All Products
Search

This Product

    Virtual Private Cloud:Internet access

    Document Center

    Virtual Private Cloud:Internet access

    Last Updated:Mar 05, 2025

    Alibaba Cloud offers a secure, isolated, and elastically scalable network environment in a virtual private cloud (VPC) for instances in the VPC to access the Internet. Choose an appropriate cloud resource or feature based on your needs.

    image

    You can mix and match cloud products depending your needs. Here are the key benefits and features of products in various scenarios:

    Scenario

    Product

    Description

    Strengths and limits

    Public IP for application server

    Static IP

    Assign a public IP address when creating an ECS instance. The system automatically assigns one that can access and be accessed by the Internet.

    Use Data Transfer Plan to reduce Internet costs.

    You cannot detach a static public IP from an ECS instances, but you can convert a static IP address into an Elastic IP (EIP).

    EIP

    A cloud resource can access the Internet after being associated with an EIP.

    EIPs can be dynamically attached to and detached from ECS instances.

    Use Internet Shared Bandwidth and Data Transfer Plan to reduce Internet costs.

    Ingress Internet traffic

    Server Load Balancer

    Use an Internet-facing SLB instance as the unified traffic ingress. Traffic is distributed to multiple backend servers to create an elastic, highly available application system.

    SLB distributes traffic to ECS instances to extend the service capabilities of application systems. This also increases the availability of the application systems by eliminating single points of failure (SPOFs).

    ECS instances cannot actively access the Internet through SLB.

    Egress Internet traffic

    Internet NAT gateway

    When multiple ECS instances in a VPC need to access the Internet, use the SNAT feature of the NAT gateway for secure access.

    An EIP can only be associated with a single cloud resource for Internet communication.

    Multiple ECS instances can access the Internet through the EIP associated with the Internet NAT Gateway. This simplifies management and reduces the risk of exposing internal resources.

    Internet access control

    IPv4 gateway

    Use route tables to control Internet traffic through the IPv4 gateway, reducing security risks brought by scattered accesses.

    Resources in a VPC can communicate with the Internet by associating with a public IPv4 address. In some cases, Internet access is not overseen by the O&M department. For example, business departments configure public IP addresses for ECS instances without informing O&M. Using an IPv4 gateway to centrally control Internet access reduces such security risks.