You are viewing a free preview of this lesson.
Subscribe to unlock all 10 lessons in this course and every other course on LearningBro.
A Virtual Private Cloud (VPC) is a logically isolated network on Alibaba Cloud where you deploy your cloud resources. Understanding VPC networking is essential for building secure, well-architected applications.
A VPC is your own private network within Alibaba Cloud. It provides:
Every VPC is region-specific — it exists within a single Alibaba Cloud region.
When creating a VPC, you define a CIDR block (the IP address range):
| CIDR Block | Usable IPs | Common Use |
|---|---|---|
| 10.0.0.0/8 | ~16 million | Large environments |
| 172.16.0.0/12 | ~1 million | Medium environments |
| 192.168.0.0/16 | ~65,000 | Small environments |
A vSwitch is a subnet within a VPC. Each vSwitch:
VPC: 10.0.0.0/16
├── vSwitch-A (Zone A): 10.0.1.0/24 → Public
├── vSwitch-B (Zone B): 10.0.2.0/24 → Public
├── vSwitch-C (Zone A): 10.0.10.0/24 → Private
└── vSwitch-D (Zone B): 10.0.20.0/24 → Private
Route tables determine where network traffic is directed. Each vSwitch is associated with a route table.
Example routes:
| Destination | Next Hop | Purpose |
|---|---|---|
| 10.0.0.0/16 | Local | Traffic within the VPC |
| 0.0.0.0/0 | Internet Gateway | Public internet access |
| 0.0.0.0/0 | NAT Gateway | Private subnet internet access |
An internet gateway allows resources with public IP addresses (Elastic IP) to communicate with the public internet. Alibaba Cloud VPCs have a built-in internet gateway.
An EIP is a static public IP address that you can associate with an ECS instance, SLB, or NAT Gateway. EIPs persist independently of the resource lifecycle.
A NAT Gateway allows resources in private subnets to access the internet without being exposed to inbound traffic:
Subscribe to continue reading
Get full access to this lesson and all 10 lessons in this course.