1. What are the components of VPC?
a. Software-defined networking: VPC CIDR blocks, subnet CIDR blocks, and route tables can be customized.
- VPC: A logically isolated virtual private network in Kingsoft Cloud.
- Subnet: Continuous IP addresses in a VPC. Different subnets are isolated from each other.
- Route: Defines the direction of network traffic within a VPC.
b. Access to the Internet
- Network Address Translation (NAT): Allows cloud services in a VPC to access the Internet.
- Elastic IP (EIP): Independent public IP address. EIP-attached cloud services can communicate with resources outside the VPC.
c. Connection of your data center
- VPN: Connects your data center and a VPC by using an encrypted tunnel over the Internet.
- Direct Connect: Connects your data center and a VPC by using a leased line.
d. Connection between VPCs
- Peering: Connects two VPCs.
e. Security control
- Security group: Server-level stateful virtual firewall that provides packet filtering. Security groups are used to control the inbound and outbound traffic of a single or multiple KEC instances, and can be accurate to protocol and port dimension.
- ACL: Subnet-level stateless virtual firewall with optional packet filtering. ACLs are used to control data flows to and from subnets, and can be accurate to the protocol and port dimension.
2. How do I start using VPC?
You can use VPC through the Kingsoft Cloud console or OpenAPI.
- Console operations
- API actions
3. Can a VPC communicate with a basic network, the Internet, other VPCs, or users’ on-premises data centers?
|Interconnection with the basic network
||Internal leased line. To use the feature, contact Kingsoft Cloud Customer Service.
|Interconnection with the Internet
||NAT and EIP.
|Interconnection with other VPCs
|Interconnection with users’ data centers
||VPN and Direct Connect.
4. How many VPC resources can I create?
For details, see Quota limits. If you require more resources, contact Kingsoft Cloud Customer Service.
5. What are the differences between a basic network and a VPC?
A VPC can provide all the features that a basic network can provide without extra charge.
A VPC can meet more network customization requirements. For more information, see Differences between a basic network and a VPC.
6. What can I do if I want to launch a service but cannot access KEC?
- Create a KEC instance and bind an EIP to the instance.
- Find the KEC instance in the KEC console, and then choose More > Edit Firewall in the Operation column. The Security Group (Firewall) page appears.
- Based on your business needs, configure the corresponding inbound rules to allow the corresponding protocol and port.
Common security group rules
A rule can be configured to allow any address to access the KEC instance. The rule may cause security risks. It is recommended that you configure security group rules as needed.
A rule can be configured to allow external resources to access the specified port of the KEC instance. For example, if a Linux KEC instance requires SSH, set the protocol to TCP, port to 22, and source IP address to 0.0.0.0/0. You can create such a rule to meet common requirements.
A rule can be configured to allow only specified IP addresses to access the specified port of the KEC instance. For example, the following figure represents that only 22.214.171.124/32 can access port 22 of the KEC instance. You can create such a rule to meet advanced requirements.