All Products
Search
Document Center

Elastic Compute Service:VPC overview

Last Updated:Apr 27, 2026

A Virtual Private Cloud (VPC) is an isolated network on Alibaba Cloud where you control CIDR blocks, subnets, routing, and access policies.

Components

A VPC consists of a private CIDR block, a vRouter, and one or more vSwitches.

Private CIDR block

When you create a VPC, assign a private CIDR block from the standard ranges below or define a custom range. See Plan networks.

CIDR block

Available private IP addresses (system-reserved excluded)

192.168.0.0/16

65,532

172.16.0.0/12

1,048,572

10.0.0.0/8

16,777,212

Custom CIDR block

Any range except 100.64.0.0/10, 224.0.0.0/4, 127.0.0.0/8, 169.254.0.0/16, and their subsets

vRouter

A vRouter connects all vSwitches in a VPC and serves as the gateway to external networks. Alibaba Cloud automatically creates a vRouter with at least one route table when you create a VPC. See VPC route tables.

vSwitch

A vSwitch divides a VPC into subnets. All cloud resources in a VPC, such as ECS instances, must reside in a vSwitch. vSwitches in the same VPC can communicate with each other.

To improve availability, deploy applications across vSwitches in different zones. See VPCs and vSwitches.

Connectivity

Resources in a VPC can connect to the following networks:

  • The Internet -- Enable public access to and from cloud resources.

  • Other VPCs -- Communicate between workloads in separate VPCs.

  • On-premises data centers -- Connect local infrastructure to Alibaba Cloud for hybrid deployments.

See Manage VPC connections.

Create a VPC and vSwitch

Create a VPC and at least one vSwitch before deploying cloud resources. See Plan networks.

  1. Create and manage a VPC

  2. Create and manage a vSwitch

References