All Documents
Current Document
Content is empty
If you don't find the content you expect, please try another search term
Content is empty
If you don't find the content you expect, please try another search term
Last updated:2024-03-15 16:31:32
a. Software-defined networking: VPC CIDR blocks, subnet CIDR blocks, and route tables can be customized.
VPC: A logically isolated virtual private network in Kingsoft Cloud.
Subnet: Continuous IP addresses in a VPC. Different subnets are isolated from each other.
Route: Defines the direction of network traffic within a VPC.
b. Access to the Internet
Network Address Translation (NAT): Allows cloud services in a VPC to access the Internet.
Elastic IP (EIP): Independent public IP address. EIP-attached cloud services can communicate with resources outside the VPC.
c. Connection of your data center
VPN: Connects your data center and a VPC by using an encrypted tunnel over the Internet.
Direct Connect: Connects your data center and a VPC by using a leased line.
d. Connection between VPCs
Peering: Connects two VPCs.
e. Security control
Security group: Server-level stateful virtual firewall that provides packet filtering. Security groups are used to control the inbound and outbound traffic of a single or multiple KEC instances, and can be accurate to protocol and port dimension.
ACL: Subnet-level stateless virtual firewall with optional packet filtering. ACLs are used to control data flows to and from subnets, and can be accurate to the protocol and port dimension.
You can use VPC through the Kingsoft Cloud console or OpenAPI.
Console operations
API actions
Demand | VPC feature |
|---|---|
Interconnection with the basic network | Internal leased line. To use the feature, contact Kingsoft Cloud Customer Service. |
Interconnection with the Internet | NAT and EIP. |
Interconnection with other VPCs | Peering. |
Interconnection with users' data centers | VPN and Direct Connect. |
For details, see Quota limits. If you require more resources, contact Kingsoft Cloud Customer Service.
A VPC can provide all the features that a basic network can provide without extra charge. A VPC can meet more network customization requirements.
Create a KEC instance and bind an EIP to the instance.
Find the KEC instance in the KEC console, and then choose More > Edit Firewall in the Operation column. The Security Group (Firewall) page appears.
Based on your business needs, configure the corresponding inbound rules to allow the corresponding protocol and port.
Common security group rules
A rule can be configured to allow any address to access the KEC instance. The rule may cause security risks. It is recommended that you configure security group rules as needed.
A rule can be configured to allow external resources to access the specified port of the KEC instance. For example, if a Linux KEC instance requires SSH, set the protocol to TCP, port to 22, and source IP address to 0.0.0.0/0. You can create such a rule to meet common requirements.
A rule can be configured to allow only specified IP addresses to access the specified port of the KEC instance. For example, the following figure represents that only 120.1.2.3/32 can access port 22 of the KEC instance. You can create such a rule to meet advanced requirements.
Pure Mode
