Understanding VPC vs Classic Network in Public Cloud

In recent days, a heated discussion arose in the tech community about the classic (basic) network and the private network (VPC) in public cloud environments. The incident started when a developer restricted database access to the internal network, but due to a mis‑configured security group, a neighboring Alibaba Cloud user was compromised, affecting the developer's services. The developer @左耳朵耗子 published a post titled "A Brief Introduction to Public Cloud Networking" warning that Alibaba Cloud’s default internal network is the classic network, which is complex to manage and prone to configuration errors, and urged the adoption of VPC (https://www.qcloud.com/product/vpc) to prevent similar accidents.

This rational discussion helped the VPC solution quickly gain attention among developers, raising the question of whether it is necessary to migrate from classic network to VPC. Below is a concise technical overview.

1. What is VPC?

VPC (Virtual Private Cloud) is a logically isolated network space on a public cloud. It resembles a traditional on‑premise network and hosts resources such as cloud servers, load balancers, and cloud databases. Users can define their own IP ranges, subnets, and routing policies, and enforce multi‑layer security through security groups and network ACLs. VPCs can also be connected to on‑premise data centers via VPN or dedicated lines, enabling flexible hybrid‑cloud deployments.

2. Differences between VPC and Classic Network (Basic Network)

Classic Network: All users share a common public network pool without logical isolation. Internal IP addresses are allocated centrally by the system, and the same internal IP cannot be assigned to different users.

VPC: Provides a logically isolated virtual network for each user. Within a VPC, users can freely define subnets, IP addresses, and routing policies, and apply security groups and network ACLs for fine‑grained access control, offering higher flexibility and security.

The diagram below illustrates the architectural contrast between classic network and VPC:

VPC’s advantages are evident: users can customize subnet segmentation, IP allocation, and routing; security is enhanced through network ACLs and security groups. VPC is suitable for workloads requiring strong isolation, multi‑tier web applications, elastic hybrid‑cloud deployments, and industries with strict regulatory and data‑security requirements such as finance and government.

3. Comparison of VPC Offerings from Major Cloud Providers

Currently, VPC is being actively promoted by major cloud vendors. AWS, Alibaba Cloud, and Tencent Cloud provide detailed documentation on their VPC services.

Overall, AWS and Tencent Cloud receive the highest scores, supporting features such as elastic network interfaces, VPN services, and network ACLs, which significantly lower the technical barrier for users and make VPC configuration more convenient, safe, and flexible.

Tencent Cloud additionally offers unique capabilities like direct public‑IP passthrough, subnet broadcast/multicast, and dedicated NAT, which are not commonly available in other public‑cloud markets.

4. How Classic Network Users Can Smoothly Migrate to VPC

For customers with many cloud servers already deployed in classic networks, both AWS (ClassicLink) and Tencent Cloud (Basic Network Interconnect) provide transition solutions. These allow classic‑network instances to be associated with a specific VPC, enabling communication between classic‑network resources and VPC resources such as servers and databases.

This network incident may become a turning point for the industry. From both experts’ perspectives and vendors’ product roadmaps, the controversy around classic networks has propelled VPC to become the preferred and possibly mainstream networking solution in the public‑cloud market.