You can connect a virtual private cloud (VPC) to the Internet, another VPC, or a data center.

Enable Internet access

The following table describes the services that you can use to enable Internet access for VPCs.
Service Description Benefit
Static public IP address When you create an ECS instance in a VPC, you can specify whether you want the system to assign a public IPv4 address to the ECS instance. The ECS instance can use the public IP address to communicate with the Internet.

You cannot disassociate the public IP address from the ECS instance. However, you can convert the public IP address to an EIP. For more information, see Convert the static public IP address of an ECS instance in a VPC to an EIP.

You can purchase data transfer plans for an ECS instance that is assigned a public IP address. You can also purchase EIP bandwidth plans for an ECS instance after you convert the public IP address of the ECS instance to an EIP. For more information, see What is an EIP bandwidth plan? and What is a data transfer plan?.

EIP You can associate EIPs with or disassociate EIPs from ECS instances anytime. ECS instances in a VPC can use EIPs in SNAT entries to access the Internet and use EIPs in DNAT entries to provide Internet-facing services.

You can associate EIPs with or disassociate EIPs from ECS instances anytime.

You can use EIP bandwidth plans and data transfer plans to reduce the cost of data transfer over the Internet.

Internet NAT Gateway ECS instances in a VPC can use SNAT entries to access the Internet and use DNAT entries to provide Internet-facing services.
Note Internet NAT gateways do not provide load balancing services. To balance the loads of ECS instances, use SLB.
An Internet NAT gateway allows multiple ECS instances in a VPC to communicate with the Internet. However, each EIP can be used by only one ECS instance.
SLB
SLB provides load balancing services at Layer 4 and Layer 7. You can specify the ports on which SLB listens to distribute requests from the Internet to ECS instances. Alibaba Cloud provides two types of SLB instances: CLB and ALB.
Note SLB does not support SNAT. ECS instances deployed in a VPC cannot access the Internet through SLB.
SLB supports DNAT. Each port on an SLB instance can be mapped to one or more ECS instances.

SLB distributes network traffic across multiple ECS instances to prevent single points of failure. This improves the availability of application systems.

After you associate an EIP with an SLB instance, you can purchase EIP bandwidth plans and data transfer plans to reduce costs.

Connect VPCs

The following table describes the services that you can use to connect two VPCs.
Service Description Benefit
CEN

Establishes connections among VPCs in different regions or within different accounts.

For more information, see Use CEN to enable intra-region network communication.

  • Connects networks in different regions.
  • Low network latency and high speed.
  • Connects networks through nearby access points.
  • Connection redundancy and disaster recovery.
  • Systematic management.
VPN Gateway Establishes an IPsec-VPN connection between two VPCs for encrypted data transmission.

For more information, see Establish IPsec-VPN connections between two VPCs.

  • Security.
  • High availability.
  • Cost-effectiveness.
  • Ease of use.

Connect a data center to a VPC

The following table describes the services that you can use to connect a data center and a VPC.
Service Description Benefit
Express Connect You can use an Express Connect circuit to connect a data center and a VPC.

For more information, see What is a connection over an Express Connect circuit?.

  • Network traffic is distributed across the backbone networks of connectivity providers to minimize network latency.
  • Express Connect circuits ensure the security and reliability of data transfer.
VPN Gateway
  • Establishes an IPsec-VPN connection between a data center and a VPC for encrypted data transmission.
  • Establishes an SSL-VPN connection between a client and a VPC.
  • Security.
  • High availability.
  • Cost-effectiveness.
  • Ease of use.
CEN
  • Connects to a data center.

    Connects to data center by attaching the VBR that is associated with the data center to the CEN instance.

  • Connects multiple VPCs and a data center.

    You can build an interconnected network by attaching multiple network instances such as VPCs and VBRs to a CEN instance.

  • Connects networks in different regions.
  • Low network latency and high speed.
  • Connects networks through nearby access points.
  • Connection redundancy and disaster recovery.
  • Systematic management.
SAG
  • Connects on-premises networks, such as data centers and branches, to Alibaba Cloud to build a hybrid cloud.
  • Connects on-premises networks.
  • Supports automatic configurations and zero touch provisioning (ZTP), and automatically adapts to network topology changes.
  • Connects to nearby access points in a metropolitan area network. Branch offices can be connected to Alibaba Cloud through active and standby access devices or connections.
  • Data transmitted over the Internet between the data center and the VPC is encrypted.