This topic describes the terms of virtual private cloud (VPC) to help you use VPC in a more appropriate way.
Term | Description |
A VPC is a private network on Alibaba Cloud. VPCs are logically isolated from each other. You can create and manage cloud resources in your VPC, such as Elastic Compute Service (ECS) instances, Server Load Balancer (SLB) instances, and ApsaraDB RDS instances. | |
A vSwitch is a basic network component of a VPC. A vSwitch connects different cloud resources. When you create a cloud resource in a VPC, you must specify a vSwitch to which the cloud resource is connected. | |
A VPC owner (resource owner) can share non-default vSwitches in the VPC with one or more Alibaba Cloud accounts (principals). The principals can create cloud resources in the shared vSwitches. A resource owner can share resources with Alibaba Cloud accounts in the same or a different enterprise organization. | |
vRouter A vRouter is a virtual router that connects all vSwitches in a VPC and serves as a gateway that connects the VPC to other networks. A vRouter also forwards network traffic based on the routes in the route table. | |
A route table consists of routes in a vRouter.
| |
Route Each item in a route table is a route. A route specifies the next hop address for the network traffic that is destined for a destination CIDR block. Routes are classified into system routes and custom routes. | |
A prefix list is a set of one or more CIDR blocks. You can create a prefix list for some commonly used IP addresses and set the prefix list as the destination for routes in a route table. This way, you do not have to configure a route for each IP address. If you want to expand the destination and access another CIDR block, you can add the CIDR block to the prefix list. Then, the routes with the prefix list as the destination will be updated. | |
NAT Gateway provides the DNAT and SNAT features. NAT gateways are classified into Internet NAT gateways and VPC NAT gateways. Internet NAT gateways provide NAT services for public IP addresses, while VPC NAT gateways provide NAT services for private IP addresses. You can choose Internet NAT gateways or VPC NAT gateways based on your business requirements. | |
A VPC peering connection is a private network connection between two VPCs. You can enable two VPCs to communicate with each other by establishing a VPC peering connection. You can create a VPC peering connection between two VPCs within your Alibaba Cloud account (same-account), or between a VPC within your Alibaba Cloud account and a VPC within another Alibaba Cloud account (cross-account). You can also create VPC peering connections between VPCs that belong to the same region (intra-region) or different regions (inter-region). | |
DHCP is a network management protocol. DHCP provides a standard for passing configuration information to servers in a TCP/IP network. The DHCP options set feature allows you to configure domain names and DNS server IP addresses for ECS instances in a VPC. | |
An IPv4 gateway is a network component that connects a VPC to the Internet. An IPv4 gateway can enable a VPC to access the Internet by routing IPv4 traffic and translating private IP addresses to public IP addresses. When a VPC accesses the Internet by using an IPv4 gateway, IPv4 traffic flows through the IPv4 gateway. | |
VPC supports the ClassicLink feature, which allows ECS instances in classic networks to communicate with cloud resources in VPCs. | |
Network access control lists (ACLs) allow you to implement access control for a VPC. You can create network ACL rules and associate a network ACL with a vSwitch. This allows you to control inbound and outbound traffic of Elastic Compute Service (ECS) instances that are attached to the vSwitch. | |
A security group acts as a virtual firewall to control the inbound and outbound traffic of ECS instances to improve security. Security groups provide Stateful Packet Inspection (SPI) and packet filtering capabilities. You can use security groups and security group rules to define security domains in the cloud. | |
An HAVIP is a private IP address that can be created and released as an independent resource. You can use HAVIPs with high-availability (HA) software such as Keepalived to deploy services in active/standby mode. This improves the availability of your services. | |
VPC provides the flow log feature. The feature records information about inbound and outbound traffic of an elastic network interface (ENI). You can check access control rules, monitor network traffic, and troubleshoot network errors based on the flow logs. | |
The traffic mirroring feature can mirror packets that flow through an ENI and that meet the filter conditions. The traffic mirroring feature mirrors network traffic from an ECS instance in a VPC and forwards the traffic to a specified ENI or an internal-facing Classic Load Balancer (CLB) instance. You can use this feature in scenarios such as content inspection, threat monitoring, and troubleshooting. | |
The VPC console can display idle instances. You can release idle instance to save costs. | |
VPC supports the tag feature. You can use tags to label and classify VPCs, route tables, and vSwitches, which facilitates resource search and aggregation. | |
Alibaba Cloud sets quotas on the cloud resources and API operations for each Alibaba Cloud account. Alibaba Cloud service quotas are classified into the following types: general quotas, API rate limits, and privileges. | |
You use an Alibaba Cloud account to grant permissions to a RAM user. Then, the RAM user can manage VPCs based on the granted permissions. |