Communicating with Basic Network
Last updated: 2020-04-26 12:01:44PDF
Classiclink or terminal connection are two methods for interconnecting VPC resources and basic network resources.
By default, a VPC is a fully isolated network space that cannot interconnect with other VPC instances or the basic network through a private network. Peering connections enable different VPC instances to communicate with each other, and Classiclink enables VPC instances to communicate with the basic network.
As shown in the following figure, basic network CVMs can access cloud resources in a VPC, such as CVMs, cloud databases, private network CLBs, and cloud caches. However, the CVMs in the VPC can only access the basic network CVMs that are interconnected with it but not other computing resources within the basic network.
Classiclink is available only for intra-region interconnection.
Basic configuration impacts
- The private IP addresses of associated basic network CVMs will be automatically added to the local policy of the VPC's route table. In this way, CVMs in the VPC and CVMs in this basic network can communicate with each other, without needing to manually modify the route table policy in the current VPC.
- After the basic network CVM is associated with the VPC, their security firewalls and network ACLs remain effective.
You can configure the network ACL for the VPC subnet to restrict the access from the associated basic network CVM. You can also configure security group rules for CVMs in the basic network and VPC to restrict network access attempts in both directions.
- Only interconnection between VPC instances and the basic network in the same region is supported.
- The Classiclink feature is available only for VPC instances within the network segment of
10.[0-47].0.0/16. The IP range for VPC instances in other network segments may conflict with the basic network IP segment.
- A basic network CVM can be associated with one VPC at a time.
- A VPC can be associated with a maximum of 100 basic network CVMs.
- VPC resources can only access CVMs in the basic network rather than other resources in the basic network, such as cloud databases and CLBs.
- The CLB instance within a VPC cannot be bound to a basic network CVM interconnected with the same VPC.
- Changing the private IP address of a basic network CVM cancels the association with the VPC, which means the original association record will become invalid. Add the record again in VPC Console if you want to associate them again.
- The interconnection relationship with the VPC will not be unbound by actions taken regarding the CVM, such as isolation due to arrears, security isolation, cold migration, failover, configuration modification, and operating system switching.
- The interconnection relationship with the VPC will be automatically unbound if the CVM is returned.
- In Classiclink situations, the CVM traffic can only be routed to private IP addresses within the VPC, but not to destinations outside the VPC. That is, the basic network CVM cannot access the Internet or VPC resources outside the current VPC through network devices such as its VPN gateway, direct connect gateway, public gateway, peering connection, and NAT gateway. Likewise, the peer of a VPN gateway, direct connect gateway, and peering connection cannot access the basic network CVM.
For information on how to operate Classiclink, see Managing the Basic Network.
Terminal connection is another method to connect VPC instances and the basic network. It connects instances in a VPC and non-CVM instances in the basic network through a private network. Basic network products that support terminal connections include CLB, MySQL, Memcached, Redis, and MongoDB.
A terminal connection establishes mapping between basic network instance IP addresses and VPC IP addresses so that basic network instances can be accessed by accessing VPC IP addresses.
Cross-region or inter-account terminal connections are not supported. If you do need to establish a terminal connection in these situations, submit a ticket to apply for it.