By Shantanu Kaushik
In Part 1, we introduced the VPC solution and gave a detailed architectural layout of the solution. In this article, we will discuss the core components that make up the VPC architecture and the significant features and benefits.
A Virtual Private Cloud can be divided into various subnets. The functionality uses ECS instances in the same subnet with vSwitch to communicate with each other, but the ECS instances in different subnets will have to use vRouters to enable communication with each other.
A virtual switch (vSwitch) is an application or tool that allows communication between virtual machines. A vSwitch is a network component that connects different cloud resources working within a Virtual Private Cloud. After you create a VPC, you can create a vSwitch to help divide your Virtual Private Cloud into multiple subnets.
However, a vSwitch does more than forward data packets from point A to point B. vSwitches intelligently direct the communication over a network and check data packets before transmitting them to any destination. The vSwitches deployed within a VPC can communicate with each other using the private network and deploy your applications in different zones to improve service availability.
Some of the advantages related to vSwitches are listed below:
A virtual router (vRouter) works the same way a physical Internet router works. A vRouter is the hub connection for a Virtual Private Cloud (VPC) and serves as a gateway between the VPC and other networks and is associated with a route table. Alibaba Cloud VPC can create a vRouter right after a VPC.
Classless Inter-Domain Routing (CIDR) is an IP addressing scheme that helps improve the allocation of IP addresses and showcases two concepts of IP addressing and IP Routing. When you create a VPC and a vSwitch, you have to specify the private IP address range for the VPC in CIDR notation. CIDR takes away the IP addressing classes A, B, and C and increases the performance.
Any information passed using Alibaba Cloud VPC is completely isolated from the outside world, including the Internet. Alibaba Cloud VPC ensures the highest levels of security even if you and thousands of other tenants are using shared backend infrastructure. VPCs can only be interconnected by mapping an Elastic IP address (EIP) or configuring the NAT Gateway to point to an IP address associated with a VPC. Data packets that belong to specific ECS instances are encapsulated using the tunneling technique and are not shared with the physical network.
VPC is based on the industry-leading research and development capabilities of Alibaba Cloud. This enables VPC to share the same standards of availability, flexibility, and security. Alibaba Cloud VPC has a unique tunnel ID that corresponds to a virtual network, and these VPCs are isolated with unique tunnel IDs. Alibaba Cloud VPC uses a layer-2 logical isolation mechanism between different VPC instances using Vxlan. Network virtualization creates an overlay between physical networks and the VPC.
Alibaba Cloud provides a highly flexible access control mechanism that utilizes the Alibaba Cloud Identity and Access Management solution, RAM. You can use Alibaba Cloud RAM to manage network permissions and create security group functions. You can easily classify the VPC product instances into different security domains using these functions and assign custom access control rules to each one.
Alibaba Cloud VPC helps you accelerate specific applications and increase overall performance. Designing cloud architecture that best serves your organizational requirements offers flexibility. Alibaba Cloud VPC uses the SDN to configure the network according to the presented requirements. You can easily customize the IP address range and use custom route tables.
Alibaba Cloud VPC is designed to meet all the requirements for VPC resources to actively access the Internet to provide external services. You can bind Elastic IP addresses (EIPs) to VPC cloud products in the same region to give the instances to access the Internet.
Alibaba Cloud VPC works closely with the NAT Gateway. NAT Gateway supports the SNAT configurations that can facilitate the bridge between Internet access and cloud product instances. If you need active Internet services for multiple cloud products, you can always use DNAT configurations that enable:
Alibaba Cloud VPC is among the primary requirements to set up hybrid cloud network connections. Alibaba Cloud VPC can connect to an on-premises or private cloud using a virtual private network. Similarly, Express Connect can create intranet connections between VPC instances in different regions to enable interconnected networks across the Alibaba Cloud infrastructure.
Alibaba Cloud offers this VPC environment free of charge. The integrated environment created by Alibaba Cloud provides an unmatched service quality that includes regular platform upgrades and necessary security services. Part 3 of this 3-part series focuses on the different usage scenarios related to Alibaba Cloud VPC.
2,599 posts | 762 followers
FollowAlibaba Clouder - April 12, 2021
Alibaba Clouder - April 14, 2021
Alibaba Clouder - April 1, 2021
Alibaba Clouder - February 21, 2020
Alibaba Clouder - April 8, 2021
Alibaba Clouder - April 6, 2021
2,599 posts | 762 followers
FollowHighly reliable and secure deployment solutions for enterprises to fully experience the unique benefits of the hybrid cloud
Learn MoreConnect your business globally with our stable network anytime anywhere.
Learn MoreA cost-effective, efficient and easy-to-manage hybrid cloud storage solution.
Learn MoreAlibaba Cloud offers an accelerated global networking solution that makes distance learning just the same as in-class teaching.
Learn MoreMore Posts by Alibaba Clouder