Functions
Table 1 lists common VPC functions.
Before using the VPC service, you are advised to learn basic concepts, such as subnets, route tables, security groups, and EIPs, to better understand the functions provided by the VPC service.
| Category | Function | Description |
|---|---|---|
| VPC and Subnet | VPC | A VPC provides an isolated virtual network for your cloud resources. You can configure and manage the network as required. You can create VPCs, modify basic information about VPCs, delete VPCs, and export the VPC list. For details, see Creating a VPC. |
| Subnet | A subnet is a network plane for managing cloud resources in a VPC. All cloud resources must be deployed in a subnet. You can create subnets, modify subnet information, and delete subnets. For details, see Creating a VPC. | |
| Route Table | A route table contains routes, which are used to determine where traffic is directed. When you create a VPC, the system automatically creates a default route table. The route table ensures that all subnets in the VPC can communicate with each other. You can also add custom routes to control where traffic is directed. You can add, query, modify, and delete routes. For details, see Route Table Overview. In some regions, you can visit the route table module directly from the navigation pane on the left of the network console. You can associate subnets with a route table to facilitate flexible route management. For details, see Route Table (Route Table Module Can Be Directly Accessed from the Navigation Pane). | |
| Virtual IP Address | A virtual IP address can be shared among multiple ECSs. An ECS can have both private and virtual IP addresses, and you can access the ECS through either IP address. In addition, the virtual IP address has the same network access capability as the private IP address. Virtual IP addresses are used for high availability as they make active/standby ECS switchover possible. You can assign and release virtual IP addresses, bind a virtual IP address to an EIP or ECS, and access a virtual IP address through an EIP, a VPN, Direct Connect, or VPC peering connection. For details, see Virtual IP Address Overview. | |
| IPv4 and IPv6 Dual-Stack Network | IPv4 and IPv6 dual stack allows your resources to use both the IPv4 and IPv6 addresses for private and public network communication. HUAWEI CLOUD supports the IPv4/IPv6 dual stack. You can create an IPv4/IPv6 dual-stack network or add an IPv6 subnet to a VPC to form a dual-stack network. For details, see IPv4 and IPv6 Dual-Stack Network. | |
| VPC Flow Log | A VPC flow log records information about the traffic going to and from a VPC. VPC flow logs help you monitor network traffic, analyze network attacks, and determine whether security group and network ACL rules require modification. You can create, view, enable, disable, and delete VPC flow logs. For details, see VPC Flow Log Overview. | |
| Access Control | Security Group | A security group is a collection of access control rules for ECSs that have the same security protection requirements and are mutually trusted within a VPC. After a security group is created, you can create different access rules for the security group to protect the ECSs that it contains. You can create and delete security groups, add multiple security group rules and replicate security group rules, modify, delete, import or export security group rules, view the security group of an ECS, change the security group of an ECS, and add cloud resources to or remove them from a security group. For details, see Security Group Overview. |
| Network ACL | A network ACL is an optional layer of security for your subnets. You associate one or more subnets with a network ACL. The network ACL can help you control traffic in and out of the subnets. You can create, view, modify, delete, enable, disable network ACLs, associate subnets with or disassociate them from network ACLs, and add, modify, change the sequence of, enable, disable, and delete network ACL rules. For details, see Network ACL Overview. | |
| EIP and Bandwidth | EIP | The Elastic IP (EIP) service enables you to use static public IP addresses and scalable bandwidths to connect your cloud resources to the Internet. EIPs can be bound to or unbound from cloud resources. You can assign EIPs, bind EIPs to cloud resources, unbind EIPs from cloud resources, release EIPs, modify EIP bandwidth, and upgrade static BGP to dynamic BGP. For details, see EIP Overview. |
| Shared Bandwidth | Shared bandwidth allows multiple EIPs to share the same bandwidth. The ECSs, BMSs, and load balancers that are bound with EIPs in the same region can use the same shared bandwidth. You can assign, modify, delete a shared bandwidth, add EIPs to a shared bandwidth, and remove EIPs from a shared bandwidth. For details, see Shared Bandwidth Overview. | |
| Shared Data Package | A shared data package provides a quota for data usage. Such packages are cost-effective and easy to use. Shared data packages take effect immediately after your purchase. If you have subscribed to pay-per-use EIPs using bandwidth billed by traffic in a region and buy a shared data package in the same region, the EIPs will use the shared data package. After the package quota is used up or the package expires, the EIPs will continue to be billed on a pay-per-use basis. For details, see Shared Data Package Overview. | |
| Bandwidth Add-On Package | A bandwidth add-on package is used to temporarily increase the maximum shared or dedicated bandwidth of a yearly/monthly EIP. You can purchase, modify, and unsubscribe from bandwidth add-on packages. For details, see Bandwidth Add-On Package Overview. | |
| Resource Interconnection | VPC Peering Connection | A VPC peering connection is a network connection between two VPCs. A VPC peering connection allows two VPCs communicate with each other using private IP addresses as if they were in the same VPC. You can create a VPC peering connection between your own VPCs, or between your VPC and a VPC of another account within the same region. A VPC peering connection between VPCs in different regions will not take effect. You can create a VPC peering connection with another VPC in your account or with a VPC in another account. You can also view, modify, and delete VPC peering connections. For details, see Creating a VPC Peering Connection. |
| Layer 2 Connection Gateway | A Layer 2 connection gateway (L2CG) is a virtual tunnel gateway that can work with a Direct Connect or VPN connection to establish network communication between the cloud and on-premises networks. The gateway allows you to migrate data center or private cloud services to the cloud without changing subnets and IP addresses. You can buy, query, modify, and delete L2CGs, and create, query, and delete Layer 2 connections. For details, see Layer 2 Connection Gateway. | |
| Monitoring | Viewing Metrics | After the VPC service becomes available to you, you can view the bandwidth and EIP usage through Cloud Eye, create and set alarm rules, and customize the monitored objects and notification policies without adding plug-ins. For details, see Supported Metrics. |
| Auditing | Viewing Audit Logs | With CTS, you can record operations performed on the VPC service for further query, audit, and backtracking purposes. You can view and export operation records of the last seven days on the CTS console. For details, see Supported VPC Operations. |
| Tag | Tag Management | Tags help you identify and manage cloud resources. You can manage VPC tags, subnet tags, and tags on HUAWEI CLOUD. |
| Permissions | Permissions Management | You can use Identity and Access Management (IAM) to implement fine-grained permissions management for your VPCs, allowing enterprises to set different access permissions based on organizations and responsibilities. You can create an IAM user, grant permissions to the user, and create custom VPC policies. For details, see Permissions Management. |
Last Article: Application Scenarios
Next Article: Notes and Constraints
Did this article solve your problem?
Thank you for your score!Your feedback would help us improve the website.