Classic networks and virtual private clouds (VPCs) operate on distinct network planes. To facilitate private network communication between Elastic Compute Service (ECS) instances in a classic network and resources in a VPC, you can enable the ClassicLink feature on the VPC page.
Dear Alibaba Cloud users, starting February 28, 2025, Alibaba Cloud will discontinue services for Elastic Compute Service (ECS) instances on classic networks. We recommend that you migrate existing classic network instances to VPCs to avoid unintentional resource release or unavailability.
To maintain stable operations after migration, you can synchronize data between the classic network and the VPC using a private network. This will help simulate the business operations after migration. This topic introduces the ClassicLink feature and guides you through installing and using it.
Overview
ClassicLink feature
Classic networks and VPCs are independent network planes. When ECS instances in a classic network transmit data to VPC over Elastic IP addresses (EIPs), it can result in Internet traffic costs. Moreover, factors such as network quality and malicious attacks may compromise transmission efficiency and cause unnecessary risks.
The ClassicLink feature allows ECS instances within classic networks to connect and communicate with resources in VPCs over a private network.
As shown in the following scenario, after setting up communication between the ECS1 and the VPC using ClassicLink:
The ECS1 instance can access resources in the VPC, including ECS, ApsaraDB RDS, and Server Load Balancer (SLB) instances.
Resources in the VPC can access ECS1, but not other resources in the classic network.
Limits
An ECS instance in a classic network can only be connected to one VPC.
A VPC can connect to a maximum of 1,000 ECS instances that are in classic networks.
ECS instances in classic networks can only communicate with resources in the primary CIDR block of the VPC. They cannot communicate with resources in secondary CIDR blocks.
Procedure
Step 1: Enable ClassicLink
To allow ECS instances in the classic network to connect to the target VPC, you must Enable ClassicLink under the Basic Information tab.
Navigate to the VPC console, find the VPC that you want to manage, and click its ID.
On the Basic Information page, click Enable ClassicLink in the upper-right corner.
Step 2: Connect to the VPC
Select the ECS instances in the classic network that require private communication with the VPC, and create a connection.
Go to the ECS console, find the instance that you want to manage, and click Actions in the
> Connect to VPC panel.
In the Connect to VPC panel, select the VPC, and ensure that it has ClassicLink enabled.
Verify the Network Type for the ECS1.
If the status is Connected, it indicates that the connection between ECS1 and VPC has been established.
In the left-side navigation pane, choose , click the instance ID, and then add security group rules.
You can tailor the rules to meet your business needs.
FAQs
Does the ClassicLink feature support inter-region, cross-account connections?
The ClassicLink feature only supports same-account, same-region connections.
If you need to create inter-region, cross-account connections, you can migrate ECS instances from the classic network to the VPC. Then, create private communication between ECS instances using VPC peering connections or the Cloud Enterprise Network.
How do I disable ClassicLink?
In this example, only ECS1 in the classic network is connected to the VPC.
To Disconnect from VPC, follow the steps in the following figure:
On the Basic Information page, disable ClassicLink.
Why is the private network not working even if ECS instances in the classic network are connected to the VPC using ClassicLink?
Check the security group rules and ensure the protocol and port configurations are accurate.
The classic network uses the address range 10.0.0.0/8 (excluding 10.111.0.0/16). If the VPC employs the same range, it may cause route conflicts, thus hindering communication.
You can migrate ECS instances to the VPC for communication. To do so, click Disconnect from VPC and Schedule Migration to VPC.