A Virtual Private Cloud (VPC) is a logically isolated network space on Tencent Cloud. You can deploy resources, such as CVM and TencentDB instances, on VPCs to enhance their security and meet the needs in different use cases.
Tencent Cloud VPC supports CIDR blocks in any of the following private IP ranges:
10.0.0.0 - 10.255.255.255 (mask: 12 - 28)
172.16.0.0 - 172.31.255.255 (mask: 12 - 28)
192.168.0.0 - 192.168.255.255 (mask: 16 - 28)
Note
The primary VPC CIDR block cannot be modified after creation. When the addresses in the primary CIDR block are not enough, you can create a secondary one to expand the IP range. For more information, see Editing IPv4 CIDR Blocks.
Subnet
Each VPC should contain at least one subnet. All Tencent Cloud resources in a VPC (such as CVM and TencentDB instances) must be deployed in a subnet, and the subnet CIDR block must be within the VPC CIDR block.
A VPC is set up at the region level (such as Guangzhou), while a subnet is set up at the availability zone level (such as Guangzhou Zone 1). You can divide a VPC into one or more subnets. Subnets in the same VPC can interconnect with one another by default, while subnets in different VPCs are isolated by default.
Route table
When you create a VPC, the system automatically generates a default route table to ensure that all subnets in the same VPC are interconnected. If the routing policies in the default route table cannot meet your needs, you can create a custom route table.
For more information on route tables, see Overview.
VPC Connection
Tencent Cloud provides a wide range of VPC connection solutions for different use cases:
CVMs in a VPC can be connected to the internet via an EIP or NAT gateway.
VPCs can communicate with each other through a peering connection or over CCN.
VPCs and local IDCs can be interconnected through VPN connections, Direct Connect or over CCN.
A VPC is a logically isolated network space in the cloud. Different VPCs are isolated from each other to protect application security.
Security group: A security group is a stateful virtual firewall for filtering packets. As an important means of network security isolation, it can be used to control the outbound and inbound traffic for instances.
Network ACL: A network ACL is a stateless virtual firewall for filtering packets at the subnet level. It can be used to control the inbound and outbound data streams for subnets at the protocol and port levels.
Cloud Access Management (CAM): CAM helps you manage the access permissions for all your Tencent Cloud resources, including VPCs. You can control the access to your VPCs by user identities or custom policies.
