VPC

What Is VPC?

Virtual Private Cloud (VPC) offers a systematically separated, customizable, and controllable virtual network setting for cloud-based assets such as cloud servers, containers, and databases. This enhances the security of cloud services and streamlines the deployment of networks.

Why Is VPC Important?

With the continuous advancement of cloud computing, there is an increasing demand for a virtualized network that offers scalability, security, reliability, and privacy. The conventional two-layer network model is plagued by numerous issues, with security being the most prominent challenge. In a Layer 2 network, all devices can communicate with each other by default, leaving cloud hosts exposed to potential malicious attacks from other users sharing the same network. To address this, a Virtual Private Cloud (VPC) can establish segregated networks for individual users utilizing public network resources, thereby ensuring enhanced security and privacy. Furthermore, users have the flexibility to define IP addresses and routing policies for hosts within their VPC.

Main Components of a VPC

A Virtual Private Cloud (VPC) serves as a virtual network environment where you can partition a physical network into logical segments, such as subnets, vRouters, and vFWs.

Subnet: Within a VPC, a subnet represents a distinct network segment at the Layer 2 level. Multiple internal subnets can be established within a VPC to oversee cloud hosts with varying service needs. Cloud hosts in different internal VPC subnets have the capability to communicate with each other.

vRouter: Acting as the central networking component within a VPC, a vRouter is a virtual router that interconnects subnets. It serves as the subnet gateway to facilitate communication among different subnets.

vFW: A vFW, or virtual firewall, regulates inbound and outbound traffic between subnets or VPCs to guarantee the security of the VPC network.

Security Group: Much like a vFW, a security group is employed to uphold the network security of a VPC. The distinction lies in the fact that a vFW manages access based on subnets or VPCs, while a security group controls access based on individual hosts. It comprises a set of access control regulations for cloud hosts that necessitate the same level of security protection and share mutual trust.

How Does VPC Work?

A Virtual Private Cloud (VPC) is established by creating a Layer 2 network on top of a Layer 3 network through network overlay technology. This overlay network is a virtual logical network that is software-defined and resides on an underlying network infrastructure. The core of overlay technology involves encapsulating Layer 2 packets within IP tunnels, utilizing technologies like VXLAN and NVGRE. By encapsulating the original Layer 2 packets, data from a host can be transmitted across the network transparently. Upon reaching the destination device, the encapsulated packets are decapsulated, restoring the original packets before being delivered to the intended host. Through this process, communication between hosts can take place at Layer 2.