All Documents
Current Document
Content is empty
If you don't find the content you expect, please try another search term
Content is empty
If you don't find the content you expect, please try another search term
Last updated:2020-06-17 14:36:35
Different regions are completely isolated from each other to ensure the maximum stability and fault tolerance. It is recommended that you choose a region close to your customers to reduce access latency and increase the download speed.
Availability zones refer to physical data centers located in the same region, with their electrical and network infrastructure isolated from each other. Different availability zones are provided with the aim to ensure the isolation of faults in a single availability zone (except for large-scale disasters or power failures) so that your services can continue to be running. You can launch instances in multiple availability zones to protect applications against affects of a fault in a single location and to ensure highly available services in the same region.
VPC can help you provision a logically isolated network section in Kingsoft Cloud. Software-defined networking allows you to flexibly define networks, IP addresses, route tables, and security policies. You can deploy various Kingsoft Cloud services in your customized virtual network, including KEC, EPC, SLB, and cloud databases. You can access the Internet by using EIP or NAT. You can also build a hybrid cloud by connecting a VPC to your existing data center through Direct Connect or VPN, achieving smooth migration to the cloud.
A basic network is a public network resource pool for all users on Kingsoft Cloud. Kingsoft Cloud assigns private IP addresses for KEC instances in the resource pool.
A subnet is an address space divided from a VPC. You can associate various Kingsoft Cloud services with a subnet. The following types of Kingsoft Cloud subnets are available:
Common subnet: You can associate KEC instances with common subnets.
Endpoint subnet: You can associate services such as KRDS with endpoint subnets.
CIDR blocks are address ranges and combine IP addresses and masks to divide a network. Take 10.1.0.0/16 as an example. 10.1.0.0 is the IP address section of the CIDR block, and 16 is the mask section of the CIDR block. You can set the mask to adjust the size of the CIDR block. The number of IP addresses included in the CIDR block is calculated in the following formula: Number of IP addresses = 2^(32-mask). The CIDR block 10.1.0.0/16 contains at most 65,536 IP addresses.
Private IP addresses cannot be used to access the Internet. They can be used for communication between instances in a VPC.
Public IP addresses can be used to access the Internet and are globally unique.
Routes are rules that determine where network traffic is directed. Each route contains three parameters:
An EIP is a public IP address with bandwidth. An EIP can be bound to a KEC instance, an EPC instance, or an SLB instance to enable the instance to access the Internet. The EIP can also be unbound from the instance.
NAT enables KEC instances or EPC instances in a VPC to access the Internet by converting network addresses. NAT provides up to 15 Gbit/s bandwidth, and supports multi-node hot standby to achieve high availability. If a single node fails, traffic is automatically switched, without affecting business.
An on-premises data center is a set of IT facilities deployed outside of Kingsoft Cloud by a user.
IPsec is a protocol suite that secures IP communication by verifying and encrypting each IP packet of data streams.
IPsec VPN is a way to connect your on-premises data center to a VPC by using an encrypted tunnel over the public network.
You can use Direct Connect to connect your on-premises data center to a Kingsoft Cloud data center to enable interconnection between your data center and VPC.
Peering is used to connect different VPCs. After two VPCs establish a peering connection, resources such as KEC instances and EPC instances in the VPCs can communicate with each other.
An ACL is a stateless security rule for subnets.
A security group is a stateful security rule for KEC instances.
Pure Mode
