A region refers to a geographical location where Tencent Cloud data center is hosted. There are multiple availability zones in a region. For example, the region of a hosted data center is Beijing, and its availability zone is Beijing Zone 1. The cloud service products in the same region can communicate with each other through private network, but those in different regions cannot. Thus, it is recommended to choose the region that is closest to your customers to minimize the access latency and improve download speed. Click here to view the region selection guide.
A zone refer to a physical area (generally a physical data center) with an independent power supply and network in a single region (like Guangzhou), such as Guangzhou Zone 1. In this way, failure isolation can be achieved between different zones (except for large-scale disaster failure). For example, if you have deployed the same service in Zone 1 and Zone 2, the power failure in Zone 1 will not affect Zone 2, thus providing you with stable and highly available services. Click here to view the region selection guide.
Tencent Cloud Virtual Private Cloud can help you build an independent network space on Tencent Cloud, similar to the traditional network you run in the data center. The service resources hosted in Tencent Cloud VPC include: Cloud Virtual Machine, Cloud Load Balance, Cloud Database and other resources of Cloud Services on your Tencent Cloud. You don't need to consider the purchase and O&M of network devices, but focus on the customization of network segmentation, IP address, routing policy, etc. using software. You can access the Internet easily via Elastic IP, NAT Gateway and Public Network Gateway, and connect VPC with your data centers via VPN/Direct Connect. Also, Tencent Cloud VPC Peering Connection can help you achieve "one server covering the globe" and disaster recovery at "two regions, three centers". In addition, the Security Group and Network ACL on Tencent Cloud VPC can satisfy your network security requirement in a multi-dimensional and all-round manner.
The basic network is the resource pool of public network for all users on Tencent Cloud. The private IP addresses of CVM in the resource pool are assigned by Tencent Cloud. It is easy to configure and convenient to use, suitable for scenarios that have high usability requirements and need to get started with the CVM quickly. By contrast, the VPC is more suitable for customers with network management capabilities and demands. Click here to view the difference between VPC and basic network.
A subnet is a flexible division of VPC network segments that allows you to deploy applications and services across different subnets and host multi-layer Web applications safely and flexibly on Tencent Cloud VPC.
CIDR achieves the overall division of network with independent network space address blocks specified by you using the combination of IPs and masks. Take "10.1.0.0/16" as an example. The string to the left of the slash is the IP of the network block, and the string to the right is the mask of network block. You can resize the network block by setting the length of mask. The IPs contained in the network block = 2 ^ (32-mask length), so the "10.1.0.0/16" network block contains a maximum of 65,536 IP addresses. Click here to view CIDR details.
A private IP is an IP address assigned to an instance in Tencent Cloud VPC or basic network, which cannot be accessed via the Internet. But you can use it for communication between instances in VPC or basic network.
A public IP address can be accessed via the Internet and you can use it for communication between your instances and the Internet or between other Tencent Cloud resources (such as CDBs) with common terminal nodes.
A routing table consists of a series of routing policies, which are used to define the traffic direction of each subnet within the VPC. A subnet can be associated with only one routing table, but a routing table can be associated with multiple subnets in the same VPC.
Routing policies are used to specify the routing of network traffic, each of which contains three parameters:
A elastic IP is a public IP address that can be applied for independently. It supports dynamic binding and unbinding. You can bind or unbind it to the CVM (or NAT gateway instance) in the account to:
A public network gateway is a type of CVM which is able to forward the traffic between the Internet and VPCs. A CVM without a public IP can access the Internet via public network gateway.
NAT gateway can translate private and public IP addresses within a VPC when the private and public networks are isolated, allowing VPC to access the Internet. NAT gateway supports a maximum of 5Gbps traffic surge and 10,000,000 concurrent connections. As a highly available gateway, NAT gateway also provides master/slave hot backup, by which the failed one will be automatically switched to the slave without affecting your use of services.
User Internet Data Center (IDC) is a full set of IT infrastructure deployed outside Tencent Cloud.
IPsec is a protocol suite that secures Internet Protocol (IP) communication by authenticating and encrypting each IP packet of traffic.
IPsec VPN is a method to connect your IDC and VPC through public network encrypted tunnel. Tencent Cloud VPC IPsec VPN connection consists of the following components:
Direct Connect provides a fast approach to connect Tencent Cloud with local data centers. You can have access to Tencent Cloud computing resources in multiple regions in one go using a physical direct connection line, to achieve a flexible and reliable hybrid cloud deployment. Direct Connect supports the connection method of dual-line hot backup without SPOF to meet high network interconnection requirements of fields such as finance. It consists of three components:
Peering connection is the connection established by different VPCs that can be used to connect the traffic between VPCs of different accounts or regions. You can use it to connect the IP traffic between VPCs that establish peering connections, after which the resources (such as CVMs and cloud databases) from the two ends will be able to access each other.
Classiclink refers to the interconnection of cloud services between Tencent Cloud VPC and basic network. The basic network Cloud Virtual Machine (CVM) interconnected with VPC can actively access such computing resources as CVM, Cloud Database within VPC via private network. The CVM in the VPC can also actively access the basic network CVM via private network.
Access Control List (ACL) is a stateless optional layer of security at the subnet level which can be used as a firewall to control the traffic in and out of subnets (accuracy up to protocol and port dimensions). In addition, the network ACL can restrict the network traffic and improve the network performance.
Security group a virtual firewall with stateful packet filtering feature, which is used to set network access control for one or more CVM(s). You can add CVM instances with the same network security isolation requirements in the same region to the same security group, to securely filter the inbound and outbound traffic of the CVM through the network policies of the security group.