Hi Everyone. Welcome to the 3rd chapter. In our 10 cent cloud practitioner course introduction to 10 cent cloud networking. At the end of this chapter, you will have a Better understanding of the features, advantages and use cases of 10cent cloud VPC. The features advantages and impact of 10cent cloud networking. The features advantages and use cases of Tencent Cloud clb and the billing plans for Tencent cloud networking products In this chapter will cover four sections. Tencent Cloud VPc. Tencent cloud networking. Tencent Cloud clB and billing plans. This video will cover the first section. Tencent Cloud VPc. Subsequent videos Will cover the remaining three sections. Okay, let's get started with section 1 10 cent cloud VPc in this video we'll cover what is a VPc? VPc, Cedar blocks. VPc route tables, VPC access control and E N I a virtual private cloud refers to a user defined, logically isolated and dedicated cloud based network space. You can think of it as your home in the cloud, that you can customize to define how it interacts with external parties, just like how a house needs a floor, walls and a roof to be complete, A VPC needs a few components such as the I. P. Or E N. I. The sub net, the cedar block, route table and security group or a C. L. To be functional. Here's a diagram of a VPc for your reference. Okay, let's move on to cedar blocks. Cedar blocks essentially define the range of available I PS and a VPC, for example, Cedar blocks support any I PS that fall in the three ranges listed below. A VPc contains multiple subnets and each subset contains a group of smaller cedar ip blocks. So when setting up a VPc, you first have to define your VPc size on your networking. Then you have to define the size of your cedar blocks, which ranges from 16-28 and determines how many subsets you can create on your VPC. Given this structure, a good practice is to make your VPC as large as possible so that you have more room for growth and more flexibility. To define your subnets using different methodologies, all cloud resources such as CVM and CDB need to be deployed on sub nets. Note that private IPs obtained through D H C P R not row double on the public network. The formula for calculating the number of available I ps per submit Is 2 to the N -3. Where N is the sub net mask. An I. P address is a binary composition, which means that each digit can Be either zero or 1 in value. An I. P address is also comprised of 32 digits. The 1st 24 digits underlined in black represent the sub net location, which is the same for everyone in that sub net however, the last eight digits underlined in red represent the host bit which is unique for everybody in submitting. The number of sub net mask bits determines the number of available subnets and the number of host iP addresses. If the sub net mask is N, then the number of subnets will be two to the N. And the number of I. P addresses will be two Times 32 to the N -3. In the example below we see that the sub net mask of The I. P address is 24, which is the number that comes after the slash. So to calculate the number of available subnets, we use the equation to to the end to arrive at 2 to the 24th for the number of available IP. Hosts it would be to to The 32nd -20 fourth minus three. Note that the network address is 10 point 3.5.0 and the broadcasting address Is 10.3.5.255. Which means that those IP addresses are already taken and cannot be selected. IP addresses in the same VPc network can communicate by default, but those in different VPC networks cannot communicate unless VPC peering is established and a route table is configured to facilitate traffic among VPC s and between VPC s and public networks. Now there are two types of route tables, default and customized and three routing policy types destination, next hop type and next hop. Now let's take a look at VPC access control, which essentially ensures the security of the VPC. The network A Cl controls the inbound and outbound traffic of a sub net, while the security group decides whether a port or protocol accepts traffic. As you can see from the diagram, the network A cl controls the traffic for sub nets, while the security group controls traffic for virtual machines. So how do network a CLS and security groups stack up against each other as mentioned in the previous slide, Network acls involves submit level traffic control, which represents the first layer of defense. In contrast, security groups involve CBM instance level traffic control, which represents the second layer of defense. While both network A CLS and security groups support allow and deny rules. Network A CLS are stateless, meaning the returned data stream must be explicitly allowed by rules that need to be defined while security groups are state fel meaning the returned data stream is automatically allowed and is not affected by any rules. Finally, for network a CSS rules automatically apply to all CVM instances in the associated subnets, which can act as a backup defense if the instance is already associated with a security group. In contrast for security groups, rules only apply to an instance if they are associated with the security group. Elastic network interface is an elastic network interface that is assigned to a CBM instances in a VPC network and can freely migrate between CBM instances. It defines the range of IPs available in a network interface. You can think of the and I as a virtualized network interface as opposed to a physical network interface that you can associate IPS 2. The advantages of e N S are that they feature multiple E n S and I P addresses, network isolation and flexible migration.
