Alibaba Cloud Networking Overview

In this blog, we will share the Alibaba cloud networking Overview.

ALIBABA VPC

• Virtual Network is your own logically isolated area within the Alibaba cloud-based SDN (Software Defined Network) technology.
• It provides VLAN level isolation and blocks outer network communications.
• Users can customize their own topology including assigning an IP address, allocating network segment and configuring V-Switches and V-Router.
• Integrate existing Datacentre through dedicated line (or) VPN to form a hybrid cloud. So both on-cloud and off cloud resources can share the same network address scheme.

SECURITY ISOLATION 

• In Alibaba cloud networking, VPC adopts the VxLAN protocol.
• Each VPC has assigned an independent Tunnel ID.
• It controls L2 ARP broadcast domains within a single NIC which is similar to VLAN.

USER DEFINED NETWORK

• Users can customize the VPC & Private IP address of ECS instances.
• Customizing the network address can effectively reduce the number of access control rules which can eventually lower the administration cost.

VPC TOPOLOGY

• In the above example VPC topology, There are two zones named Zone A & Zone B in the Mumbai Region.
• There are two instances named Instance 1 and Instance 2 and enclosed with the same V-switch.
• This V-switch is enclosed with VPC using V-Router.
• Another zone named Zone B which has two instances named instance 3 and instance 4.
• These two instances are enclosed with different V-switches.
• VPC can enclose different V-switches from different zones. We can use the V-Router to connect these V-Switches at the same time.
• We can hybrid the customer datacenter with VPC using a VPN (or) dedicated line.

ELASTIC PUBLIC IP (EIP)

• The resources in the VPC are assigned with Internet IP which is only valid inside the VPC.
• If we want to access our ECS resources through the internet, we can buy the instance with EIP.
• Once we purchase the EIP, we can bind to VPC type ECS instances inside the same region.

VPC KEY COMPONENTS

• Virtual Switch is the basic network device of a VPC. It used to connect different cloud product instances in a subnet within a VPC.
• You can assign one (or) more virtual switches inside an availability zone.
• Virtual Router is a hub in the VPC the connects all the virtual switches in the VPC.
• It serves as a gateway device that connects the VPC to other networks.

SECURITY GROUP FEATURES

• The security group is similar to a firewall.
• We can specify one or more firewall rules in a security group including a network protocol, port, and source IP.
• These rules are effective for all instances within the security group.
• Every instance belongs to at least one security group.
• A security group can isolate different users. For example, the instances that belong to different users can be placed in different security groups.
• Each user can have up to 100 security groups. Each group can contain up to 1000 instances.
• A single instance can join up to 5 security groups.
• Each security group will have a maximum of 100 rules.
• Alibaba cloud will create a default security group for each user.
• This security group allows a public internet connection.

REFERENCE

https://www.alibabacloud.com/help/doc-detail/34217.htm

Thanks for reading this blog. We hope it was useful for you to learn about the Alibaba cloud networking Overview.