Alibaba Cloud Networking Overview

In this blog, we will share the Alibaba cloud networking Overview.

ALIBABA VPC

  • Virtual Network is your own logically isolated area within the Alibaba cloud-based SDN (Software Defined Network) technology.
  • It provides VLAN level isolation and blocks outer network communications.
  • Users can customize their own topology including assigning an IP address, allocating network segment and configuring V-Switches and V-Router.
  • Integrate existing Datacentre through dedicated line (or) VPN to form a hybrid cloud. So both on-cloud and off cloud resources can share the same network address scheme.

SECURITY ISOLATION 

  • In Alibaba cloud networking, VPC adopts the VxLAN protocol.
  • Each VPC has assigned an independent Tunnel ID.
  • It controls L2 ARP broadcast domains within a single NIC which is similar to VLAN.

USER DEFINED NETWORK

  • Users can customize the VPC & Private IP address of ECS instances.
  • Customizing the network address can effectively reduce the number of access control rules which can eventually lower the administration cost.

VPC TOPOLOGY

Alibaba Cloud Networking Overview
  • In the above example VPC topology, There are two zones named Zone A & Zone B in the Mumbai Region.
  • There are two instances named Instance 1 and Instance 2 and enclosed with the same V-switch.
  • This V-switch is enclosed with VPC using V-Router.
  • Another zone named Zone B which has two instances named instance 3 and instance 4.
  • These two instances are enclosed with different V-switches.
  • VPC can enclose different V-switches from different zones. We can use the V-Router to connect these V-Switches at the same time.
  • We can hybrid the customer datacenter with VPC using a VPN (or) dedicated line.

ELASTIC PUBLIC IP (EIP)

  • The resources in the VPC are assigned with Internet IP which is only valid inside the VPC.
  • If we want to access our ECS resources through the internet, we can buy the instance with EIP.
  • Once we purchase the EIP, we can bind to VPC type ECS instances inside the same region.

VPC KEY COMPONENTS

  • Virtual Switch is the basic network device of a VPC. It used to connect different cloud product instances in a subnet within a VPC.
  • You can assign one (or) more virtual switches inside an availability zone.
  • Virtual Router is a hub in the VPC the connects all the virtual switches in the VPC.
  • It serves as a gateway device that connects the VPC to other networks.

SECURITY GROUP FEATURES

  • The security group is similar to a firewall.
  • We can specify one or more firewall rules in a security group including a network protocol, port, and source IP.
  • These rules are effective for all instances within the security group.
  • Every instance belongs to at least one security group.
  • A security group can isolate different users. For example, the instances that belong to different users can be placed in different security groups.
  • Each user can have up to 100 security groups. Each group can contain up to 1000 instances.
  • A single instance can join up to 5 security groups.
  • Each security group will have a maximum of 100 rules.
  • Alibaba cloud will create a default security group for each user.
  • This security group allows a public internet connection.

REFERENCE

https://www.alibabacloud.com/help/doc-detail/34217.htm

Thanks for reading this blog. We hope it was useful for you to learn about the Alibaba cloud networking Overview.

Loges