A virtual private cloud (VPC) is a dedicated private network on the cloud that allows you to configure and manage a logically isolated network. You have complete control over the VPC you have created, including selecting IP address ranges, creating vSwitches, and configuring route tables and gateways.
VPCs offer the security and configurability that closely resemble a traditional data center, combined with the elasticity and scalability of cloud computing. Within your VPC, you can deploy cloud resources, such as Elastic Compute Service (ECS), ApsaraDB RDS, and Server Load Balancer (SLB) instances.
Benefits
VPCs are recognized for their security, reliability, flexibility, ease of use, and scalability.
Secure and reliable: Each VPC is assigned a unique tunnel ID, which corresponds to a virtualized network. VPCs are isolated from one another by these tunnel IDs.
Fine-grained control: Flexibly manage the inbound and outbound traffic of cloud resources in your VPC by using security group rules and network access control lists (ACLs).
Ease of use: Set up and manage VPCs on the console. A system route table is automatically created after the VPC creation.
Scalable: Create multiple vSwitches to deploy different services. VPCs can be connected to on-premises data centers and other VPCs to expand the network architecture.
Components
The following figure illustrates the basic topology of a VPC, which typically includes a private CIDR block, vSwitches, and a route table:
Private CIDR block: IP addresses for your VPC that are represented in the Classless Inter-Domain Routing (CIDR) form. You must specify a private CIDR block for your VPC and vSwitches upon creation.
Route table: A set of routes that control the traffic flow in the VPC. A system route table is automatically created for your VPC by default and a system route is added for traffic management.
vSwitch: Segments a VPC into one or more subnets and connects cloud resources in the VPC. vSwitches in the same VPC can communicate with each other. You can deploy applications across different zones to enhance service availability.
Scenarios
With a variety of features available for VPC, you can choose the most appropriate scenario based on your business requirements.
Deploy applications: When deploying an Internet-facing application in your VPC, you can create vSwitches to divide a VPC into subnets and implement security groups and network ACLs for isolation.
Separate business systems: To ensure strict isolation and business security, you can deploy businesses in separate VPCs and enable connectivity between VPCs by leveraging products such as VPC peering connection, VPN Gateway, and Cloud Enterprise Network.
Create hybrid cloud: Create a hybrid cloud with Express Connect or VPN Gateway to migrate applications to the cloud and extend your network architecture.
Get started with VPC
When deploying VPCs, consider factors such as isolation, high availability, disaster recovery, cost, the current business scale, and future expansion plans. For more information, see Plan networks.
Choose other cloud services to create connectivity tailored to your business and address diverse needs, such as Internet access, VPC peering, and hybrid cloud deployment. For more information, see Network connectivity.
Create a VPC with an IPv4 or IPv6 CIDR block through one-click deployment or on the console. For more information, see Create a VPC with an IPv4 CIDR block and Create a VPC with an IPv6 CIDR block.
Work with VPC
You can manage your VPC with your Alibaba Cloud account in the following ways:
VPC console: A web interface where you can create, manage, and delete VPCs. For more information, see Create and manage a VPC.
Alibaba Cloud SDKs: SDKs for programming languages such as Java, Go, PHP, and Python.
OpenAPI Portal: Allows you to retrieve and call APIs, and dynamically generate SDK sample codes.
Terraform: An open-source tool that helps you implement version control. You can configure files to orchestrate resources on Alibaba Cloud and other cloud platforms that support Terraform.
Billing
While setting up a VPC is free, there are charges associated with features such as VPC peering connections, traffic mirroring, and flow logs.
Deploying other cloud resources in the VPC, such as ECS or SLB instances, will incur additional costs. For more billing information, see ECS billing, EIP billing, Billing of Internet NAT gateways, and SLB billing.