Terms
This topic describes terms related to Virtual Private Cloud (VPC).
| Term | Description |
|---|---|
| VPC | A VPC is a private network. VPCs are logically isolated from each other. You can create and manage cloud resources in your VPC, such as Elastic Compute Service (ECS) instances, Server Load Balancer (SLB) instances, and True IDC Cloud RDS instances. |
| vSwitch | A vSwitch is a basic network component of a VPC. A vSwitch connects different cloud resources. When you create a cloud resource in a VPC, you must specify a vSwitch to which the cloud resource is connected. |
| VPC sharing | A VPC owner (resource owner) can share non-default vSwitches in the VPC with one or more accounts (principals). The principals can create cloud resources in the shared vSwitches. A resource owner can share resources with accounts in the same or different enterprise organization. |
| Route | vRouter A vRouter is a virtual router that connects all vSwitches in a VPC and serves as a gateway that connects the VPC to other networks. A vRouter also forwards network traffic based on the routes in the route table. |
| A route table consists of routes in a vRouter. · System route table After you create a VPC, the system creates a system route table to manage routes of the VPC. By default, vSwitches in the VPC use the system route table. You cannot create or delete a system route table. However, you can add custom routes to a system route table. · Custom route table You can create a custom route table in a VPC and associate the custom route table with a vSwitch. This allows you to manage network traffic in a more flexible manner. · Gateway route table You can create a custom route table in a VPC and associate the custom route table with an IPv4 gateway. This route table is called a gateway route table. | |
| Route Each item in the route table is a route. A route specifies the next hop address for the network traffic that is destined for a destination CIDR block. Routes are classified into system routes and custom routes. | |
| Prefix list | A prefix list is a set of one or more CIDR blocks. You can create a prefix list for some commonly used IP addresses and set the prefix list as the destination for routes in a route table. This way, you do not have to configure a route for each IP address. If you want to expand the destination and access another CIDR block, you can add the CIDR block to the prefix list. Then, the routes with the prefix list as the destination will be updated. |
| NAT gateway | NAT Gateway provides the DNAT and SNAT features. NAT Gateway are classified into Internet NAT Gateway and VPC NAT Gateway. Internet NAT Gateway provide NAT services for public IP addresses, while VPC NAT Gateway provide NAT services for private IP addresses. You can choose Internet NAT Gateway or VPC NAT Gateway based on your business requirements. |
| VPC peering connection | A VPC peering connection is a private network connection between two VPCs. You can enable two VPCs to communicate by establishing a VPC peering connection. You can create a VPC peering connection between two VPCs within your account (same account), or between a VPC within your account and a VPC within another account (cross account). You can also create VPC peering connections between VPCs that belong to the same region (intra-region) or different regions (inter-region). |
| DHCP options set | Dynamic Host Configuration Protocol (DHCP) is a network management protocol. DHCP provides a standard for passing configuration information to servers in a TCP/IP network. The DHCP options set feature allows you to configure domain names and DNS server IP addresses for ECS instances in a VPC. |
| IPv4 gateway | An IPv4 gateway is a network component that connects a VPC to the Internet. An IPv4 gateway can enable a VPC to access the Internet by routing IPv4 traffic and translating private IP addresses to public IP addresses. When a VPC accesses the Internet by using an IPv4 gateway, IPv4 traffic flows through the IPv4 gateway. |
| ClassicLink | VPC supports the ClassicLink feature, which allows ECS instances in classic networks to communicate with cloud resources in VPCs. |
| Network ACL | Network access control lists (ACLs) allow you to implement access control for a VPC. You can create network ACL rules and associate a network ACL with a vSwitch. This allows you to control inbound and outbound traffic of Elastic Compute Service (ECS) instances attached to the vSwitch. |
| Security Group | A security group acts as a virtual firewall to control the inbound and outbound traffic of Elastic Compute Service (ECS) instances to improve security. Security groups provide Stateful Packet Inspection (SPI) and packet filtering capabilities. You can use security groups and security group rules to define security domains in the cloud. |
| HAVIP | A high-availability virtual IP address (HAVIP) is a private IP address that can be created and released as an independent resource. You can use HAVIPs with high-availability (HA) software such as Keepalived to deploy services in active/standby mode. This improves the availability of your services. |
| Flow log | VPC provides the flow log feature. The feature records information about inbound and outbound traffic of an elastic network interface (ENI). You can check access control rules, monitor network traffic, and troubleshoot network errors based on the flow logs. |
| Traffic mirroring | The traffic mirroring feature can mirror packets that flow through an ENI and that meet the filter conditions. The traffic mirroring feature mirrors network traffic from an ECS instance in a VPC and forwards the traffic to a specified ENI or an internal-facing Classic Load Balancer (CLB) instance. You can use this feature in scenarios such as content inspection, threat monitoring, and troubleshooting. |
| Idle instance | The VPC console can display idle instances. You can release idle instances to save costs. |
| Tag | VPC supports the tag feature. You can use tags to label and classify VPCs, route tables, and vSwitches, which facilitates resource search and aggregation. |
| Quota | sets quotas on the cloud resources and API operations for each account. service quotas are classified into the following types: general quotas, API rate limits, and privileges. |
| RAM authorization | You use an account to grant permissions to a RAM user. Then, the RAM user can manage VPCs based on the granted permissions. |