Help Center > > Service Overview> What Is Virtual Private Cloud?
View PDF

What Is Virtual Private Cloud?

Updated at: Mar 20, 2020 GMT+08:00

Overview

The Virtual Private Cloud (VPC) service enables you to provision logically isolated, configurable, and manageable virtual networks for cloud servers, cloud containers, and cloud databases, improving cloud service security and simplifying network deployment.

You can create security groups and VPNs, configure IP address ranges, and specify bandwidth sizes in your VPC. With a VPC, you can configure and manage the networks within the VPC, making changes to these networks as needed, quickly and securely. You can also define rules for communication between ECSs in the same security group or in different security groups.

Product Architecture

The product architecture consists of the VPC components, security features, and VPC connectivity options.

Figure 1 Product Architecture

VPC components

Each VPC consists of a private CIDR block, route tables, and at least one subnet.

  • Private CIDR block: When creating a VPC, you need to specify the private CIDR block used by the VPC. The VPC service supports the following CIDR blocks: 10.0.0.0 – 10.255.255.255, 172.16.0.0 – 172.31.255.255, and 192.168.0.0 – 192.168.255.255
  • Subnet: Cloud resources, such as ECSs and databases, must be deployed in subnets. After a VPC is created, you need to divide the VPC into one or more subnets. The subnet CIDR block must be within the private CIDR block. For details, see Subnet.
  • Route table: When you create a VPC, the system automatically generates a default route table. The route table ensures that all subnets in the VPC can communicate with each other. If the routes in the default route table cannot meet application requirements (for example, an ECS without an EIP bound needs to access the Internet), you can create a custom route table. For more information, see Example Custom Route in a VPC and Example Custom Route Outside a VPC.

Secure Features

Security groups and network ACLs are used to ensure the security of cloud resources deployed in a VPC. A security group acts as a virtual firewall to provides access rules for cloud resources that have the same security protection requirements and are mutually trusted in a VPC. For more information, see Security Group Overview. You can associate subnets that have the same traffic control requirements with the same network ACL. You can add inbound and outbound rules to precisely control inbound and outbound traffic at the subnet level. For more information, see Network ACL Overview.

VPC Connectivity

HUAWEI CLOUD provides multiple VPC connectivity options to meet diverse requirements. For details about the application scenarios and connectivity solutions, see Application Scenarios.

  • VPC Peering allows two VPCs in the same region to communicate with each other using private IP addresses.
  • Elastic IP or NAT Gateway allows ECSs in a VPC to communicate with the Internet.
  • VPN, Cloud Connect, or Direct Connect can connect a VPC to your data center.

Accessing the VPC

You can access the VPC service through the management console or using HTTPS-based APIs.
  • Management console

    You can use the console to perform operations on VPC resources directly. To access the VPC service, log in to the management console and select Virtual Private Cloud from the console homepage.

  • API

    If you need to integrate the VPC service provided by the cloud system into a third-party system for secondary development, you can use an API to access the VPC service. For details, see the Virtual Private Cloud API Reference.

Did you find this page helpful?

Submit successfully!

Thank you for your feedback. Your feedback helps make our documentation better.

Failed to submit the feedback. Please try again later.

Which of the following issues have you encountered?







Please complete at least one feedback item.

Content most length 200 character

Content is empty.

OK Cancel