Virtual Private Cloud (VPC) provides the ClassicLink feature. This feature allows classic network-connected Elastic Compute Service (ECS) instances to communicate with cloud resources deployed in VPCs.

Notice The ClassicLink feature is supported only in regions that support classic networks. For more information about the regions that support ClassicLink, see View and increase instance quotas.

Limits

Before you use the ClassicLink feature, take note of the following limits:
  • You can associate up to 1,000 classic network-connected ECS instances with a VPC.
  • For one Alibaba Cloud account in one region, a classic network-connected ECS instance can be associated with only one VPC.

    If you want to associate an ECS instance of Account A with a VPC of Account B, you must first transfer the ECS instance from Account A to Account B.

  • Classic network-connected ECS instances can communicate only with ECS instances in the primary CIDR block of a VPC. Classic network-connected ECS instances cannot communicate with ECS instances in the secondary CIDR block of the VPC.
  • To enable the ClassicLink feature for a VPC, the following conditions must be met.
    VPC CIDR block Limit
    172.16.0.0/12 The VPC does not contain a custom route entry whose destination CIDR block is 10.0.0.0/8.
    10.0.0.0/8
    • The VPC does not contain a custom route entry whose destination CIDR block is 10.0.0.0/8.
    • Make sure that the CIDR block of the vSwitch to communicate with the classic network-connected ECS instances is within 10.111.0.0/16.
    192.168.0.0/16
    • The VPC does not contain a custom route entry whose destination CIDR block is 10.0.0.0/8.
    • Add a custom route entry to the ECS instance that is deployed in the classic network. The destination CIDR block of the route entry is 192.168.0.0/16 and the next hop is the private network interface controller (NIC). You can add the route by using the provided script. Download routing script.
      Note Before you run the script, read the readme.txt file.

Scenarios

The following table describes how ECS instances in a classic network are associated with a VPC.

Source network Region/Account Destination network/Internal communication
Classic network VPC
Classic network

Same region

Same account

 Modify the security groups of the ECS instances to allow communication within the same account. Establish a ClassicLink connection.

Same region

Across accounts

 Modify the security groups of the ECS instances to allow communication across accounts.
  • Plan A:
    1. Migrate the classic network-connected ECS instances to a VPC.
    2. Associate the VPC with the destination VPC.
  • Plan B:
    1. Transfer the classic network-connected ECS instances to the account to which the destination VPC belongs.
    2. Establish a ClassicLink connection.

Across regions

Same account
  1. Migrate the ECS instances in the source and destination to two VPCs.
  2. Connect the two VPCs.
  1. Migrate the ECS instances from the source network to a VPC.
  2. Connect the two VPCs.

Across regions

Across accounts
VPCs

Same region

Same account

 Establish a ClassicLink connection. Connect the two VPCs.

Same region

Same account
  • Plan A:
    1. Migrate the classic network-connected ECS instances to a VPC.
    2. Connect the two VPCs.
  • Plan B:
    1. Transfer the classic network-connected ECS instances to the account to which the destination VPC belongs.
    2. Establish a ClassicLink connection.

Across regions

Same account
  1. Migrate the ECS instances from the destination classic network to a VPC.
  2. Connect the two VPCs.

Across regions

Across accounts

How ClassicLink works

The interconnection between classic network-connected ECS instances and a VPC can be achieved in the same way as that between two classic networks. Therefore, both the latency and bandwidth limit of the internal network remain unchanged. An established ClassicLink connection remains unchanged after you perform operations such as migrate (hot/cold migration), start, stop, or restart instances, or replace the system disk.

Classic network and VPC are two different network planes. A ClassicLink connection connects the two network planes and enables them to communicate with each other based on routes. To use ClassicLink, you must plan network addresses properly to prevent network conflicts.

The CIDR block used in classic networks of Alibaba Cloud is 10.0.0.0/8 (excluding 10.111.0.0/16). To use ClassicLink to establish connections, you must make sure that the CIDR block of the VPC does not conflict with that of the classic network. The CIDR blocks of VPCs that can communicate with classic networks are 10.111.0.0/16, 172.16.0.0/12, and 192.168.0.0/16.

Principles of intercommunication

After you use ClassicLink to connect ECS instances in a classic network to a VPC:

  • The ECS instances in the classic network can communicate with all cloud resources in the VPC.

    The ECS instances in the classic network can access cloud resources in the VPC, such as ECS instances, ApsaraDB RDS instances, and Server Load Balancer (SLB) instances. For example, the ECS instances in the classic network are connected to a VPC with destination CIDR block 10.0.0.0/8, and the vSwitch of the VPC is assigned the CIDR block 10.111.1.0/24. If you have deployed cloud resources such as ECS instances and ApsaraDB RDS instances in the vSwitch, the ECS instances in the classic network can access these resources by using ClassicLink.

  • ECS instances in the VPC can access only ECS instances in the classic network. They cannot access other cloud resources in the classic network or ECS instances deployed outside the classic network.