Help Center > > Service Overview> Network


Updated at: Dec 14, 2019 GMT+08:00


Virtual Private Cloud (VPC) allows you to create customized virtual networks in your logically isolated AZ. Such networks are dedicated zones that are logically isolated for your ECSs. You can define security groups, virtual private networks (VPNs), IP address segments, and bandwidth for a VPC. This facilitates internal network configuration and management as well as secure and convenient network modification. You can also customize the ECS access rules within a security group and between security groups to strengthen ECS security protection.

For more information about VPC, see Virtual Private Cloud User Guide.


A subnet is a range of IP addresses in your VPC and provides IP address management and DNS resolution functions for ECSs in it. The IP addresses of all ECSs in a subnet belong to the subnet.

Figure 1 Subnet

By default, ECSs in all subnets of the same VPC can communicate with each another, while ECSs in different VPCs cannot.

Security Group

A security group is a collection of access control rules for ECSs that have the same security protection requirements and are mutually trusted in a VPC. After a security group is created, you can create different access rules for the security group to protect the ECSs that are added to this security group.

Your account automatically comes with a default security group. The default security group allows all outbound traffic, denies all inbound traffic, and allows all traffic between ECSs in the group. Your ECSs in the security group can communicate with each other without the need to add rules.

Figure 2 Default security group

Table 1 describes default security group rules.

Table 1 Default security group rules










Allow all outbound traffic.




Source: ID of the current security group (for example, sg-xxxxx)

Allow communication among ECSs within the security group and deny all inbound traffic (incoming data packets).





Allow all IP addresses to access Linux ECSs over SSH.





Allow all IP addresses to access Windows ECSs over RDP.


An EIP is a public IP address that can be directly accessed over the Internet. An EIP consists of the public IP address and public network egress bandwidth. EIPs can be bound to or unbound from ECSs, virtual IP addresses, NAT gateways, and load balancers. Various billing modes are provided to meet diversified service requirements.

Each EIP can be used by only one cloud resource at a time.

Figure 3 Accessing the Internet using an EIP

Did you find this page helpful?

Submit successfully!

Thank you for your feedback. Your feedback helps make our documentation better.

Failed to submit the feedback. Please try again later.

Which of the following issues have you encountered?

Please complete at least one feedback item.

Content most length 200 character

Content is empty.

OK Cancel