A virtual private cloud (VPC) builds a separate network space in Tencent Cloud, which is very similar to a traditional network run in your IDC, except that the services hosted in a VPC are your Tencent Cloud services such as Cloud Virtual Machine, Cloud Load Balancer, and TencentDB. You do not need to worry about the procurement and OPS of network devices; instead, you only need to customize IP ranges, IP addresses, routing policies, etc. through easy-to-use software programs. You can use EIPs, NAT gateways, and public gateways to flexibly access the internet or interconnect a VPC with your IDC through VPN or Direct Connect. In addition, VPC’s Peering Connection can help you easily implement a unified server for global access and 2-region-3-DC disaster recovery, and the security groups and network ACLs features of VPC ensures comprehensive network security.
Security Group is a virtual firewall with the state-based packet filtering feature, which is used to set network access control for one or more CVMs. You can add CVM instances with the same network security isolation requirements within the same region to the same security group, and filter the inbound and outbound traffic of the CVMs based on the network policies of the security group.
A route table contains a set of routing policies for defining the network traffic direction of each subnet in a VPC. Each subnet is associated with one and only one route table, while each route table can be associated with multiple subnets in the same VPC.
A private IP is an IP address assigned to an instance in Tencent Cloud VPC or the basic network, which cannot be accessed via the Internet but can be used for communications between instances in VPC or the basic network.
An elastic IP (EIP) is a public IP address that can be applied for independently. It supports dynamic binding and unbinding. You can bind an EIP to or unbind it from a CVM (or NAT gateway instance) in the account. Main functions:1. To retain an IP. ICP domain name filing is required for the mapping between IPs and DNS in China.2. To shield off instance failures. For example, a DNS name is mapped to an IP address through dynamic DNS mapping. It may take up to 24 hours to propagate this mapping to the entire Internet, while elastic IP enables the drift of an IP from one CVM to another. In case of a CVM failure, you just need to start another instance and remap it, thus responding rapidly to the instance failure.
A subnet is a flexible way to segment a VPC into different IP ranges. Applications and services can be deployed in different subnets to securely and elastically host multi-layer web applications in a VPC.