Virtual Private Cloud (VPC) is a custom network environment that
consists of VPC vRouters and VPC networks. With VPC, enterprise users can build a
logically isolated private cloud.
VPC vRouter and VPC Network
VPC consists of VPC vRouter and VPC network.
VPC vRouter: a vRouter that is created based on a vRouter offering. A VPC
vRouter has two types of network: public network and management network.
VPC vRouters are the core of VPC. A VPC vRouter can be created by
specifying a vRouter offering.
To create a vRouter offering, create the required public network,
management network, and vRouter image in advance.
A VPC vRouter can be attached to or detached from VPC networks or
other public networks.
The public network and the management network that are defined by a
vRouter offering cannot be detached.
The same vRouter offering can be used to create multiple VPC
vRouters. These VPC vRouters share both the public IP range and the
management IP range defined by the same vRouter offering.
The public network is the default network used to provide network
services.
VPC vRouters have higher resource priorities than VM instances. When
the host workload rates are extremely high, and then resources
contend with each other, the resource priority sequence from low to
high is as follows: VM instances with Normal priorities <
VM instances with High priorities < VPC vRouters. For
example, when CPU resources contend with each other on hosts, VPC
vRouters have higher CPU resource grabbing capability.
VPC network: a private network that can be attached to a VPC vRouter.
You need to create an L2 network before you can create an L3 VPC network.
When you create a VPC network, you can specify a vRouter. Or you can attach a
vRouter to the VPC network after you create the VPC network.
If your VM instances use a VPC network, you cannot detach the VPC network from
the VPC vRouter.
The newly created IP range must not overlap any IP range in the VPC
vRouter.
The VPC network topology is shown in VPC Network
Topology.Figure 1. VPC Network Topology
HA Group of VPC vRouter
High availability (HA) group: You can deploy two VPC vRouters according to the
active-backup policy. When the active VPC vRouter is abnormal, the backup VPC
vRouter will automatically take over to work properly, thus ensuring your business
continuity.
Note: The VPC vRouters in an HA group will be only displayed on the
details page of the HA group, but will not be displayed independently in the
vRouter table.
VPC Features
VPC has the following feature benefits:
Flexible network configuration: Different VPC networks can be flexibly
attached to the VPC vRouters. You can customize an independent IP range and
an independent gateway for each VPC network. VPC vRouters allow you to
attach or detach gateways, and also to dynamically configure your route
tables and route entries.
Secure and reliable isolation: Different VPC networks in different VPCs are
logically isolated. That is, the VPC networks support VLAN and VXLAN for
logical layer 2 isolation, and different VPCs of different accounts will not
affect each other.
Multi-subnet interconnection: Multiple VPC networks under the same VPC can
communicate privately and securely with one another.
Network traffic optimization: VPC supports distributed route features,
indicating that VPC can optimize the east-west network traffic, and reduce
the network latency effectively.
VPC vRouter HA: In a VPC vRouter HA group, you can deploy two VPC vRouters
according to the active-standby policy. When the active VPC vRouter is
abnormal, the standby VPC vRouter will automatically take over to work
properly, thus ensuring your business continuity.
VPC Network Service
The VPC network, which acts as a private network, provides a group of network
services by using VPC vRouters.
DHCP: By default, the VPC network provides distributed DHCP services by
using the flat network service module.
DNS: A VPC vRouter can act as a DNS server to provide DNS services. The DNS
address in a VPC vRouter VM instance is the IP address of the VPC vRouter.
Note that the DNS address that you set is forwarded by the VPC vRouter.
SNAT: A VPC vRouter can provide the source network address translation
(SNAT) services for VM instances. Then, the VM instances can directly access
the Internet by using SNAT.
Route table: Through the route table, you can manage and customize
routes.
Security group: The security group service is provided by the security group
network service module. You can configure and manage firewalls for VM
instances by using iptables.
Elastic IP address (EIP): You can bind an EIP to a VPC network. Then, the
public network can interconnect with the private network of the VM
instance.
Port forwarding: The port forwarding service allows a public IP address to
interconnect with the private IP address of a VM instance. To be more
specific, you can create port forwarding rules to allow external networks to
reach specific ports of your VM instances.
Load balancing: The load balancing service distributes your inbound traffics
from a public IP address to a group of backend VM instances. Then, this
service will automatically check and isolate the VM instances that are
unavailable.
IPsec tunnel: The IPsec tunnel can be used to achieve interconnection
between different virtual private networks (VPNs).
Dynamic routing: The VPC vRouter supports the Open Shortest Path First
(OSPF) routing protocol, which is used to distribute routing information
within a single autonomous system.
Multicast routing: The VPC vRouter forwards the multicast information sent
by the multicast source to VM instances, achieving one-to-multi-point
communication in the transmission side and receiving side.
VPC firewall: The VPC firewall filters the south-north traffic on the VPC
vRouter ports, effectively protecting the VPC communication security and VPC
vRouter security.
Netflow: The Netflow service monitors and analyzes the inbound and outbound
traffics of the VPC vRouter NICs. Currently, the following two types of
data-flow output format are supported: Netflow V5 and Netflow V9.