All Documents
Current Document

Content is empty

If you don't find the content you expect, please try another search term

Documentation

Concepts

Last updated:2020-06-17 14:36:35

VPC and subnet

Region

Different regions are completely isolated from each other to ensure the maximum stability and fault tolerance. It is recommended that you choose a region close to your customers to reduce access latency and increase the download speed.

Availability zone

Availability zones refer to physical data centers located in the same region, with their electrical and network infrastructure isolated from each other. Different availability zones are provided with the aim to ensure the isolation of faults in a single availability zone (except for large-scale disasters or power failures) so that your services can continue to be running. You can launch instances in multiple availability zones to protect applications against affects of a fault in a single location and to ensure highly available services in the same region.

VPC

VPC can help you provision a logically isolated network section in Kingsoft Cloud. Software-defined networking allows you to flexibly define networks, IP addresses, route tables, and security policies. You can deploy various Kingsoft Cloud services in your customized virtual network, including KEC, EPC, SLB, and cloud databases. You can access the Internet by using EIP or NAT. You can also build a hybrid cloud by connecting a VPC to your existing data center through Direct Connect or VPN, achieving smooth migration to the cloud.

Basic network

A basic network is a public network resource pool for all users on Kingsoft Cloud. Kingsoft Cloud assigns private IP addresses for KEC instances in the resource pool.

Subnet

A subnet is an address space divided from a VPC. You can associate various Kingsoft Cloud services with a subnet. The following types of Kingsoft Cloud subnets are available:

  • Common subnet: You can associate KEC instances with common subnets.

  • Endpoint subnet: You can associate services such as KRDS with endpoint subnets.

  • Physical server subnet: You can associate EPC instances with physical server subnets.

CIDR block

CIDR blocks are address ranges and combine IP addresses and masks to divide a network. Take 10.1.0.0/16 as an example. 10.1.0.0 is the IP address section of the CIDR block, and 16 is the mask section of the CIDR block. You can set the mask to adjust the size of the CIDR block. The number of IP addresses included in the CIDR block is calculated in the following formula: Number of IP addresses = 2^(32-mask). The CIDR block 10.1.0.0/16 contains at most 65,536 IP addresses.

Private IP address

Private IP addresses cannot be used to access the Internet. They can be used for communication between instances in a VPC.

Public IP address

Public IP addresses can be used to access the Internet and are globally unique.

Route

Routes are rules that determine where network traffic is directed. Each route contains three parameters:

  • Destination CIDR Block: The destination CIDR block.
  • Next Hop Type: The next hop type can be Internet Gateway, Host Route, Peering, Direct Connect Gateway, or VPN Tunnel.
  • Next Hop: The next hop to which the traffic associated with the route is forwarded.

Internet access

EIP

An EIP is a public IP address with bandwidth. An EIP can be bound to a KEC instance, an EPC instance, or an SLB instance to enable the instance to access the Internet. The EIP can also be unbound from the instance.

NAT

NAT enables KEC instances or EPC instances in a VPC to access the Internet by converting network addresses. NAT provides up to 15 Gbit/s bandwidth, and supports multi-node hot standby to achieve high availability. If a single node fails, traffic is automatically switched, without affecting business.

Connection of your on-premises data center

On-premises data center

An on-premises data center is a set of IT facilities deployed outside of Kingsoft Cloud by a user.

IPsec

IPsec is a protocol suite that secures IP communication by verifying and encrypting each IP packet of data streams.

IPsec VPN

IPsec VPN is a way to connect your on-premises data center to a VPC by using an encrypted tunnel over the public network.

Direct Connect

You can use Direct Connect to connect your on-premises data center to a Kingsoft Cloud data center to enable interconnection between your data center and VPC.

Peering

Peering is used to connect different VPCs. After two VPCs establish a peering connection, resources such as KEC instances and EPC instances in the VPCs can communicate with each other.

Security

ACL

An ACL is a stateless security rule for subnets.

Security group

A security group is a stateful security rule for KEC instances.

On this page
Pure ModeNormal Mode

Pure Mode

Click to preview the document content in full screen
Feedback