Background information
With the continuous development of cloud computing, the scalability, security, reliability, privacy, and interconnection performance of virtualized networks are required to meet the requirements. Therefore, a variety of network virtualization technology has emerged.
An early solution is to combine the virtual machine network and physical network to form a flat network architecture, such as a large layer 2 network. With the expansion of virtual networks, problems such as ARP spoofing, broadcast storms, and host scanning will become more and more serious. To solve these problems, various network isolation technologies have emerged to completely separate the physical network from the virtual network. One of the technologies is to isolate users using vlans, but the maximum number of vlans can only be 4096, which cannot support the huge number of public cloud users.
introduce
Private network A Virtual Private Cloud (VPC) is an isolated network environment created based on AliYun. Private networks are logically isolated from each other. You can use Aliyun resources in your own virtual network.
You can fully control your own virtual network, for example, select your own IP address range, divide network segments, and configure routing tables and gateways to secure and easily access resources and applications. In addition, you can connect your private network to a traditional data center through private lines or VIRTUAL private network (VPN) to form a customized network environment for smooth migration of applications to the cloud and expansion of data centers.
The principle of description
Based on the current mainstream tunnel technology, a Virtual Private Cloud (VPC) isolates Virtual networks. Each VPC has an independent tunnel id. A tunnel ID corresponds to a virtual network. The data packets transmitted between the Elastic Compute Service (ECS) instances in a VPC are encapsulated with a unique tunnel ID and sent to the physical network for transmission. ECS instances in different VPCS cannot communicate with each other due to different tunnel ids and reside in two routing planes. Therefore, ECS instances in different VPCS are isolated.
Based on tunnel technology and Software Defined Network (SDN) technology, Ali Cloud has realized VPC products on the basis of hardware gateway and self-developed switch devices.
Default private network and switch
When you create a cloud service instance, if you do not create a private network and switch in advance, you can use the default private network configuration provided by the system. After the instance is created, a default private network and switch are created.
Proprietary networks and classic networks
Aliyun provides the following two network types:
Classic network Cloud products of classic network type are uniformly deployed in Ali public infrastructure, and ali Cloud is responsible for planning and management. They are more suitable for customers who have high requirements for network ease-of-use.
Private network A private network is a customized isolated private network. You can customize the topology and IP address of the private network. This network is suitable for customers who have high requirements on network security and have certain network management capabilities.
Contents about Alicloud VPC:
Understand and use aliyun private network VPC
(Private network VPC can help you build an isolated network environment based on Ali Cloud, and customize IP address range, network segment, routing table, and gateway. In addition, the VPC on the cloud can be connected to traditional IDCs through private lines, VPN, and GRE connections to build hybrid cloud services.)
Official website of Ali Yun University (Official website of Ali Yun University, Innovative Talent Workshop under cloud Ecology)