Security Group is a virtual firewall with the state-based packet filtering feature, which is used to set network access control for one or more CVMs. You can add CVM instances with the same network security isolation requirements within the same region to the same security group, and filter the inbound and outbound traffic of the CVMs based on the network policies of the security group.
Peering connection is the connection established among different VPCs, supporting cross-account and cross-region communication between VPCs.
public gateway is a type of CVM that is able to forward the traffic between the Internet and VPCs. A CVM without a public IP can access the Internet via a public gateway.
A route table consists of a series of routing policies that are used to define the traffic direction of each subnet within the VPC. A subnet can be associated with only one route table, but a route table can be associated with multiple subnets in the same VPC.
A routing policy defines a path that network traffic goes through. Each routing policy comprises three parameters:
A private IP is an IP address assigned to an instance in the Tencent Cloud VPC or basic network, which cannot be accessed via the Internet but can be used for communication between instances in the VPC or basic network.
A [NAT gateway] can translate the private IP address in a Virtual Private Cloud (VPC) to a public IP address if the private and public networks are isolated from each other, enabling the VPC to access the Internet. The NAT gateway supports a maximum of 5 Gbps traffic surge and 10,000,000 concurrent connections. As a highly available gateway, the NAT gateway also provides master/slave hot backup, enabling automatic switching in the event of a single point of failure with an imperceptible impact on your use of the services.
A virtual private cloud (VPC) builds a separate network space in Tencent Cloud, which is very similar to a traditional network run in your IDC, except that the services hosted in a VPC are your Tencent Cloud services such as Cloud Virtual Machine, Cloud Load Balancer, and TencentDB. You do not need to worry about the procurement and OPS of network devices; instead, you only need to customize IP ranges, IP addresses, routing policies, etc. through easy-to-use software programs. You can use EIPs, NAT gateways, and public gateways to flexibly access the internet or interconnect a VPC with your IDC through VPN or Direct Connect. In addition, VPC’s Peering Connection can help you easily implement a unified server for global access and 2-region-3-DC disaster recovery, and the security groups and network ACLs features of VPC ensures comprehensive network security.
An elastic IP (EIP) is a public IP address that can be applied for independently. It supports dynamic binding and unbinding. You can bind an EIP to or unbind it from a CVM (or NAT gateway instance) in the account. The main functions are as follows:
A public IP can be accessed via the Internet and can be used for communication between instances and the Internet or other Tencent Cloud resources (such as databases) with public endpoints.
A subnet is a flexible way to segment a VPC into different IP ranges. Applications and services can be deployed in different subnets to securely and elastically host multi-layer web applications in a VPC.
Direct Connect is a fast way to connect Tencent Cloud with your local IDC. A connection can be established to communicate with Tencent Cloud resources in multiple regions for elastic and reliable hybrid cloud deployment. Direct connect supports two-line hot backup access mode free of single points of failure to meet the high networking requirements in demanding industries such as finance.
It consists of several components: