The vpc network refers to the private network, which is a customized logically isolated network space on the public cloud and is a customizable network space. VPC is mainly a network-level function. Its purpose is to allow users to build an isolated virtual network environment on the cloud platform that can manage configurations and policies, thereby further improving the security of users' resources in the AWS environment.
The operating environment of this tutorial: Windows 7 system, Dell G3 computer.
What does vpc network mean?
The vpc network refers to the private network.
Private network (Virtual Private Cloud, VPC) is a logically isolated network space customized on the public cloud. You can build logically isolated and user-defined network space for cloud servers, cloud databases and other resources. Configure network space to improve the security of users’ cloud resources and meet the needs of different application scenarios.
VPC is a network space that we can customize. It is similar to the traditional network we run in the data center. Hosted in the VPC are our server resources on the private cloud, such as cloud hosts, load balancing, Cloud database, etc. We can customize network segmentation, IP addresses, routing policies, etc., and implement multi-layer security protection through security groups and network ACLs. At the same time, you can also connect VPC and our data center through dedicated lines to flexibly deploy hybrid cloud.
VPC is mainly a network-level function. Its purpose is to allow us to build an isolated virtual network environment on the cloud platform that can manage configuration and policies, thereby further improving our performance in the AWS environment. security of resources. We can manage our own subnet structure, IP address range and allocation method, network routing policy, etc. in the VPC environment. Because we can control and isolate the resources in the VPC, it feels like our own private cloud computing environment to us.
We use VPC and other related cloud services to integrate the company's own data center with its cloud environment to form a hybrid cloud architecture.
Benefits of using a private network
1) Flexible deployment: Customized network division, routing rules, and configuration implementation take effect immediately
2) Security isolation : 100% logically isolated network space, my territory listens to me
3) Rich access: supports public network access and dedicated line access
4) Access control: accurate to the port Network control to meet the security requirements of financial governments and enterprises
Core components of private networks
Private networks have three core components: Private Network segments, subnets, routing tables.
Private network segment
When users create a private network, they need to use CIDR (Classless Inter-Domain Routing) as the designated IP address group for the private network.
Public cloud private network CIDR supports the use of any one of the following private network segments:
10.0.0.0 - 10.255.255.255 (the mask range must be 12 - 28 between)
172.16.0.0 - 172.31.255.255 (the mask range needs to be between 12 - 28)
192.168.0.0 - 192.168.255.255 (The mask range needs to be between 16 - 28)
Subnet
A private network consists of at least one subnet , all cloud resources (such as cloud servers, cloud databases, etc.) in the private network must be deployed within the subnet, and the CIDR of the subnet must be within the CIDR of the private network.
The private network has the Region attribute (such as Guangzhou), and the subnet has the Availability Zone attribute (such as Guangzhou Zone 1). You can divide one or more subnets for the private network, and the same private network Different subnets under the network are interconnected by default within the intranet, and different private networks (whether in the same region or not) are isolated by default within the intranet.
Routing table
When a user creates a private network, the system will automatically generate a default routing table for it to ensure the same All subnets under the private network are interconnected. When the routing policy in the default routing table cannot meet the application, you can create a custom routing table.
vpc private network connection
Public cloud provides you with a variety of VPC connection solutions to meet the scenario needs of different users:
Through elastic public IP and NAT gateway, cloud servers, cloud databases and other resources in the VPC can be connected to the public network.
Communication between different VPCs is achieved through peer-to-peer connections and cloud networking.
VPC and local data center are interconnected through dedicated line access and cloud networking.
vpc private network security
A private network is a logically isolated network space on the cloud. Different private networks are mutually exclusive. Isolation to protect your business security:
Security group: Security group is a stateful packet filtering virtual firewall that is used to control incoming and outgoing traffic at the instance level and is an important means of network security isolation.
Network ACL: Network ACL is a subnet-level, stateless packet filtering virtual firewall, used to control data flow in and out of the subnet, and can be accurate to protocol and port granularity.
Access Management (CAM): Access management provides users with secure management of access rights to all resources under public cloud accounts. Through access management, you can manage permissions for access to private networks. For example, you can control users' permissions to access private networks through identity management and policy management.
For more related knowledge, please visit the FAQ column!
The above is the detailed content of What does vpc network mean?. For more information, please follow other related articles on the PHP Chinese website!