Creating a virtual private cloud (VPC) is the first step in cloud adoption. Planning your VPC with business scale and potential expansion in mind is crucial. You can tailor your network design to your specific business needs and select appropriate connectivity solutions for fast VPC deployment. This document provides a brief overview of what a VPC is and its features, guiding you through network planning and network connectivity. It aims to equip you with a thorough understanding before VPC deployment.
Overview
A VPC is your private cloud network that gives you full control over configurations such as IP address ranges, routes, and gateways. You can create resources in the VPC, such as Elastic Compute Service (ECS), Server Load Balancer (SLB), and ApsaraDB RDS. For more information about VPCs and their benefits, see VPC overview and Benefits.
The following diagram illustrates the basic topology of a VPC, which includes three essential components: a private CIDR block, a vSwitch, and a route table. For more information, see Service architecture.
Private CIDR block: When creating a VPC and vSwitches, specify a private CIDR block for the VPC.
System route table: After creating a VPC, the system automatically creates a system route table and adds routes to manage traffic.
vSwitch: vSwitches connect cloud resources in a VPC. You can deploy applications in vSwitches of different zones to improve availability.
Billing
While VPCs are free of charge, you are billed for features such as VPC peering connections, traffic mirroring, and flow logs. For more information, see VPC peering connection, Traffic mirroring billing, and Flow log billing.
Any other resources you deploy in the VPC will incur additional fees. For more information, see ECS billing, EIP billing, NAT gateway billing, and SLB billing.
Features
VPCs have a wide variety of features available to meet your needs, whether you are building a complex network architecture or implementing fine-grained security policies.
Scenario | Feature | Description |
Address planning and management | Automates the allocation and tracking of IP addresses and detects address conflicts when you enable this feature, thereby reducing the workload of administrators. | |
VPC connection | Enables network communication between two VPCs, whether they belong to the same account or different accounts, and whether they are in the same or different regions. | |
Multi-account management | Allows you to share cloud resources across accounts without creating and maintaining a VPC for each account. This simplifies network configuration and management. | |
Internet access control | Centralizes the management of instance access to the Internet in a VPC. This enhances security protection by controlling Internet access. | |
Traffic control | You can create custom route tables and add route entries for flexible network management. | |
Simplifies the configuration and management of route tables and security groups. | ||
Access control | You can customize network access control list (ACLs) rules and bind them to vSwitches to manage the traffic access for ECS instances in the vSwitches. | |
OM and monitoring | Record the traffic information of an elastic network interface (ENI) in the VPC, facilitating the access control review, network traffic monitoring, and troubleshooting. | |
Mirrors packets that pass through ENIs based on specified filters. This is useful for content inspection, threat monitoring, and troubleshooting. | ||
High availability architecture | With the high-availability virtual IP address (HAVIP) feature, you can build a high-availability architecture on the cloud based on the Address Resolution Protocol (ARP) using Keepalived or Heartbeat software. This ensures that the service IP remains unchanged during the master-replica switchover. |
Network planning
When deploying your cloud network using VPCs, you need to consider factors such as isolation, high availability, disaster recovery, and cost efficiency. By planning your network architecture, you can align it with both your current scale and expansion needs. For more information, see Plan networks.
Item | Suggestion |
Region and zone | Select the appropriate region and zone based on your requirements on latency and high availability, the types and quantities of cloud resources to be deployed, and your budget. |
Account | As your business grows, it is vital to create an account architecture for user permission allocation and secure environment isolation. This design should consider factors such as effective isolation, security compliance, log management, operation and maintenance, and cost efficiency. |
Number of VPCs | Decide how many VPCs are needed based on your business scale and the need for strong security isolation or disaster recovery. |
Number of vSwitches | To enhance security, we recommend that you create vSwitches that correspond to business modules, dividing the network into multiple subnets. For example, creating separate vSwitches for the web layer, logic layer, and data layer will help achieve hosting of standard web application architecture. We also recommend that you deploy cloud services to different vSwitches based on whether they need direct access to the Internet. This separates public and private networks and ensures secure access of cloud services. |
CIDR block | Avoid network conflicts and ensure network scalability when configuring CIDR block, as improper planning results in high reconstruction costs. You can use IPAM to enhance planning efficiency. |
Network connectivity
Depending on the context, you can strategically combine your VPC with cloud resources to enable network connections for features such as Internet access, VPC connections, and hybrid cloud deployment. For more information, see Network connectivity.
Scenario | Description | Solution |
Internet access | The Internet accesses applications deployed on the cloud, or the other way round. |
|
VPC connection | Establish secure, efficient private network communication between resources in different VPCs. |
|
Hybrid cloud | Connect on-premises data centers to VPCs to build a hybrid cloud. |
|
Quick start
You can choose quick deployment or use the console to create VPCs with IPv4 and IPv6 CIDR blocks.
If you need to create a VPC with only an IPv4 CIDR block, see Create a VPC with an IPv4 CIDR block.
If you need to create a dual-stack VPC with IPv4 and IPv6 CIDR blocks, see Create a VPC with an IPv6 CIDR block.
Developer tools
If you have knowledge of network service protocols and programming languages, you can call APIs to manage your cloud resources and develop your applications. For more information, see API Overview.
OpenAPI can dynamically generate SDK codes as needed, making it easy to use the SDK.
Feedback
To enhance your experience, please share your feedback or seek technical support in one of the following ways if you have any questions while using VPCs:
Pre-sales support: Learn about products or get a consultation by using Alibaba Cloud pre-sales service or contacting your account manager. For more information, see Pre-sales Consultation.
After-sales support: If you have problems while using products or services, you can call the Alibaba Cloud after-sales service or submit a ticket. For more information, see After-sales Support.
Documentation feedback: If you find documentation issues such as links, information, and API errors, you can click Feedback in the floating menu on the right side of the documentation page to provide feedback.