百度智能云

All Product Document

          Virtual Private Cloud

          Core Concepts

          Private Network

          Virtual Private Cloud (VPC) is a virtual network that users can customize to help users build their own network environment. You can quickly create a VPC by specifying configurations such as the IP address range and subnet. Different VPC are completely isolated. Users can create and manage BCC instances in the VPC.

          Subnet

          A subnet is a user-definable range of IP addresses within a VPC. Depending on business needs, CIDR (Classless Inter-Domain Routing) can specify different address spaces and IP segments. In the future, users can use the subnet as a unit to define Internet access permissions, routing rules, and security policies.

          Routing Table

          A routing table is a list of managed routing entries on a router.

          Security Group

          The security group is a security firewall created in BCC instances and DCC exclusive instances in the VPC network, and defines the ingress and egress access policies for IP+port.

          • One default security group is created by default while the VPC is created.
          • The users can create a custom VPC, and should specify the security group which the BCC instance is associated with when adding one BCC instance to the VPC, or the BCC instance is only associated with the default security group under the VPC.

          ACL

          Access control list, as a firewall component applied on a subnet, helps users implement subnet-level security access control.

          Routing Table

          A routing table is a list of managed routing entries on a router.

          Elastic Network Interface Card

          The elastic network interface card (ENIC) is a kind of elastic network interface for mounting cloud hosts, and can be freely migrate among multiple cloud hosts. Multiple elastic network interface cards can be bound to the cloud host to realize a high-availability network plan; or multiple intranet IPs can be bound to the elastic network interface card to realize the multi-IP deployment in the single host.

          Service Network Interface Card

          The service network interface card (SNIC) maps the VPC external services such as BOS to the internal VPC. The users can conveniently and securely access these services by the intranet within VPC or at the opposite terminal of the mixed cloud.

          IPv6 Gateway

          IPv6 gateway is the general outlet for private network to access the public network through IPv6. You can purchase the IPv6 public network bandwidth on demand, and flexibly configure the internet outgoing bandwidth and incoming bandwidth of IPv6 by configuring the "Outgoing only and no Incoming" policy and IP speed limit.

          NAT Gateway

          The network address translation (NAT) gateway provides Internet access services for the virtual private cloud, supports SNAT and DNAT, and enables multiple cloud servers to share public network IP resources to access Internet, and the cloud server to provide Internet services. The NAT gateway can bind EIP instances and shared bandwidth packets to implement a many-to-one or many-to-many address translation service from the internal network IP to the public network IP for the cloud server.

          VPN Gateway

          By the virtual private network (VPN) services, the VPN tunnels are built quickly and flexibly for Baidu AI Cloud and multiple data centers of customers to realize the hybrid cloud. Baidu AI Cloud VPN Gateway is implemented based on the highly reliable architecture of the active and standby mode, and supports functions such as automatic VPN health detection and automatic fault recovery.

          Peer-to-peer connection

          The peer-to-peer connection provides users with VPC-level network interconnection services, enabling users to implement traffic interconnection between different virtual networks, and realize stable and high-speed virtual network interconnection between the same region/cross region and the same user/different users.

          Express Tunnel Gateway

          The express tunnel gateway is an interface for VPC to connect the physical express tunnel.

          Flow Log

          The flow log is used to record the network traffic information sent and received by the instance of Baidu Cloud Compute in VPC, and can provide users with the capacity of traffic analysis, visualization, troubleshooting/positioning and network architecture optimization.

          Previous
          Introduction
          Next
          Advantages