VPC Functions

VPC allows you to provision logically isolated virtual private networks for cloud resources, such as cloud servers, containers, and databases. You can configure subnets, security groups, network ACLs, route tables, and more to flexibly manage your cloud networks. You can also use EIPs to connect cloud resources in VPCs to the Internet. You can use Direct Connect or VPN to connect on-premises data centers to VPCs to build a hybrid cloud network.

For more information, see Creating a VPC with a Subnet.

A subnet is a unique CIDR block with a range of IP addresses in a VPC. All resources in a VPC must be deployed on subnets. Subnets in the same VPC cannot overlap.

For more information, see Creating a Subnet for an Existing VPC.

A route table contains a set of routes that determine where network traffic in and out of your VPC subnets is directed. Each subnet must be associated with a route table. A subnet can only be associated with one route table, but a route table can have multiple subnets associated.

For more information, see Route Table and Route Overview.

For more information, see Virtual IP Address Overview.

An elastic network interface is a virtual network card. You can create network interfaces and attach them to your cloud servers to obtain flexible and highly available network configurations.

For more information, see Elastic Network Interface Overview.

Supplementary network interfaces are a supplement to elastic network interfaces. If the number of elastic network interfaces that can be attached to your cloud server cannot meet your requirements, you can use supplementary network interfaces, which can be attached to VLAN subinterfaces of elastic network interfaces.

For more information, see Supplementary Network Interface Overview.

A security group is a collection of access control rules for ECSs that have the same security requirements and are mutually trusted within a VPC. You can create a security group and define different access rules to protect the ECSs that it contains.

For more information, see Security Group and Security Group Rule Overview.

A network ACL is an optional layer of security for your subnets. You can add inbound and outbound rules to a network ACL and associate subnets with it to control traffic in and out of the subnets.

For more information, see Network ACL Overview.

An IP address group is a collection of IP addresses. It can be associated with security groups and network ACLs to simplify IP address configuration and management in networking.

For more information, see IP Address Group Overview.

A VPC peering connection enables two VPCs in the same region to communicate using private IP addresses. The VPCs to be connected can be in the same account or different accounts, but they must be in the same region.

For more information, see VPC Peering Connection Overview.

IPv4 and IPv6 dual stack allows your resources to use both IPv4 and IPv6 addresses for private and public network communications.

For more information, see IPv4/IPv6 Dual-Stack Network.

A VPC flow log records information about the traffic going to and from a VPC. You can use flow logs to monitor network traffic, analyze network attacks, and determine whether security group rules require modification.

For more information, see VPC Flow Log.