enhances security and supports a wide range of advanced network configuration options, such as custom route tables, network access control lists (ACLs), and connections with other VPCs or on-premises data centers, to meet the requirements of different enterprises for flexibility and scalability. The following table describes the comparison between the classic network type and the VPC network type.

Item

VPC

Classic network

Layer 2 logical isolation

Supported

Not supported

Custom private CIDR block

Supported

Not supported

Private IP address planning

Private IP addresses must be unique within a single VPC but can be duplicated across different VPCs.

Private IP addresses must be unique in the classic network.

Instance communication within or between private networks

Instances deployed in the same VPC can communicate with each other. However, instances deployed in different VPCs are isolated from each other.

Instances deployed in the classic network can communicate with each other if the instances reside in the same region and belong to the same account.

Tunneling

Supported

Not supported

Custom router

Supported

Not supported

Route table

Supported

Not supported

vSwitch

Supported

Not supported

SDN

Supported

Not supported

Self-managed NAT gateway

Supported

Not supported

Self-managed VPN

Supported

Not supported