The origin and analysis of VPC in cloud computing

The origin and analysis of VPC in cloud computing

When we buy cloud hosts, whether it is domestic Alibaba Cloud or Google cloud host Amazon, ARM hostingwe will encounter a concept of creating hosts in the purchase process: VPC. What is a VPC and why do I need to configure one when creating a host?

VPC stands for Virtual Private Cloud. In Chinese, some are called private network, and some are called private network. The core is that one or more machines (or other resources) that you can buy can be partitioned into a private network, isolated from other users. You can also isolate your own machine with multiple resources (if you need to). VPC is a technology that accompanies cloud computing. It is created to solve the functions, security, and flexibility that traditional networks cannot meet in the cloud environment.

VPC Origin

General networks, such as our home network, Cloud platfrom providerwill configure the information network in the router for the address segment, such as the common 192.168... , or 10.*.*.*. When there is a computer or mobile phone access to the router, the router will assign these teaching equipment resources to the students as an IP address in a network segment, these system devices are in this network segment (subnet), the development of the relationship between our own home devices can learn to communicate with each other, the computer company can see the photos in the NAS, the mobile phone market can project the screen to the TV.

What if it's in the server room? virtual private cloudThe server connects to the switch, and the router connects to the switch. Servers in the same router can communicate with each other. If you want to be isolated, like servers for different users are isolated under a router, or servers for different services for the same user are isolated from each other, you can create vlans for each server that you want to isolate, allowing servers in the same VLAN to communicate with each other, while servers belonging to different vlans are isolated from each other and cannot communicate.

What about cloud computing? Common vlans cannot meet the requirements of cloud computing.

The number of vlans is limited. Only 4000 vlans can be created.

The volume of cloud computing is large, the number of users is far more than 4000, and some users only have one or two hosts, and the number limit is even more difficult.

vlan configuration is complex and inflexible.

Limited to physical networks that cannot cross geographical locations. If the server in room A and the database server in room B are the same server, they must be distributed on the same network.

To this end, cloud computing leader Amazon first used VPC technology in 2010 (of course, it was not called VPC at the time). Currently, VPCS are basically based on overlay technology, building a two-layer network on top of a three-layer network.

AWS VPC

What can a VPC do

With VPCS, cloud providers can make our end-user network configurations more flexible, secure, and scalable. Each user can define the network according to the service and security requirements: select a private network segment, the size of the network segment, the service needs more hosts, you can configure a large network segment; Flexibly realize network isolation of different services between tenants and individual tenants, and formulate corresponding security policies; Eliminate the big two-layer problem, that is, in the LAN, there is no ARP broadcast, stealth reduces network failures. In a traditional network, the IP address of the device that accesses the network is used for addressing. However, the IP address of the device that accesses the network in a VPC is only a logical label. The specific address is controlled by the mapping service at the core layer of the VPC.

Virtual private cloud (VPC) is implemented using software. Traditional routers and switches can be virtualized and abstracts into the mapping relationships in the preceding mapping services so that target or source devices can be queried when network access devices communicate with each other in the future. Software-defined networking is SDN.

When creating a VPC, determine the private network segment and size to be used by the VPC. During the pre-development planning, determine the number of subnets that the enterprise estimates will be required and the number of devices that will enter the network in China. The virtual network switch is connected to the router, and the virtual user switch is connected to specific network access technology devices, such as ecs/ec2 and load balancing. A VPC has a virtual corporate router with 1 or more national virtual switches. In a VPC, you can define the information security Bureau to define intra-group access control policies.

If A large number of users are involved, you can create multiple VPCS, for example, one VPC for subsidiary A and one VPC for subsidiary B. An enterprise needs to communicate between the two VPCS. You can also use some technologies, such as a VPC gateway (with different cloud provider names), to connect the two VPCS. At the same time, some cloud vendors also allow users to connect VPCS to existing networks, such as their own IDC, or dial-up access via IPSec, a hybrid cloud computing network.

VPCS turn networks into cloud computing services, allowing us to achieve the same functionality as traditional networks deployed offline, but more convenient and flexible, and can be operated online. This is a significant upgrade over the classic networks used by cloud computing providers of the original statistical network, and can be scaled to make network configuration and distribution simpler to meet the needs of enterprises' complex network environments.