VPC FAQs

VPC VPC

  • API Reference
    • ACL-Related Interfaces
      • Add ACL rule
      • Delete ACL rules
      • Query ACL rules
      • Query ACL
      • Update ACL rules
    • API function release records
    • API Overview
    • Appendix
    • Common Headers and Error Responses
    • Dedicated Gateway-Related Interfaces
      • Bind physical dedicated line
      • Create dedicated gateway
      • Create health check for dedicated gateway
      • Query dedicated gateway details
      • Query dedicated gateway list
      • Release dedicated gateway
      • Unbind physical dedicated line
      • Update dedicated gateway
    • Elastic Network Interface-Related Interfaces
      • Add intranet IP to elastic network interface in batches
      • Add Secondary IP Address of Elastic Network Interface
      • Create elastic network interface
      • Delete elastic network interface
      • Delete Intranet IP from elastic network interface in batches
      • Delete Secondary IP Address of Elastic Network Interface
      • Elastic network interface binds to EIP
      • Elastic Network Interface Mounts Cloud Product Instance
      • Elastic network interface unbinds from EIP
      • Elastic Network Interface Unmounts Cloud Product Instance
      • Query elastic network interface list
      • Query elastic network interface status
      • Query the specified elastic network interface
      • Update elastic network interface with enterprise security group
      • Update elastic network interface with regular security group
      • Update elastic network interface
    • Gateway Bandwidth Limiting Rule Related Interfaces
      • Create gateway bandwidth limiting rules
      • Delete Gateway Bandwidth Limiting Rule
      • Modify Gateway Bandwidth Limiting Rule
      • View Gateway Bandwidth Limiting Rule
    • General Description
    • High-Availability Virtual IP Address(HAVIP) Related Interfaces
      • Bind EIP to high-availability virtual IP address
      • Bind instance to high-availability virtual IP address
      • Create high-availability virtual IP address
      • Delete high-availability virtual IP address
      • Query high-availability virtual IP address list
      • Query the specified high-availability virtual IP address
      • Unbind EIP from high-availability virtual IP address
      • Unbind instance from high-availability virtual IP address
      • Update high-availability virtual IP address
    • Interface Overview
    • IPv6 Gateway-Related Interfaces
      • Add IPv6 egress-only policy
      • Bandwidth resizing for IPv6 gateway
      • Create IPv6 gateway bandwidth limiting policy
      • Create IPv6 gateway
      • Delete IPv6 gateway bandwidth limiting policy
      • Delete IPv6 Gateway
      • Delete the IPv6 egress-only policy
      • Query IPv6 gateway bandwidth limiting policy list
      • Query IPv6 gateway
      • Query the IPv6 egress-only policy list
      • Update IPv6 gateway bandwidth limiting policy
      • Update the IPv6 gateway release protection switch
    • NAT Gateway-Related Interfaces
      • Bind DNAT EIP to the NAT gateway
      • Bind SNAT EIP to the NAT gateway
      • Create DNAT rules in batches
      • Create DNAT rules
      • Create NAT gateway
      • Create SNAT rules in batches
      • Create SNAT rules
      • Delete DNAT rules
      • Delete SNAT rules
      • NAT Gateway Binds EIP
      • NAT gateway renewal
      • NAT Gateway Resize
      • NAT Gateway Unbinds EIP
      • Query DNAT rules
      • Query NAT gateway details
      • Query NAT gateway list
      • Query SNAT rules
      • Release NAT gateway
      • Unbind DNAT EIP from the NAT gateway
      • Unbind SNAT EIP from the NAT gateway
      • Update DNAT rules
      • Update NAT Delete Protection Switch
      • Update NAT gateway name
      • Update SNAT rules
    • Network Detection Related Interfaces
      • Create Network Probe
      • Delete network probe
      • Query network probe details
      • Query network probe list.
      • Update probe
    • Parameter Template-Related Interfaces
      • Add IP addresses to the IP address family
      • Add IP addresses to the IP address group
      • Create IP address family
      • Create IP address set
      • Delete IP address family
      • Delete IP address from IP address group
      • Delete IP address set
      • Query IP address family list
      • Query IP address group list
      • Query specified IP address family
      • Query specified IP address group
      • Remove IP address group from IP address family
      • Update IP address family
      • Update IP address set
    • Peering Connections-Related Interfaces
      • Application to process the peering connection
      • Bandwidth resizing for peering connections
      • Create peering connections
      • Disable DNS synchronization for the peering connections.
      • Enable DNS synchronization for the peering connections
      • List of peering connections to be queried.
      • Peering connection renewal
      • Release peering connections
      • Update the local API name and remarks for peering connections
      • Update the peering connection release protection switch
      • View details of peering connection
    • Route Table Related Interfaces
      • Create route rules
      • Delete route rules
      • Primary-standby switch
      • Query route table
      • Query routing rules
      • Update route rules
    • Security Group Related Interfaces
      • Enterprise security group
        • Authorize enterprise security group rules
        • Create enterprise security group
        • Delete enterprise security group rules
        • Delete enterprise security group
        • Query enterprise security group list
        • Update enterprise security group rules
      • Regular security group
        • Authorize regular security group rules
        • Create regular security group
        • Delete regular security group rules
        • Delete regular security group
        • Query regular security group list
        • Revoke regular security group rules
        • Update regular security group rules
        • View security group details
    • Service domain
    • Service Network Interface Card (SNIC)-Related Interfaces
      • Create service network interface card
      • Delete service network interface card
      • Query mountable public services
      • Query service network interface card details
      • Query service network interface card list
      • Update regular security group for service network interface card
      • Update service network interface card with enterprise security group
      • Update the service network interface card
    • Subnet-Related Interfaces
      • Create reserved network segment
      • Create subnet
      • Delete reserved network segment
      • Delete subnet
      • Query specified subnet
      • Query subnet list
      • Query the reserved network segment list
      • Update subnet
    • VPC-Related Interfaces
      • Create VPC
      • Delete VPC
      • Open VPC relay
      • Query IP Usage by Products in VPC
      • Query specified VPC
      • Query VPC intranet IP
      • Query VPC list
      • Shut down VPC relay
      • Update VPC
    • VPN-Related Interfaces
      • Bind EIP
      • Create SSL VPN server
      • Create SSL VPN users in batches
      • Create VPN tunnel
      • Create VPN
      • Delete SSL VPN server
      • Delete SSL VPN user
      • Delete VPN tunnel
      • Query SSL-VPN server
      • Query SSL-VPN user
      • Query VPN details
      • Query VPN List
      • Query VPN tunnels
      • Release VPN
      • Unbind EIP
      • Update SSL VPN server
      • Update SSL VPN user
      • Update VPN release protection switch
      • Update VPN tunnel
      • Update VPN
      • VPN gateway renewal
    • High-Availability Virtual IP Address (HAVIP) Related Interfaces
      • Bind EIP to high-availability virtual IP address
      • Bind instance to high-availability virtual IP address
      • Create high-availability virtual IP address
      • Delete high-availability virtual IP address
      • Query high-availability virtual IP address list
      • Query the specified high-availability virtual IP address
      • Unbind EIP from high-availability virtual IP address
      • Unbind instance from high-availability virtual IP address
      • Update high-availability virtual IP address
  • FAQs
    • Common Questions Overview
    • NAT FAQs
    • Route Table FAQs
    • Service Network Interface Card(SNIC) Common Questions
    • VPC FAQs
    • VPN FAQs
    • Service Network Interface Card (SNIC) Common Questions
  • Function Release Records
  • Operation guide
    • Access control
      • ACL
      • Parameter Template
      • Security group
    • Identity and access management
    • Monitor and Operations
      • NAT Gateway Instance Diagnosis
    • Network Connection
      • Dedicated gateway
      • IPv6 gateway
      • Layer 2 Gateway
      • NAT Gateway
        • Private Network NAT(Network Address Translation) Gateway
        • Public Network NAT(Network Address Translation) Gateway
        • Private Network NAT (Network Address Translation) Gateway
        • Public Network NAT (Network Address Translation) Gateway
      • Peering Connections
      • VPN Gateway
        • GRE VPN Gateway
        • IPsec VPN Gateway
        • SSL VPN Gateway
    • Network Diagnostics
      • Flow log
      • Gateway bandwidth limiting
      • Network probe
      • Path analysis
      • Port verification
      • Traffic monitor
    • Network interface card
      • Elastic network interface
      • High-availability virtual IP address (HAVIP)
      • Service network interface card
    • Network topology
    • Route table
    • Subnet
    • Tag Management
    • Using IPv6
    • VPC
  • Product Description
    • Application scenarios
    • Product advantages
    • Product features
    • Product Introduction
    • Related concepts
    • Usage restrictions
  • Product pricing
  • SDK
    • Go-SDK
      • ACL
      • Dedicated gateway
      • Elastic network interface
      • Exception handling
      • High-availability virtual IP address (HAVIP)
      • Initialization
      • Install the SDK Package
      • IPv6Gateway
      • NAT
      • Network probe
      • Overview
      • Peering Connections
      • Route
      • Security group
        • Enterprise security group
        • Regular security group
      • Service network interface card
      • Subnet
      • VPC
      • VPN
    • Java-SDK
      • ACL
      • Dedicated gateway
      • Elastic network interface
      • Enterprise security group
      • High-availability virtual IP address (HAVIP)
      • Install the SDK Package
      • IPv6 gateway
      • NAT
      • Network probe
      • Overview
      • Parameter Template
      • Peering Connections
      • Regular security group
      • Route
      • Service network interface card
      • Subnet
      • Version history
      • vpc
      • VPN
    • PHP-SDK
      • ACL
      • Install the SDK Package
      • NAT
      • Overview
      • Peering Connections
      • Route
      • Security group
      • Subnet
      • Version history
      • vpc
    • Python-SDK
      • ACL
      • Dedicated gateway
      • Elastic network interface
      • Enterprise security group
      • High-availability virtual IP address (HAVIP)
      • Install the SDK Package
      • IPv6Gateway
      • NAT
      • Network probe
      • Overview
      • Peering Connections
      • Route
      • Security group
      • Service network interface card
      • Subnet
      • Version history
      • VPC
      • VPN
  • Service Level Agreement (SLA)
    • IPv6 Gateway Service Level Agreement SLA
    • NAT(Network Address Translation) Gateway Service Level Agreement SLA
    • Peering Connections Service Level Agreement SLA
    • Service Network Interface Card(SNIC) Service Level Agreement SLA
    • VPN Gateway Service Level Agreement SLA
    • NAT (Network Address Translation) Gateway Service Level Agreement SLA
    • Service Network Interface Card (SNIC) Service Level Agreement SLA
  • Typical Practices
    • Configure Custom Service and Use Service Network Interface Card(SNIC) to Provide Service for Other VPCs
    • HAVIP Combined with Keepalived to Achieve Master-Backup Multi-Machine High Availability
    • Layer 2 Gateway Combined with Dedicated Line Access ET to Build Large Layer 2 Network Between IDC and Cloud VPC
    • Network Layer Security Description
    • Peering Connections Typical Practice
    • Security Group Configuration Practice (Advanced Level)
    • Security Group Configuration Practice (Beginner Level)
    • Typical Practice of Managing Elastic Network Interface Using Terraform
    • Typical Practice of Managing IPsec VPN Gateway Using Terraform
    • Using Keepalived in VPC to Achieve High-Availability Architecture
    • VPC Custom Route Table to Achieve Secure Traffic Mutual Access
    • Windows Using HAVIP to Configure Master-Backup Multi-Machine
    • Configure Custom Service and Use Service Network Interface Card (SNIC) to Provide Service for Other VPCs
  • VPC CLI
    • Configure BCE-CLI
    • Install BCE-CLI
    • Route Table Related Operations
    • Subnet Related Operations
    • Using VPC Service via CLI
    • Version Change Records
    • VPC Related Operations
All documents
menu
No results found, please re-enter

VPC VPC

  • API Reference
    • ACL-Related Interfaces
      • Add ACL rule
      • Delete ACL rules
      • Query ACL rules
      • Query ACL
      • Update ACL rules
    • API function release records
    • API Overview
    • Appendix
    • Common Headers and Error Responses
    • Dedicated Gateway-Related Interfaces
      • Bind physical dedicated line
      • Create dedicated gateway
      • Create health check for dedicated gateway
      • Query dedicated gateway details
      • Query dedicated gateway list
      • Release dedicated gateway
      • Unbind physical dedicated line
      • Update dedicated gateway
    • Elastic Network Interface-Related Interfaces
      • Add intranet IP to elastic network interface in batches
      • Add Secondary IP Address of Elastic Network Interface
      • Create elastic network interface
      • Delete elastic network interface
      • Delete Intranet IP from elastic network interface in batches
      • Delete Secondary IP Address of Elastic Network Interface
      • Elastic network interface binds to EIP
      • Elastic Network Interface Mounts Cloud Product Instance
      • Elastic network interface unbinds from EIP
      • Elastic Network Interface Unmounts Cloud Product Instance
      • Query elastic network interface list
      • Query elastic network interface status
      • Query the specified elastic network interface
      • Update elastic network interface with enterprise security group
      • Update elastic network interface with regular security group
      • Update elastic network interface
    • Gateway Bandwidth Limiting Rule Related Interfaces
      • Create gateway bandwidth limiting rules
      • Delete Gateway Bandwidth Limiting Rule
      • Modify Gateway Bandwidth Limiting Rule
      • View Gateway Bandwidth Limiting Rule
    • General Description
    • High-Availability Virtual IP Address(HAVIP) Related Interfaces
      • Bind EIP to high-availability virtual IP address
      • Bind instance to high-availability virtual IP address
      • Create high-availability virtual IP address
      • Delete high-availability virtual IP address
      • Query high-availability virtual IP address list
      • Query the specified high-availability virtual IP address
      • Unbind EIP from high-availability virtual IP address
      • Unbind instance from high-availability virtual IP address
      • Update high-availability virtual IP address
    • Interface Overview
    • IPv6 Gateway-Related Interfaces
      • Add IPv6 egress-only policy
      • Bandwidth resizing for IPv6 gateway
      • Create IPv6 gateway bandwidth limiting policy
      • Create IPv6 gateway
      • Delete IPv6 gateway bandwidth limiting policy
      • Delete IPv6 Gateway
      • Delete the IPv6 egress-only policy
      • Query IPv6 gateway bandwidth limiting policy list
      • Query IPv6 gateway
      • Query the IPv6 egress-only policy list
      • Update IPv6 gateway bandwidth limiting policy
      • Update the IPv6 gateway release protection switch
    • NAT Gateway-Related Interfaces
      • Bind DNAT EIP to the NAT gateway
      • Bind SNAT EIP to the NAT gateway
      • Create DNAT rules in batches
      • Create DNAT rules
      • Create NAT gateway
      • Create SNAT rules in batches
      • Create SNAT rules
      • Delete DNAT rules
      • Delete SNAT rules
      • NAT Gateway Binds EIP
      • NAT gateway renewal
      • NAT Gateway Resize
      • NAT Gateway Unbinds EIP
      • Query DNAT rules
      • Query NAT gateway details
      • Query NAT gateway list
      • Query SNAT rules
      • Release NAT gateway
      • Unbind DNAT EIP from the NAT gateway
      • Unbind SNAT EIP from the NAT gateway
      • Update DNAT rules
      • Update NAT Delete Protection Switch
      • Update NAT gateway name
      • Update SNAT rules
    • Network Detection Related Interfaces
      • Create Network Probe
      • Delete network probe
      • Query network probe details
      • Query network probe list.
      • Update probe
    • Parameter Template-Related Interfaces
      • Add IP addresses to the IP address family
      • Add IP addresses to the IP address group
      • Create IP address family
      • Create IP address set
      • Delete IP address family
      • Delete IP address from IP address group
      • Delete IP address set
      • Query IP address family list
      • Query IP address group list
      • Query specified IP address family
      • Query specified IP address group
      • Remove IP address group from IP address family
      • Update IP address family
      • Update IP address set
    • Peering Connections-Related Interfaces
      • Application to process the peering connection
      • Bandwidth resizing for peering connections
      • Create peering connections
      • Disable DNS synchronization for the peering connections.
      • Enable DNS synchronization for the peering connections
      • List of peering connections to be queried.
      • Peering connection renewal
      • Release peering connections
      • Update the local API name and remarks for peering connections
      • Update the peering connection release protection switch
      • View details of peering connection
    • Route Table Related Interfaces
      • Create route rules
      • Delete route rules
      • Primary-standby switch
      • Query route table
      • Query routing rules
      • Update route rules
    • Security Group Related Interfaces
      • Enterprise security group
        • Authorize enterprise security group rules
        • Create enterprise security group
        • Delete enterprise security group rules
        • Delete enterprise security group
        • Query enterprise security group list
        • Update enterprise security group rules
      • Regular security group
        • Authorize regular security group rules
        • Create regular security group
        • Delete regular security group rules
        • Delete regular security group
        • Query regular security group list
        • Revoke regular security group rules
        • Update regular security group rules
        • View security group details
    • Service domain
    • Service Network Interface Card (SNIC)-Related Interfaces
      • Create service network interface card
      • Delete service network interface card
      • Query mountable public services
      • Query service network interface card details
      • Query service network interface card list
      • Update regular security group for service network interface card
      • Update service network interface card with enterprise security group
      • Update the service network interface card
    • Subnet-Related Interfaces
      • Create reserved network segment
      • Create subnet
      • Delete reserved network segment
      • Delete subnet
      • Query specified subnet
      • Query subnet list
      • Query the reserved network segment list
      • Update subnet
    • VPC-Related Interfaces
      • Create VPC
      • Delete VPC
      • Open VPC relay
      • Query IP Usage by Products in VPC
      • Query specified VPC
      • Query VPC intranet IP
      • Query VPC list
      • Shut down VPC relay
      • Update VPC
    • VPN-Related Interfaces
      • Bind EIP
      • Create SSL VPN server
      • Create SSL VPN users in batches
      • Create VPN tunnel
      • Create VPN
      • Delete SSL VPN server
      • Delete SSL VPN user
      • Delete VPN tunnel
      • Query SSL-VPN server
      • Query SSL-VPN user
      • Query VPN details
      • Query VPN List
      • Query VPN tunnels
      • Release VPN
      • Unbind EIP
      • Update SSL VPN server
      • Update SSL VPN user
      • Update VPN release protection switch
      • Update VPN tunnel
      • Update VPN
      • VPN gateway renewal
    • High-Availability Virtual IP Address (HAVIP) Related Interfaces
      • Bind EIP to high-availability virtual IP address
      • Bind instance to high-availability virtual IP address
      • Create high-availability virtual IP address
      • Delete high-availability virtual IP address
      • Query high-availability virtual IP address list
      • Query the specified high-availability virtual IP address
      • Unbind EIP from high-availability virtual IP address
      • Unbind instance from high-availability virtual IP address
      • Update high-availability virtual IP address
  • FAQs
    • Common Questions Overview
    • NAT FAQs
    • Route Table FAQs
    • Service Network Interface Card(SNIC) Common Questions
    • VPC FAQs
    • VPN FAQs
    • Service Network Interface Card (SNIC) Common Questions
  • Function Release Records
  • Operation guide
    • Access control
      • ACL
      • Parameter Template
      • Security group
    • Identity and access management
    • Monitor and Operations
      • NAT Gateway Instance Diagnosis
    • Network Connection
      • Dedicated gateway
      • IPv6 gateway
      • Layer 2 Gateway
      • NAT Gateway
        • Private Network NAT(Network Address Translation) Gateway
        • Public Network NAT(Network Address Translation) Gateway
        • Private Network NAT (Network Address Translation) Gateway
        • Public Network NAT (Network Address Translation) Gateway
      • Peering Connections
      • VPN Gateway
        • GRE VPN Gateway
        • IPsec VPN Gateway
        • SSL VPN Gateway
    • Network Diagnostics
      • Flow log
      • Gateway bandwidth limiting
      • Network probe
      • Path analysis
      • Port verification
      • Traffic monitor
    • Network interface card
      • Elastic network interface
      • High-availability virtual IP address (HAVIP)
      • Service network interface card
    • Network topology
    • Route table
    • Subnet
    • Tag Management
    • Using IPv6
    • VPC
  • Product Description
    • Application scenarios
    • Product advantages
    • Product features
    • Product Introduction
    • Related concepts
    • Usage restrictions
  • Product pricing
  • SDK
    • Go-SDK
      • ACL
      • Dedicated gateway
      • Elastic network interface
      • Exception handling
      • High-availability virtual IP address (HAVIP)
      • Initialization
      • Install the SDK Package
      • IPv6Gateway
      • NAT
      • Network probe
      • Overview
      • Peering Connections
      • Route
      • Security group
        • Enterprise security group
        • Regular security group
      • Service network interface card
      • Subnet
      • VPC
      • VPN
    • Java-SDK
      • ACL
      • Dedicated gateway
      • Elastic network interface
      • Enterprise security group
      • High-availability virtual IP address (HAVIP)
      • Install the SDK Package
      • IPv6 gateway
      • NAT
      • Network probe
      • Overview
      • Parameter Template
      • Peering Connections
      • Regular security group
      • Route
      • Service network interface card
      • Subnet
      • Version history
      • vpc
      • VPN
    • PHP-SDK
      • ACL
      • Install the SDK Package
      • NAT
      • Overview
      • Peering Connections
      • Route
      • Security group
      • Subnet
      • Version history
      • vpc
    • Python-SDK
      • ACL
      • Dedicated gateway
      • Elastic network interface
      • Enterprise security group
      • High-availability virtual IP address (HAVIP)
      • Install the SDK Package
      • IPv6Gateway
      • NAT
      • Network probe
      • Overview
      • Peering Connections
      • Route
      • Security group
      • Service network interface card
      • Subnet
      • Version history
      • VPC
      • VPN
  • Service Level Agreement (SLA)
    • IPv6 Gateway Service Level Agreement SLA
    • NAT(Network Address Translation) Gateway Service Level Agreement SLA
    • Peering Connections Service Level Agreement SLA
    • Service Network Interface Card(SNIC) Service Level Agreement SLA
    • VPN Gateway Service Level Agreement SLA
    • NAT (Network Address Translation) Gateway Service Level Agreement SLA
    • Service Network Interface Card (SNIC) Service Level Agreement SLA
  • Typical Practices
    • Configure Custom Service and Use Service Network Interface Card(SNIC) to Provide Service for Other VPCs
    • HAVIP Combined with Keepalived to Achieve Master-Backup Multi-Machine High Availability
    • Layer 2 Gateway Combined with Dedicated Line Access ET to Build Large Layer 2 Network Between IDC and Cloud VPC
    • Network Layer Security Description
    • Peering Connections Typical Practice
    • Security Group Configuration Practice (Advanced Level)
    • Security Group Configuration Practice (Beginner Level)
    • Typical Practice of Managing Elastic Network Interface Using Terraform
    • Typical Practice of Managing IPsec VPN Gateway Using Terraform
    • Using Keepalived in VPC to Achieve High-Availability Architecture
    • VPC Custom Route Table to Achieve Secure Traffic Mutual Access
    • Windows Using HAVIP to Configure Master-Backup Multi-Machine
    • Configure Custom Service and Use Service Network Interface Card (SNIC) to Provide Service for Other VPCs
  • VPC CLI
    • Configure BCE-CLI
    • Install BCE-CLI
    • Route Table Related Operations
    • Subnet Related Operations
    • Using VPC Service via CLI
    • Version Change Records
    • VPC Related Operations
  • Document center
  • arrow
  • VPCVPC
  • arrow
  • FAQs
  • arrow
  • VPC FAQs
Table of contents on this page
  • What are the components of a VPC?
  • How to start using VPC?
  • How many virtual private clouds, subnets, route tables, NAT gateways, peering connections, and VPN gateways can each user create?
  • What IP address ranges can be used in a virtual private cloud and subnet?
  • Can the intranet IP of a Baidu Cloud Compute instance be modified? How?
  • Does Baidu AI Cloud distinguish between VPC and classic networks?
  • Can a VPC communicate with the public network/other VPCs (cross-region or cross-account)/user data centers?
  • For a virtual private cloud, how can I configure only some resources to access the public network through the gateway?
  • Under one VPC, can Baidu Cloud Compute instances be created in different Availability Zones, and how?
  • How to connect a VPC with a traditional data center?
  • What resources can be created within a VPC?
  • Can VPCs communicate internally?
  • Can internet under the same VPC be interconnected?
  • How can instances (Baidu Cloud Compute, databases) without public IP addresses access the Internet?
  • Can a VPC establish connections with multiple IDCs via VPN?
  • How is the network quality between a virtual private cloud and IDC connected via VPN guaranteed?
  • How to set up a high-availability virtual IP address service using Keepalived software in a VPC?
  • How to conduct regular comprehensive checks on Security Group configurations?

VPC FAQs

Updated at:2025-10-16

What are the components of a VPC?

Baidu AI Cloud virtual private cloud consists of multiple services:

  1. Subnets: Users can customize the network segments of the virtual private cloud and its subnet’s network segments.

    A Virtual Private Cloud (VPC) is a logically isolated virtual network within Baidu AI Cloud. It allows users to define the VPC's IP address range within a selected scope. A subnet is a division within the VPC’s IP range that hosts isolated resources.

  2. Security group

    A Security Group is a stateful, packet-filtering virtual firewall that regulates inbound and outbound traffic for one or more Baidu Cloud Compute instances. It precisely defines ingress and egress policies based on protocol and port (IP + port), thus bolstering the security of services like Baidu Cloud Compute, Load Balancers, and cloud databases.

  3. ACL

    Access Control List (ACL) is a firewall component within VPC that manages security group policies at the subnet level, allowing flexible traffic configuration for one or more subnets to meet diverse network security needs.

  4. Route table

    A route table contains a set of routing policies that dictate how network traffic flows within each subnet of a virtual private cloud.

  5. NAT gateway

    Internet connection: Flexible, high-performance Internet connection methods include the following two types:

    • The NAT gateway is a highly reliable network address translation (NAT) service that allows resources in private subnets to access the Internet.
    • An Elastic IP (EIP) is an independently allocated public IP for accessing the Internet. It supports dynamic binding and unbinding with various instances (e.g., BCC, DCC, BBC, NAT gateway) and is often used to mitigate instance failure impacts.

  6. VPN gateway

    Deploy a hybrid cloud to connect the user’s data center and VPC. A VPN connection enables secure communication between the user’s IDC and the virtual private cloud through an encrypted public network tunnel.

  7. Peering connections

    Peering connections offer users network interconnection services at the VPC level, facilitating traffic exchange between different virtual networks. These interconnections can occur within the same user account or across accounts and regions.

How to start using VPC?

Users can access VPC services via the Baidu AI Cloud console or APIs.

  • For the management console, please refer to the [Operation guide](VPC/Operation guide/VPC.md).
  • API: Refer to VPC [api](VPC/API Reference/Overview.md).

How many virtual private clouds, subnets, route tables, NAT gateways, peering connections, and VPN gateways can each user create?

Refer to VPC resource quotas. If additional resources are required, apply through Quota management.

What IP address ranges can be used in a virtual private cloud and subnet?

Virtual private clouds support three private IP ranges: 172.b.0.0/16 (where b is 16~31), 192.168.0.0/16, and 10.0.0.0/16. A VPC CIDR can use any of these ranges or parts of them. It also supports the use of public IP address ranges as VPC address ranges, though careful consideration is advised when opting for public IP addresses as private network segments.

Number of IPs in a network block = 2 ^ (32-mask). Therefore, the 10.0.0.0/16 network block can contain up to 65536 IP addresses.

Can the intranet IP of a Baidu Cloud Compute instance be modified? How?

It can be modified. Follow these steps:

  1. Log in to the Baidu Cloud Compute console, click on Baidu Cloud Compute (BCC) in the left navigation panel, and navigate to the BCC list page.
  2. Click the Baidu Cloud Compute Instance ID to access the BCC details page.
  3. Click "Change Intranet IP" beside the Intranet IP Information section.
  4. Enter the new IP address and click OK. The new IP will only take effect after the server is rebooted or the Network Interface Card is restarted within the BCC operating system.

Does Baidu AI Cloud distinguish between VPC and classic networks?

No, due to considerations for user services and product security, Baidu AI Cloud only provides VPC services. Traditional or classic networks are not supported.

Can a VPC communicate with the public network/other VPCs (cross-region or cross-account)/user data centers?

Connectivity requirements Baidu AI Cloud services
Accessing the public Internet Elastic IP, NAT gateway (high performance)
Other VPCs Peering connections (supports cross-Region and cross-account)
User data center VPN connections, express tunnel

For a virtual private cloud, how can I configure only some resources to access the public network through the gateway?

Method 1: Bind an EIP to the resource instance in the VPC that requires public network access. This allows the instance to connect to the public network via the EIP.

Method 2: Use a NAT gateway for public network access. Place the Baidu Cloud Compute instances requiring public Internet access in a subnet and configure routing policies in the route table to direct public Internet-bound traffic through the NAT gateway. Follow these steps:

  1. Set up a subnet and host Baidu Cloud Compute instances requiring public internet access within it. Use the console to purchase a Baidu Cloud Compute instance and choose the subnet during the network configuration step.
  2. To purchase and configure a NAT gateway, refer to Configuration Steps.
  3. Set routing policies in the subnet's route table to send packets meant for the public Internet through the NAT gateway.

Under one VPC, can Baidu Cloud Compute instances be created in different Availability Zones, and how?

Yes, but there are two prerequisites:

  1. Instances can only be created in different Availability Zones (AZs) within the same region as the VPC. For instance, if your VPC is in the South China-Guangzhou Region, you can create Baidu Cloud Compute instances in Guangzhou availability zones A and B. However, you cannot create instances in both Guangzhou and Beijing Availability Zones under the same VPC.
  2. To deploy a Baidu Cloud Compute instance in an availability zone, you must first establish a subnet in that zone.

How to connect a VPC with a traditional data center?

Use VPN or the Express Tunnel service to interconnect a VPC with a user's IDC network, thereby building a secure and customized hybrid cloud network for seamless and secure migration of existing services to the cloud.

What resources can be created within a VPC?

VPCs currently support services like Baidu Cloud Compute (BCC), dedicated compute (DCC), bare metal compute (BBC), elastic public IP (EIP), cloud disk server (CDS), dedicated ET, Baidu MapReduce (BMR), simple cache service (SCS), relational database (RDS), load balancer (BLB), and others. New products are being supported regularly; please check the official website for updates.

Can VPCs communicate internally?

By default, different VPCs are entirely isolated from one another, and inter-VPC internet communication is not enabled. To enable connectivity, users can set up peering connections for high-speed communication between VPCs. Alternatively, VPN gateways or EIP-based external communication can be used.

Can internet under the same VPC be interconnected?

Subnets within the same VPC are interconnected by default.

How can instances (Baidu Cloud Compute, databases) without public IP addresses access the Internet?

They can access the Internet via NAT gateway. By creating a NAT gateway and configuring the route table associated with the subnet, instances within the subnet can access the Internet. For detailed [operational steps](VPC/Operation guide/Network Connection/NAT Gateway.md), please refer to the documentation.

Can a VPC establish connections with multiple IDCs via VPN?

Yes, the private network currently supports multiple VPN gateways, allowing one VPN tunnel per gateway to connect multiple on-premise IDCs.

How is the network quality between a virtual private cloud and IDC connected via VPN guaranteed?

Communication between the virtual private cloud and IDC relies on the public network, which may be subject to latency, packet loss, or jitter. For more stable communication quality, it is recommended to use the Express Tunnel service. The VPN backend monitors network quality 24/7, including keepalive and network latency. If any network anomalies occur, operations personnel will promptly address them. Users can also monitor the traffic status of VPN Gateways and tunnels in real-time via the console and contact us promptly if anomalies are detected.

How to set up a high-availability virtual IP address service using Keepalived software in a VPC?

Follow these steps to set up a VIP Service within a VPC:

  1. Configure unicast mode in Keepalived to establish heartbeat with peers;
  2. The VIP must select an IP address outside the subnet range of the VPC; otherwise, the route configuration will fail the validity check
  3. In the VPC route table [, configure the instance-type route ](VPC/Operation guide/Route table.md) to direct the next hop for the VIP to the primary instance
  4. Configure switch actions in the Keepalived notify script. During a failure, call the Route Table API to delete the instance route where the next hop for the VIP is the primary instance and add a route where the next hop is the standby instance, achieving VIP migration.

How to conduct regular comprehensive checks on Security Group configurations?

You can activate the "Cloud Advisor" service to regularly receive inspection reports on the security, availability, performance and cost of cloud resources. The report includes several Security Group-related inspection items, such as Security Group - Unrestricted Access, and Security Group - Unrestricted Specific Ports. Please visit Cloud Advisor Homepage to learn about or activate the Cloud Advisor services.

Previous
Service Network Interface Card(SNIC) Common Questions
Next
VPN FAQs