EIP

Single ECS accesses the Internet.

An EIP is a static IP address that can be directly accessed through the Internet or provide services accessible from the Internet.

An EIP can be bound to an ECS to enable Internet access, or unbound to disable access.

Shared bandwidth and shared data packages can be used to lower costs.

Configuring the VPC of ECSs That Access the Internet Using EIPs

NAT Gateway

Multiple ECSs share an EIP to access the Internet.

A NAT gateway offers both source network address translation (SNAT) and destination network address translation (DNAT). SNAT allows multiple ECSs in the same VPC to share EIPs to access the Internet. In this way, you can reduce management costs and prevent the EIPs of ECSs from being exposed to the Internet. DNAT implements port-level data forwarding. It maps EIP ports to ECS ports so that the ECSs in a VPC can share the same EIP and bandwidth to provide Internet-accessible services. However, DNAT does not balance traffic.

Using SNAT to Access the Internet

Using DNAT to Provide Services Accessible from the Internet

ELB

Use load balancers provided by the ELB service to evenly distribute incoming traffic across multiple ECSs in high-concurrency scenarios, such as e-commerce.

Load balancers distribute traffic across multiple backend ECSs, balancing the workload on each ECS (at Layer 4 or Layer 7). You can bind EIPs to ECSs to allow the access from the Internet.

ELB expands the service capabilities of your applications and improves availability by eliminating single points of failures.

What Is Elastic Load Balance?

VPC Peering

Connect VPCs in the same region.

You can request a VPC peering connection with another VPC in your account or in another account, but the two VPCs must be in the same region. VPC peering connections are free of charge.

Creating a VPC Peering Connection with Another VPC in Your Account

Creating a VPC Peering Connection with a VPC in Another Account

Cloud Connect

Connect VPCs in different regions.

Cloud Connect allows you to connect two VPCs in the same account or in different accounts even if they are in different regions.

Communication Between VPCs Across Regions

VPN

Use VPN to connect VPCs across regions at a low cost.

VPN uses an encrypted communications tunnel to connect VPCs in different regions and sends traffic over the Internet. It is inexpensive, easy to configure, and easy to use. However, VPN connections will be affected by the Internet quality.

Connecting to a VPC Through a VPN

VPN

Use VPN to connect a VPC to a local IDC with a low cost.

VPN uses an encrypted communications tunnel to connect a VPC on the cloud to a local IDC and sends traffic over the Internet. It is inexpensive, easy to configure, and easy to use. However, VPN connections will be affected by the Internet quality.

Connecting to a VPC Through a VPN

Direct Connect

Use a physical dedicated connection to connect a VPC to a local IDC.

Direct Connect provides physical connections between VPCs and data centers. It features low latency and is very secure. Direct Connect is a good choice if you have strict requirements on network transmission quality.

Accessing Multiple VPCs Using a Connection

Cloud Connect

Connect VPCs in different regions.

Cloud Connect allows the loading of Direct Connect virtual gateways to a Cloud Connect connection, interconnecting an on-premises data center with VPCs across regions.

Communication Between Data Centers and VPCs in Different Regions