You can deploy cloud resources on Elastic Compute Service (ECS) instances that run in a virtual private cloud (VPC). This allows the cloud resources to access the Internet through the public IP addresses, elastic IP addresses (EIPs), NAT gateways, or Server Load Balancer (SLB) instances that are associated with the ECS instances.


A VPC is a private network dedicated for your use. By default, cloud resources in a VPC cannot access the Internet or be accessed over the Internet. You can connect to the Internet by configuring the public IP addresses, EIPs, NAT gateways, SLB instances that are associated with ECS instances.

VPCs are provided with EIP bandwidth plans and data transfer plans to help you reduce cost of data transfer over the Internet. For more information, see How can I minimize the cost of data transfer over the Internet?.

Public IP address of an ECS instance

When you create an ECS instance in a VPC network, you can allow the system to automatically assign a public IP address to the ECS instance. Then, the ECS instance can use the public IP address to access the Internet.

You cannot disassociate a public IP address from an ECS instance if the ECS instance runs in a VPC network. However, you can convert the public IP address to an EIP. For more information, see Convert an automatically assigned public IP address to an EIP for a VPC-connected ECS instance.


An EIP is a public IP address resource that you can purchase and hold independently. EIPs are based on NAT service. They are allocated to the Internet gateways of Alibaba Cloud and are mapped to the associated cloud resource through NAT. After an EIP is associated with a cloud resource, this cloud resource can access the Internet by using this EIP.

You can associate an EIP with an ECS instance in a VPC network, an Elastic Network Interface(ENI), an SLB instance, or a NAT gateway. For more information, see EIP user guide.

EIPs have the following benefits:
  • Independent purchase and possession

    You can purchase and hold an EIP as an independent resource. You do not need to purchase it together with other computing or storage resources.

  • Flexible association

    You can associate an EIP with a cloud resource as needed. You can also dissociate and release the EIP at any time.

  • Configurable network capabilities

    You can adjust the bandwidth of an EIP at any time. The new bandwidth immediately takes effect.

NAT gateways

NAT gateways are enterprise-class Internet gateways. NAT gateways provide network address translation services, including SNAT and DNAT, with a throughput capacity of up to 10 Gbit/s. NAT gateways can also be used in cross-zone disaster recovery.

NAT gateways support multiple ECS instances by using the same public IP address to access the Internet. For more information, see Enable ECS instances to access the Internet through SNAT.

NAT gateways have the following benefits:
  • Easy-to-use forwarding capability

    NAT gateways serve Internet-facing enterprise workloads that are deployed in VPCs. Each NAT gateway supports SNAT and DNAT rules. You can configure SNAT and DNAT rules without the need to create a NAT gateway.

  • High availability

    NAT gateways are virtual network devices that are developed based on distributed gateways of Alibaba Cloud. The software-defined networking (SDN) technology applies to NAT gateways. Each NAT gateway supports a forwarding capability of up to 10 Gbit/s, and can serve large-scale Internet applications.

  • Flexible specification adjustment

    You can change the specification of your NAT gateway, or the number and specifications of the EIPs associated with the NAT gateway at any time to provide flexible support for your services.

SLB instances

SLB instances can be used to distribute network traffic among multiple ECS instances. This optimizes the service capabilities of your applications. This also eliminates single point of failures (SPOFs) and improves the availability of your applications.

SLB is a port-based service that provides Layer-4 and Layer-7 load balancing. ECS instances that are connected to SLB can be accessed over the Internet. For more information, see Server load balancer overview.
Note ECS instances that are deployed in VPC networks cannot access the Internet through SLB. In this case, SNAT rules are not supported.
SLB has the following benefits:
  • High availability of the SLB architecture

    SLB instances are deployed in clusters to synchronize sessions and protect backend servers from SPOFs. This improves redundancy and ensures service stability.

  • High-availability with one SLB instance

    SLB supports cross-zone deployment in most regions. This allows you to achieve disaster recovery across data centers. If the primary zone suffers an outage, a failover is triggered to redirect requests to the servers in the secondary zone within approximately 30 seconds. After the primary zone is restored, traffic will be automatically switched back to the servers in the primary zone.

  • High-availability with multiple SLB instances

    You can deploy SLB instances and ECS instances in multiple zones within the same region or across different regions, and use Alibaba Cloud DNS to schedule requests.

  • High-availability with backend ECS instances

    SLB performs health checks to verify the availability of backend ECS instances. The health check feature improves the availability of frontend services by minimizing downtime caused by health issues of backend servers.