Updated on 2023-06-26 GMT+08:00

Functions

Table 1 lists common VPC functions.

Before using the VPC service, you should be familiar with the basic concepts, such as subnets, route tables, security groups, and EIPs. This will make it easier to understand VPC functions.

Table 1 Common VPC functions

Category

Function

Description

VPC and Subnet

VPC

A VPC provides an isolated virtual network for your cloud resources. You can flexibly configure and manage the network.

You can create VPCs, modify basic information about VPCs, add a secondary CIDR block to a VPC, remove a secondary CIDR block from a VPC, delete VPCs, and export the VPC list.

For details, see Creating a VPC.

Subnet

A subnet is a unique CIDR block with a range of IP addresses in your VPC. All resources in a VPC must be deployed on subnets.

You can create subnets, modify subnet information, and delete subnets.

For details, see Creating a VPC.

Route Table

A route table contains routes, which determine where traffic is directed.

When you create a VPC, the system automatically creates a default route table. The route table ensures that all subnets in the VPC can communicate with each other. You can also add custom routes to control where traffic is directed.

You can add, query, modify, and delete routes.

For details, see Route Table Overview.

Virtual IP Address

A virtual IP address can be shared among multiple ECSs. You can configure both private and virtual IP addresses for an ECS, and you can access the ECS through either IP address. A virtual IP address has the same network access capability as a private IP address. If you require high availability, you can use virtual IP addresses because they support active/standby ECS switchover.

You can assign and release virtual IP addresses, bind a virtual IP address to an EIP or ECS, and access a virtual IP address through an EIP, a VPN, Direct Connect, or VPC peering connection.

For details, see Virtual IP Address Overview.

IPv4 and IPv6 Dual-Stack Network

IPv4 and IPv6 dual stack allows your resources to use both the IPv4 and IPv6 addresses for private and public network communication.

You can create an IPv4/IPv6 dual-stack network or add an IPv6 subnet to a VPC to form a dual-stack network.

For details, see IPv4 and IPv6 Dual-Stack Network.

VPC Flow Log

A VPC flow log records information about the traffic going to and from a VPC. VPC flow logs help you monitor network traffic, analyze network attacks, and determine whether security group and network ACL rules require modification.

You can create, view, enable, disable, and delete VPC flow logs.

For details, see VPC Flow Log Overview.

Access Control

Security Group

A security group is a collection of access control rules for ECSs that have the same security protection requirements and are mutually trusted within a VPC. You can create a security group and define different access rules to protect the ECSs that it contains.

You can create and delete security groups, add, replicate, modify, delete, import or export security group rules, view the security group of an ECS, change the security group of an ECS, and add cloud resources to or remove them from a security group.

For details, see Security Group Overview.

Network ACL

A network ACL is an optional layer of security for your subnets. You can associate one or more subnets with a network ACL to control traffic in and out of the subnets.

You can create, view, modify, delete, enable, disable network ACLs, associate subnets with or disassociate them from network ACLs, and add, modify, change the sequence of, enable, disable, and delete network ACL rules.

For details, see Network ACL Overview.

EIP and Bandwidth

EIP

The Elastic IP (EIP) service enables you to use static public IP addresses and scalable bandwidths to connect your cloud resources to the Internet.

You can assign EIPs, bind EIPs to cloud resources, unbind EIPs from cloud resources, release EIPs, modify EIP bandwidth, and upgrade static BGP to dynamic BGP.

For details, see EIP Overview.

Shared Bandwidth

Shared bandwidth allows multiple EIPs to share the same bandwidth. All ECSs, BMSs, and load balancers that have EIPs bound in the same region can share a bandwidth.

You can assign, modify, delete a shared bandwidth, add EIPs to a shared bandwidth, and remove EIPs from a shared bandwidth.

For details, see Shared Bandwidth Overview.

Resource Interconnection

VPC Peering Connection

A VPC peering connection is a network connection between two VPCs. A VPC peering connection allows two VPCs communicate with each other using private IP addresses as if they were in the same VPC. You can create a VPC peering connection between your own VPCs, or between your VPC and a VPC of another account within the same region. However, you cannot create a VPC peering connection between VPCs in different regions.

You can create a VPC peering connection with another VPC in your account or with a VPC in another account. You can also view, modify, and delete VPC peering connections.

For details, see VPC Peering Connection Overview.

Monitoring

Viewing Metrics

You can view the bandwidth and EIP usage of the VPC service through Cloud Eye, create and set alarm rules, and customize the monitored objects and notification policies without adding plug-ins.

For details, see Supported Metrics.

Auditing

Viewing Audit Logs

With CTS, you can record operations performed on the VPC service for further query, audit, and backtracking purposes.

You can view and export operation records of the last seven days on the CTS console.

Tag

Tag Management

Tags help you identify and manage cloud resources. You can manage VPC tags, subnet tags, and EIP tags.

Permissions

Permissions Management

You can use Identity and Access Management (IAM) to implement fine-grained permissions management for your VPCs, allowing enterprises to set different access permissions based on organizations and responsibilities.

You can create an IAM user, grant permissions to the user, and create custom VPC policies.