VPC Functions

VPC provides various functions for you to flexibly configure services and build diversified networks. For details, see Table 1.

Basic VPC functions: VPC, subnet, route table, route, virtual IP address, network interface, and supplementary network interface
Network security: security group, network ACL, and IP address group
Network connectivity: VPC peering connection
Network O&M: VPC flow log and traffic mirroring

**Table 1** VPC functions
Function	Description	Reference
VPC	VPC allows you to provision logically isolated virtual private networks for cloud resources, such as cloud servers, containers, and databases. You can create subnets, security groups, network ACLs, route tables, and more to manage cloud resources flexibly. You can also use EIPs to connect cloud resources in VPCs to the Internet, and use Direct Connect and VPN to connect on-premises data centers to VPCs to build a hybrid cloud network.	Creating a VPC and Subnet
Subnet	A subnet is a unique CIDR block with a range of IP addresses in a VPC. All resources in a VPC must be deployed on subnets. Subnets in a VPC cannot overlap with each other.	Creating a Subnet for an Existing VPC
Route table and route	A route table contains a set of routes that are used to control the traffic in and out of your subnets in a VPC. Each subnet must be associated with a route table. A subnet can only be associated with one route table, but a route table can be associated with multiple subnets.	Route Table and Route Overview
Virtual IP address	A virtual IP address is a private IP address that can be independently assigned from and released to a VPC subnet. You can: Bind one or more virtual IP addresses to a cloud server so that you can use either the virtual IP address or private IP address to access the server. If you have multiple services running on a cloud server, you can use different virtual IP addresses to access them. Bind a virtual IP address to multiple cloud servers. You can use a virtual IP address and an HA software (such as Keepalived) to set up a high-availability active/standby cluster.	Virtual IP Address Overview
Elastic network interface	An elastic network interface is a virtual network card. You can create network interfaces and attach them to your cloud servers to obtain flexible and highly available network configurations.	Elastic Network Interface Overview
Supplementary network interface	Supplementary network interfaces are a supplement to elastic network interfaces. If the number of elastic network interfaces that can be attached to your cloud server cannot meet your requirements, you can use supplementary network interfaces, which can be attached to VLAN subinterfaces of elastic network interfaces.	Supplementary Network Interface Overview
Security group	A security group is a collection of access control rules for ECSs that have the same security protection requirements and are mutually trusted within a VPC. You can create a security group and define different access rules to protect the ECSs that it contains.	Security Group and Security Group Rule Overview
Network ACL	A network ACL is an optional layer of security for your subnets. After you add inbound and outbound rules to a network ACL and associate subnets with it, you can control traffic in and out of the subnets.	Network ACL Overview
IP address group	An IP address group is a collection of IP addresses. It can be associated with security groups and network ACLs to simplify IP address configuration and management in networking.	IP Address Group Overview
VPC peering connection	A VPC peering connection enables two VPCs in the same region to communicate using private IP addresses. The VPCs to be connected can be from the same account or different accounts.	VPC Peering Connection Overview
VPC sharing	VPC sharing allows multiple accounts to create and manage cloud resources, such as ECSs, load balancers, and RDS instances, in one VPC. With Resource Access Manager (RAM), you can share subnets in a VPC with one or more accounts so you can centrally manage resources in multiple accounts, which improves resource management efficiency and reduces O&M costs.	VPC Sharing Overview
IPv4/IPv6 dual stack network	IPv4/IPv6 dual stack allows your resources to use both IPv4 and IPv6 addresses for private and public network communications.	IPv4/IPv6 Dual-Stack Network
VPC flow log	A VPC flow log records information about the traffic going to and from a VPC. You can use flow logs to monitor network traffic, analyze network attacks, and determine whether security group and network ACL rules require modification.	VPC Flow Log Overview
Traffic mirroring	Traffic Mirroring can be used to mirror traffic that meets a mirror filter from an elastic network interface. You can configure inbound and outbound rules for a mirror filter to determine which traffic from an elastic network interface will be mirrored to a network interface or load balancer. You can then send the traffic for inspection, audit analysis, and troubleshooting.	Traffic Mirroring Overview