“This is the second day of my participation in the Gwen Challenge in November. See details: The Last Gwen Challenge in 2021”

What do we do with the Internet when everything is in the cloud, how do we combine machines and make them connect to each other. Under public cloud, private cloud and hybrid cloud, how should we flexibly build a unified network environment? This paper will take you to study how to build a unified network environment under the cloud computing environment.

What is VPC/VPN/IDC?

A Virtual Private Cloud (VPC) is a customized logically isolated network space on a public Cloud. It is also called a Private network. Take aliyun’s VPC as an example. The VPC consists of at least one private network segment, one router, and at least one switch. In a VPC, you can customize network segments, IP addresses, and routing policies, and use security groups and network access control lists (ACLs) to implement multi-layer security protection. At the same time, the VPC can be connected to our data center through VPN or private lines to flexibly deploy the hybrid cloud.

  • Private segments

    When creating a private network or switch, you need to specify a private network segment in CIDR address block format. You can use the standard private network segment and its subnet in the following table as the private network segment of a VPC or use a customized private network segment.

    Network segment instructions
    192.168.0.0/16 Number of available private NETWORK IP addresses (excluding reserved system addresses) : 65,532
    Along / 12 Number of available private IP addresses (excluding reserved system addresses) : 1,048,572
    10.0.0.0/8 Number of available private NETWORK IP addresses (excluding reserved system addresses) : 16,777,212
    User-defined address segment User-defined address segments except 100.64.0.0/10, 224.0.0.0/4, 127.0.0.0/8, 169.254.0.0/16 and their subnets

  • The router

    A Router is a hub of a private network. As an important functional component in a private network, it can connect each switch in the private network and is the gateway device connecting the private network with other networks. After each private network is created, the system automatically creates a router. Each router is associated with a routing table.

  • switches

    Switches are the basic network devices that form a private network to connect different cloud resources. After creating a private network, you can create switches to create one or more subnets for the private network. Different switches on the same private network communicate with each other on the Intranet. You can deploy applications on switches in different availability zones to improve application availability.

Virtual Private Network (VPN), a remote access technology, is a communication tunnel that provides point-to-point transmission of identity authentication and data communication over an untrusted intermediate Network. To say simply is to use the public network to erect the private network. For example, an employee on a business trip wants to access server resources on the Intranet. This type of access is remote access.

An Internet Data Center (IDC) is an Internet Data Center that leverages existing Internet communication lines and bandwidth resources to create a standardized professional equipment room environment for the telecom sector and provide enterprises and governments with all-round services such as server hosting, renting, and value-added services.

What is a cloud?

The cloud virtualizes servers to form virtual resource pools, saving resource costs and facilitating management compared with physical servers. Cloud refers to the pooling of computing, storage, and network resources. Cloud integrates all hardware resources and network resources to form external computing capabilities, providing computing, storage and data transmission support for our applications, which is also called cloud computing. Clouds have been closely related to our life and are everywhere.

How to build the network environment under cloud computing?

Public clouds

The public cloud is the most convenient. Each vendor that provides the public cloud provides VPC services for us. In a VPC, we can build an Intranet environment on the cloud and assign Intranet IP addresses in the same network environment.

Private clouds

In private cloud, we usually build our own data center or use IDC service to build the computer room, set up routers and switches in a unified manner, divide the network, and form an Intranet through the construction of LAN, so as to interconnect. The private cloud can be accessed through a VPN outside the Intranet environment for greater security.

A hybrid cloud

How can the public cloud and private cloud communicate with each other? The simplest and most direct way is to enable the public cloud to access the private cloud through VPN. The VPCS of public clouds provide tunnel services and can communicate with private clouds. Then there is the special line service.

Dedicated line: A dedicated network channel is established between the public cloud and the enterprise. Physical access is used for network communication. The cost is high.