VPC Functions
- Basic VPC functions: VPC, subnet, route table, route, virtual IP address, network interface, and supplementary network interface
- Network security: security group, network ACL, and IP address group
- Network connectivity: VPC peering connection
- Network O&M: VPC flow log and traffic mirroring
Function |
Description |
Reference |
---|---|---|
VPC |
VPC allows you to provision logically isolated virtual private networks for cloud resources, such as cloud servers, containers, and databases. You can create subnets, security groups, network ACLs, route tables, and more to manage cloud resources flexibly. You can also use EIPs to connect cloud resources in VPCs to the Internet, and use Direct Connect and VPN to connect on-premises data centers to VPCs to build a hybrid cloud network. |
|
Subnet |
A subnet is a unique CIDR block with a range of IP addresses in a VPC. All resources in a VPC must be deployed on subnets. Subnets in a VPC cannot overlap with each other. |
|
Route table and route |
A route table contains a set of routes that are used to control the traffic in and out of your subnets in a VPC. Each subnet must be associated with a route table. A subnet can only be associated with one route table, but a route table can be associated with multiple subnets. |
|
Virtual IP address |
A virtual IP address is a private IP address that can be independently assigned from and released to a VPC subnet. You can:
|
|
Elastic network interface |
An elastic network interface is a virtual network card. You can create network interfaces and attach them to your cloud servers to obtain flexible and highly available network configurations. |
|
Supplementary network interface |
Supplementary network interfaces are a supplement to elastic network interfaces. If the number of elastic network interfaces that can be attached to your cloud server cannot meet your requirements, you can use supplementary network interfaces, which can be attached to VLAN subinterfaces of elastic network interfaces. |
|
Security group |
A security group is a collection of access control rules for ECSs that have the same security protection requirements and are mutually trusted within a VPC. You can create a security group and define different access rules to protect the ECSs that it contains. |
|
Network ACL |
A network ACL is an optional layer of security for your subnets. After you add inbound and outbound rules to a network ACL and associate subnets with it, you can control traffic in and out of the subnets. |
|
IP address group |
An IP address group is a collection of IP addresses. It can be associated with security groups and network ACLs to simplify IP address configuration and management in networking. |
|
VPC peering connection |
A VPC peering connection enables two VPCs in the same region to communicate using private IP addresses. The VPCs to be connected can be from the same account or different accounts. |
|
VPC sharing |
VPC sharing allows multiple accounts to create and manage cloud resources, such as ECSs, load balancers, and RDS instances, in one VPC. With Resource Access Manager (RAM), you can share subnets in a VPC with one or more accounts so you can centrally manage resources in multiple accounts, which improves resource management efficiency and reduces O&M costs. |
|
Edge gateway |
An edge gateway can connect subnets in the same VPC but from both edge and central AZs or from different edge AZs. |
|
IPv4/IPv6 dual stack network |
IPv4/IPv6 dual stack allows your resources to use both IPv4 and IPv6 addresses for private and public network communications. |
|
VPC flow log |
A VPC flow log records information about the traffic going to and from a VPC. You can use flow logs to monitor network traffic, analyze network attacks, and determine whether security group and network ACL rules require modification. |
|
Traffic mirroring |
Traffic Mirroring can be used to mirror traffic that meets a mirror filter from an elastic network interface. You can configure inbound and outbound rules for a mirror filter to determine which traffic from an elastic network interface will be mirrored to a network interface or load balancer. You can then send the traffic for inspection, audit analysis, and troubleshooting. |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot