Alibaba Cloud

Alibaba Cloud

Virtual Private
Virtual Private Cloud
Cloud
Quick Start
Quick Start

Document Version: 20200828

Document Version: 20200828

Virt ual Privat e Cloud Quick St art · Legal disclaimer

Legal disclaimer
Alibaba Cloud reminds you t o carefully read and fully underst and t he t erms and condit ions of t his legal
disclaimer before you read or use t his document . If you have read or used t his document , it shall be
deemed as your t ot al accept ance of t his legal disclaimer.

1. You shall download and obt ain t his document from t he Alibaba Cloud websit e or ot her Alibaba
Cloud-aut horized channels, and use t his document for your own legal business act ivit ies only. T he
cont ent of t his document is considered confident ial informat ion of Alibaba Cloud. You shall
st rict ly abide by t he confident ialit y obligat ions. No part of t his document shall be disclosed or
provided t o any t hird part y for use wit hout t he prior writ t en consent of Alibaba Cloud.

2. No part of t his document shall be excerpt ed, t ranslat ed, reproduced, t ransmit t ed, or
disseminat ed by any organizat ion, company or individual in any form or by any means wit hout t he
prior writ t en consent of Alibaba Cloud.

3. T he cont ent of t his document may be changed because of product version upgrade, adjust ment ,
or ot her reasons. Alibaba Cloud reserves t he right t o modify t he cont ent of t his document
wit hout not ice and an updat ed version of t his document will be released t hrough Alibaba Cloud-
aut horized channels from t ime t o t ime. You should pay at t ent ion t o t he version changes of t his
document as t hey occur and download and obt ain t he most up-t o-dat e version of t his document
from Alibaba Cloud-aut horized channels.

4. T his document serves only as a reference guide for your use of Alibaba Cloud product s and
services. Alibaba Cloud provides t his document based on t he "st at us quo", "being defect ive", and
"exist ing funct ions" of it s product s and services. Alibaba Cloud makes every effort t o provide
relevant operat ional guidance based on exist ing t echnologies. However, Alibaba Cloud hereby
makes a clear st at ement t hat it in no way guarant ees t he accuracy, int egrit y, applicabilit y, and
reliabilit y of t he cont ent of t his document , eit her explicit ly or implicit ly. Alibaba Cloud shall not
t ake legal responsibilit y for any errors or lost profit s incurred by any organizat ion, company, or
individual arising from download, use, or t rust in t his document . Alibaba Cloud shall not , under
any circumst ances, t ake responsibilit y for any indirect , consequent ial, punit ive, cont ingent ,
special, or punit ive damages, including lost profit s arising from t he use or t rust in t his document
(even if Alibaba Cloud has been not ified of t he possibilit y of such a loss).

5. By law, all t he cont ent s in Alibaba Cloud document s, including but not limit ed t o pict ures,
archit ect ure design, page layout , and t ext descript ion, are int ellect ual propert y of Alibaba Cloud
and/or it s affiliat es. T his int ellect ual propert y includes, but is not limit ed t o, t rademark right s,
pat ent right s, copyright s, and t rade secret s. No part of t his document shall be used, modified,
reproduced, publicly t ransmit t ed, changed, disseminat ed, dist ribut ed, or published wit hout t he
prior writ t en consent of Alibaba Cloud and/or it s affiliat es. T he names owned by Alibaba Cloud
shall not be used, published, or reproduced for market ing, advert ising, promot ion, or ot her
purposes wit hout t he prior writ t en consent of Alibaba Cloud. T he names owned by Alibaba Cloud
include, but are not limit ed t o, "Alibaba Cloud", "Aliyun", "HiChina", and ot her brands of Alibaba
Cloud and/or it s affiliat es, which appear separat ely or in combinat ion, as well as t he auxiliary
signs and pat t erns of t he preceding brands, or anyt hing similar t o t he company names, t rade
names, t rademarks, product or service names, domain names, pat t erns, logos, marks, signs, or
special descript ions t hat t hird part ies ident ify as Alibaba Cloud and/or it s affiliat es.

6. Please direct ly cont act Alibaba Cloud for any errors of t his document .

> Document Version:20200828 I

Virt ual Privat e Cloud Quick St art · Document convent ions

Document conventions
Style Description Example

A danger notice indicates a situation Danger:

Danger that will cause major system changes,
Resetting will result in the loss of
faults, physical injuries, and other
user configuration data.
adverse results.

Warning:
A warning notice indicates a situation
Warning that may cause major system changes, Restarting will cause business
faults, physical injuries, and other interruption. About 10 minutes are
adverse results. required to restart an instance.

A caution notice indicates warning Notice:

Notice information, supplementary
If the weight is set to 0, the server
instructions, and other content that
no longer receives new requests.
the user must understand.

Note:
A note indicates supplemental
Note instructions, best practices, tips, and You can use Ctrl + A to select all
other content. files.

Closing angle brackets are used to Click Settings> Network> Set network
>
indicate a multi-level menu cascade. type.

Bold formatting is used for buttons ,

Bold menus, page names, and other UI Click OK.
elements.

Run the cd /d C:/window command to

Courier font Courier font is used for commands
enter the Windows system folder.

bae log list --instanceid

Italic formatting is used for
Italic
parameters and variables. Instance_ID

T his format is used for an optional

[] or [a|b] value, where only one item can be ipconfig [-all|-t]
selected.

T his format is used for a required

{} or {a|b} value, where only one item can be switch {active|stand}
selected.

> Document Version:20200828 I

Virt ual Privat e Cloud Quick St art · T able of Cont ent s

Table of Contents
1.Set up network connections 05

2.Create an IPv4 VPC network 10

> Document Version:20200828 I

Virt ual Privat e Cloud Quick St art · Set up net work connect ions

1.Set up network connections

Before you create VPC networks and VSwitches, you must determine the number and CIDR
blocks of VPC networks and VSwitches based on your actual requirements.
How many VPC networks are required?
How many VSwitches are required?
How do I specify CIDR blocks?
How do I specify CIDR blocks if I want to connect a VPC network to other VPC networks or on-
premises data centers?

How many VPC networks are required?

One VPC network

We recommend that you create one VPC network if you do not need to deploy systems across
regions or separate these systems by using VPC networks.

Multiple VPC networks

We recommend that you create multiple VPC networks in any of the following scenarios:

> Document Version:20200828 5

Quick St art · Set up net work connect ions Virt ual Privat e Cloud

Deploy application systems across multiple regions

VPC networks are region-specific resources. You cannot deploy VPC networks across
regions. If you want to deploy your application systems in different regions, you must create
multiple VPC networks. You can use Express Connect, VPN Gateway, or Cloud Enterprise
Network to connect your VPC networks.

Separate different application systems

To separate different application systems, you must create multiple VPC networks. The
following figure shows an example of deploying the production environment and the test
environment in two VPC networks.

6 > Document Version:20200828

Virt ual Privat e Cloud Quick St art · Set up net work connect ions

How many VSwitches are required?

We recommend that you create at least two VSwitches for each VPC network and deploy the
VSwitches in different zones for cross-region disaster recovery.

We also recommend that you check the network latency between different zones in the same
region after you deploy your application systems. The network latency may be higher than
expected due to complicated systems calls or cross-zone calls. We recommend that you
optimize and adjust your systems to find a solution on maintaining both high availability and low
latency.

The number of VSwitches required in the deployment also depends on the system size and
application system planning. If your frontend systems require disaster recovery and
communications with the Internet, you can connect the frontend systems to different VSwitches
and the backend systems to other VSwitches.

> Document Version:20200828 7

Quick St art · Set up net work connect ions Virt ual Privat e Cloud

How do I specify CIDR blocks?

You must specify the Classless Inter-Domain Routing (CIDR) blocks when you create VPC
networks and VSwitches.
CIDR blocks of VPC networks

You can use 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8, and the subsets of these CIDR blocks as
the CIDR blocks of your VPC networks. To plan the CIDR blocks of VPC networks, follow these
rules:

If you have only one VPC network that does not need to communicate with on-premises
data centers, you can use any of the preceding CIDR blocks or their subnets.
If you have multiple VPC networks, or you want to build a hybrid cloud that consists of VPC
networks and on-premises data centers, you can use a subset of the preceding CIDR blocks
as the CIDR block for your VPC network. In this case, the mask cannot be longer than 16 bits.
You must check whether a classic network is used before you specify the CIDR block for your
VPC network. If you plan to connect ECS instances in a classic network to your VPC network,
we recommend that you do not use the CIDR block 10.0.0.0/8. This CIDR block is used by the
classic network.

CIDR blocks of VSwitches

The CIDR block of a VSwitch must be a subset of the CIDR block of the VPC network to which
the VSwitch belongs. If the CIDR block of a VPC network is 192.168.0.0/16, the CIDR block of the
VSwitch that belongs to the VPC network can be from 192.168.0.0/17 to 192.168.0.0/29.

To plan CIDR blocks of VSwitches, follow these rules:

A VSwitch CIDR block with the mask ranging from 16-bit to 29-bit can provide 8 to 65536 IP
addresses. This range is set because a 16-bit mask can provide IP addresses to support
65,532 ECS instances, but a mask smaller than 29 bits cannot provide sufficient IP addresses.
The first IP address and the last three IP addresses of each VSwitch CIDR block are reserved
for the system. For example, if the CIDR block of a VSwitch is 192.168.1.0/24, the IP addresses
192.168.1.0, 192.168.1.253, 192.168.1.254, and 192.168.1.255 are reserved.
The ClassicLink feature allows ECS instances in a classic network to communicate with ECS
instances in a VPC network whose CIDR blocks are 192.168.0.0/16, 10.0.0.0/8, and
172.16.0.0/12. If you want to connect an ECS instance of a VSwitch in a VPC network to an
ECS instance in the classic network, and the CIDR block of the VPC network is 10.0.0.0/8, the
CIDR block of the VSwitch must be 10.111.0.0/16. For more information, see Overview.
When you plan the CIDR block of a VSwitch, you must also check the number of ECS
instances in the VSwitch.

How do I specify CIDR blocks if I want to connect a VPC network to other

VPC networks or on-premises data centers?
To connect a VPC network to other VPC networks or on-premises data centers, make sure that
the CIDR block of the VPC network does not overlap with that of the target network.

8 > Document Version:20200828

Virt ual Privat e Cloud Quick St art · Set up net work connect ions

The following example shows three VPC networks deployed in three regions: VPC1 in China
(Hangzhou), VPC2 in China (Beijing), and VPC3 in China (Shenzhen). VPC1 and VPC2 are
connected through Express Connect. VPC3 may be connected to VPC2 in the future. An on-
premises data center is located in China (Shanghai). You must connect the data center to VPC1
through physical connections of Express Connect.

In this example, VPC1 and VPC2 have different CIDR blocks configured. VPC2 and VPC3 have the
same CIDR block configured, because currently VPC3 does not need to communicate with VPC1
or VPC2. However, the VSwitches in VPC2 and VPC3 use different CIDR blocks. This allows the
two VPCs to communicate with each other in the future. VPC networks that need to
communicate with each other can have the same CIDR block, but their VSwitches cannot have
the same CIDR block.

When you specify the CIDR blocks for multiple VPC networks to allow them to communicate with
other VPC networks or on-premises data centers, follow these rules:

Try to specify different CIDR blocks for different VPC networks. You can use the subsets of the
standard CIDR blocks to increase the number of available CIDR blocks for VPC networks.
If you cannot specify different CIDR blocks for different VPC networks, try to use different CIDR
blocks for VSwitches of different VPC networks.
If you cannot use different CIDR blocks for all VSwitches of different VPC networks, make sure
that the VSwitches that need to communicate with each other use different CIDR blocks.

> Document Version:20200828 9

Quick St art · Creat e an IPv4 VPC net work Virt ual Privat e Cloud

2.Create an IPv4 VPC network

This topic describes how to create a Virtual Private Cloud (VPC) network with an IPv4 CIDR block.
After you create a VPC network, you can create Elastic Compute Service (ECS) instances in the
VPC network, and associate elastic IP addresses (EIPs) with the ECS instances to enable the ECS
instances to access the Internet.

Prerequisites
To deploy cloud resources in a VPC network, you must first set up network connections. For more
information, see Set up network connections.

Step 1: Create a VPC network and a VSwitch

To create a VPC network and a VSwitch, perform the following steps:

1. Log on to the VPC console.

2. In the top navigation bar, select the region where you want to deploy the VPC network.

The VPC network and the cloud resources that you want to deploy must be created in the
same region. China (Qingdao) is selected in this topic.

3. On the VPCs page, click Create VPC.

4. In the Create VPC dialog box, set the following parameters of the VPC network and the
VSwitch, and click OK.

Parameter Description

VPC

Region T he region where the VPC is to be deployed.

Enter a name for the VPC.

T he name must be 2 to 128 characters in length and can contain letters,

Name
Chinese characters, digits, underscores (_), and hyphens (-). It must
start with a letter or a Chinese character.

Select the primary IPv4 CIDR block for the VPC. T he following setting
methods are supported:
Recommended CIDR Block: Enter 192.168.0.0/16, 172.16.0.0/12, or
10.0.0.0/8.
Custom CIDR Block: Enter 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8, or a
subset of these CIDR blocks as the primary IPv4 CIDR block of the VPC.
T he subnet mask must be 8 to 24 bits in length. For example, enter
IPv4 CIDR Block 192.168.0.0/16. If you want to use a public CIDR block as the CIDR block
of the VPC, submit a ticket.

Notice After you create a VPC, you cannot change its primary
IPv4 CIDR block. However, you can add a secondary IPv4 CIDR block
to the VPC. For more information, see Add a secondary IPv4 CIDR
block.

10 > Document Version:20200828

Virt ual Privat e Cloud Quick St art · Creat e an IPv4 VPC net work

Parameter Description

Enter a description for the VPC network.

Description T he description must be 2 to 256 characters in length and cannot start

with http:// or https:// .

VSwitch

Enter a name for the VSwitch.

T he name must be 2 to 128 characters in length and can contain letters,

Name
Chinese characters, digits, underscores (_), and hyphens (-). It must
start with a letter or a Chinese character.

Select a zone to deploy the VSwitch. VSwitches within a VPC can

Zone
communicate with each other across zones over the private network.

Displays the types of cloud resources that you can create in the zone.

T he supported cloud resources vary, depending on the zone and the

Zone Resources time when you want to create cloud resources. T he buy page displays
which cloud instances are available. Currently, you can check the
availability of ECS, RDS, and SLB instances on the buy page.

Enter an IPv4 CIDR block for the VSwitch.

Note the following limits when you specify an IPv4 CIDR block:

T he CIDR block of a VSwitch must be a subset of the CIDR block of the

VPC this VSwitch resides in.

For example, if the CIDR block of a VPC is 192.168.0.0/16, the CIDR

block of a VSwitch in the VPC must be a segment from 192.168.0.0/17
to 192.168.0.0/29.

T he first and the last three IP addresses in each VSwitch CIDR block
are reserved by the system.

For example, if the VSwitch CIDR block is 192.168.1.0/24, the IP

IPv4 CIDR Block
addresses 192.168.1.0, 192.168.1.253, 192.168.1.254, and 192.168.1.255
are reserved.

If a VSwitch needs to communicate with the VSwitches in other VPCs

or on-premises data centers, you must make sure that the CIDR
blocks involved do not conflict with each other.

Notice After you create a VSwitch, you cannot modify its CIDR
block.

Number of Available
Displays the number of available IP addresses.
Private IPs

> Document Version:20200828 11

Quick St art · Creat e an IPv4 VPC net work Virt ual Privat e Cloud

Parameter Description

Enter a description for the VSwitch.

Description T he description must be 2 to 256 characters in length and cannot start

with http:// or https:// .

Step 2: Create an ECS instance

To create an ECS instance in the created VPC network, perform the following steps:

1. Log on to the VPC console.

2. In the left-side navigation pane, click VSwitches.
3. In the top navigation bar, select the region where the VSwitch is deployed. China (Qingdao)
is selected in this topic.
4. On the VSwitches page, find the target VSwitch, and choose Create > ECS Instance in the
Actions column.
5. On the Custom Launch tab, set the following parameters of the ECS instance.

For more information about how to configure an ECS instance, see Create an instance by using
the provided wizard.

Network Type: Select the VPC network and VSwitch that you have created.
Public IP Address: Clear the check box.
Security Group: Use the default security group.
6. Click Create Order and complete the payment.
7. Log on to the ECS console. In the left-side navigation pane, click Instances. On the Instances
page, view details of the created ECS instance.

12 > Document Version:20200828

Virt ual Privat e Cloud Quick St art · Creat e an IPv4 VPC net work

Step 3: Create an EIP and associate it with the ECS instance

An EIP is a public IP address resource that can be purchased and held as an independent
resource. You can associate EIPs with ECS instances in a VPC network to enable the ECS
instances to access the Internet.

To create an EIP and associate it with the ECS instance, perform the following steps:

1. Log on to the VPC console.

2. In the left-side navigation pane, choose Elastic IP Addresses > Elastic IP Addresses.
3. On the Elastic IP Addresses page, click Create EIP.
4. On the Elastic IP page, set the parameters of the EIP, click Buy Now, and complete the
payment.For more information, see Purchase a new Elastic IP address.
5. On the Elastic IP Addresses page, find the target EIP, and click Bind Resource in the Actions
column.
6. In the Bind Elastic IP Address to Resources dialog box, set the following parameters and
click OK.
Instance Type: Select ECS Instance from the drop-down list.
Binding mode: Select a mode in which the EIP is associated with the ECS instance.

Only Normal is supported.

Select an instance to bind: Select the ECS instance to be associated.

Step 4: Test the network connectivity

To test the network connectivity of the ECS instance, perform the following steps:

1. Log on to the ECS instance that is associated with the EIP.

2. Run the ping command to test the network connectivity between the ECS instance and
the Internet.The test result indicates that the ECS instance can access the Internet.

> Document Version:20200828 13