Alibaba Cloud Virtual Private Cloud (VPC) is an isolated cloud network built for private usage. VPC provides users with the utmost control over data, security and resources, including configuration of route tables, network gateways and selection of IP addresses range.
Users can even augment resources by connecting a private on-premise network to Alibaba Cloud VPC to develop a hybrid cloud solution. This provides users with the ability to conduct external backups and meet regulatory needs.
Achieves security standards of traditional VLAN isolation through Alibaba Cloud advanced security features, including tunneling technology.
Segregates VPC instances into different security domains using security group features.
Compliant with security isolation regulations set by the Chinese Government for financial users.
Easy Access Control
Easy and flexible access control solution for each security domain.
Quickly create and access Alibaba Cloud VPC services using the console.
Multiple Connectivity Options
Easily connect to the Internet by creating public-facing subnets.
Securely connect to your corporate data center and route all incoming and outgoing traffic of your instances.
Securely share resources across multiple virtual networks by connecting privately to VPCs of other Alibaba Cloud accounts.
Rich Network Connectivity
Supports VPN software and dedicated data line connections.
Supports multi-line connections which can be connected with private, physical or other proprietary network.
Supports VPN gateway customization. Set up your own VPN gateway or access a variety of VPN products offered on
Easy Payment Options
Offers flexible billing where you pay only for the resources used such as bandwidth, storage, compute, etc.
Alibaba Cloud VPC allows the flexibility to build your cloud architecture in a logically isolated and secure environment. This means users can control their virtual networking environment, including the selection of IP address range, the creation of subnets and configuration of route tables and network gateways. Users can also segregate VPC instances into different security domains using security group features.
Alibaba Cloud VPC includes the option to build layers of security into managed private cloud network architecture. For example, users can create a public-facing subnet for web server hosting and place backend systems such as database or application servers in a private-facing subnet with no Internet access.
VPC supports VPN software and dedicated data line connections, as well as multi-line connections which can be connected with private, physical or other proprietary networks.
Ease of Use:
Virtual LAN (VLAN)
Any broadcast domain which is partitioned and isolated in a computer network at the data link layer.
Alibaba Cloud uses VLAN to divide the range of private IP address into several VSwitches.
Helps easy deployment of applications and other VPC services.
Customize Routing Rules
Easily customize and manage VRouter routing rules.
Configure forwarding routes of traffic.
Define routing rules between source and destination in route tables.
Offers dedicated Elastic IP addresses (EIPs) which you can attach to the ECS instances within the managed private cloud and access them publicly.
Offers dedicated line access service which helps you to establish a private and direct connection from your office, local data center or co-hosting location to Alibaba Cloud data center bypassing the public Internet.
Dedicated line access reduces network latency and provides you with a more consistent network experience compared to other Internet connections.
Security Group is a logical segregation of instances with the same security requirements and mutual trust.
Alibaba Cloud VPC divides ECS instances into different security domains with the help of security groups.
You can control network access to ECS instances using security groups.
Each security domain enables you to customize access-control rules for different ports and IPs.
Allows you to specify inbound and outbound network traffic for each ECS instance.
A network access control list (ACL) is an optional layer of security that acts as a firewall for controlling traffic into and out of a subnet.
Operates at the subnet level which evaluates traffic entering and exiting a subnet.
Enables you to configure allow and deny rules.
Performs stateless filtering while security groups perform stateful filtering.
Hassle-free VPC Management:
Flexibly allocates IP addresses using CIDR (Classless Inter-Domain Routing) blocks as opposed to original allocation system based on IP address classes.
Replaces the old class A, B, C system and enables a single IP address to designate many unique IP addresses.
You can easily define traffic in route tables.
Free components such as VSwitches, VRouter, route tables, and route entries.
You only pay for resources used such as ECS, RDS etc.
Alibaba Cloud Virtual Private Cloud (VPC) is a managed private cloud network which you can build and define with Alibaba Cloud. You can launch Alibaba Cloud resources such as ECS, RDS, and Intranet SLB and achieve greater network control and security within enterprise private cloud.
Using Alibaba Cloud VPC through Management Console
The Alibaba Cloud Management Console provides a simple web-based user interface that allows you to access and configure VPC.
Using this console you can create, modify and manage your VPC networks.
For a step-by-step guide on how to create an Alibaba Cloud VPC through the management console, read this Quick Start Guide.
Accessing Alibaba Cloud Documentation
To create your own Alibaba Cloud VPC, read the VPC Documentation to get a detailed understanding of how VPC works and how to modify and manage your VPC. The documentation will help you understand the best practices in deploying VPC.
Alibaba Cloud VPC API Reference
You can use web-based Alibaba Cloud VPC APIs to programmatically create, manage and achieve greater control of your resources placed within VPC.
The Server Load Balancer is a ready-to-use enterprise load balancer service which distributes incoming traffic across multiple ECS instances, detects unhealthy instances and routes traffic to only healthy instances enabling you to build highly scalable and robust applications.
These resources will help you understand how Alibaba Cloud Server Load Balancer works.
The below links provide the documentation of both VPC and API that uses VPC.
1. What are the components of Alibaba Cloud VPC?
Alibaba Cloud VPC comprises the following components:
Subnet: A segment within VPC where you can place groups of isolated resources.
Internet Gateway: Enables you to connect VPC to the public Internet.
NAT: A highly available, managed Network Address Translation (NAT) service for your resources in a private subnet to access the Internet.
Hardware VPN Connection: A hardware-based VPN connection between VPC and your data center, corporate office or co-location facility.
Virtual Private Gateway: Enables VPC to connect with another network such as the public Internet, another VPC connection or your corporate data center.
Customer Gateway: Enables you to connect with the VPC using a hardware or software solution.
Router: Routers interconnect subnets and direct traffic to Internet gateways, virtual private gateways, and NAT gateways.
Peering Connection: Allows you to route traffic via private IP addresses between two peered VPCs.
2. What is the difference between a VPC and Classic Network?
A Virtual Private Cloud and Classic Network are different in the following ways:
Managed by Alibaba Cloud.
More or less like a public cloud offering.
Provides ease of use.
Offers a customizable, isolated virtual private cloud to suit different security requirements.
Suitable for customers who require advanced network management capabilities.
3. What is an Elastic IP?
An elastic IP or EIP is a dedicated public IP address which can be requested independently and attached to an ECS instance. An EIP can only be bound to an ECS instance VPC in one region.
4. What is the difference between an EIP and the public IP address of ECS?
Public IP addresses can be allocated only to Classic Network ECS instances. The EIP is an NAT IP, which is mapped to the private network card of ECS within a VPC.
If an instance is stopped, the public IP address changes when the instance is rebooted. However the public IP address does not change when the instance is restarted.
5. What is the maximum bandwidth a dedicated line supports?
A regular dedicated line supports up to 1 Gbps. For 10 Gbps physical dedicated line access, special service review is required.
6. Can I access different regions through a single private line?
Currently a single private line can be set up to access Alibaba Cloud services (including VPC) only within the region of the access point.
7. What is the purpose of a Network Access Control List (NACL)?
A Network Access Control List (NACL) is an optional layer of security that acts as a firewall to control incoming and outgoing traffic at subnet level. You can configure ‘allow and deny’ traffic rules in subnet through NACL. You can also perform stateless filtering using NACL.
8. In which regions are Alibaba Cloud VPC available?
The Alibaba Cloud VPC service is currently available in Singapore, South China 1, North China 2, East China 2, USA East 1, Hong Kong, East China 1 and USA West 1.
9. What Alibaba Cloud products can be used with VPC?
You can use other Alibaba Cloud products such as ECS, SLB, RDS, and Anti-DDoS within VPC for greater network control and security of your deployments.
10. Can an ECS instance in a Classic Network and VPC communicate via Intranet?
No, the ECS instance in a Classic Network and Virtual Private Cloud can communicate only via public network (Internet).
11. Can VPCs communicate with each other via Intranet?
Different Alibaba Cloud VPCs are completely isolated and cannot communicate with each other via an Intranet connection, but you can establish an IPSec VPN via the public network to achieve interconnection.