This guide explains why careful CIDR selection for AWS VPCs is critical in 2025, outlines the hidden five‑IP reservation rule, presents sizing tables, offers a step‑by‑step decision framework, and shares real‑world examples of IP exhaustion in EKS and PrivateLink deployments.
VPC private DNS provides an isolated, internal name resolution service for cloud resources, enabling secure, efficient communication, private domain management, recursive queries, and seamless integration with public DNS, while offering advantages such as enhanced security, flexible architecture, simplified operations, high availability, and support for hybrid cloud scenarios.
This article explains the design, features, and deployment architecture of a unified Layer‑7 load‑balancing service that supports both classic and VPC networks, offering intelligent routing, session persistence, health checks, hot‑config reload, and high availability for cloud‑native environments.
This article explains the background, design, and implementation of a multi‑cloud network that enables full‑network compute scheduling across public clouds (such as Alibaba and Huawei) and private IDC, detailing components like cloud‑dedicated lines, multi‑cloud gateways, boundary routers, routing interconnection, MTU handling, and future optimization plans.
The article details Huawei’s CloudMatrix384 AI supernode, describing its 384 Ascend 910C NPUs, 192 Kunpeng CPUs, ultra‑high‑bandwidth UB network, three complementary network planes (UB, RDMA, VPC), and the non‑blocking topology that enables sub‑microsecond inter‑node latency across a 16‑rack deployment.
This guide explains the fundamentals of AWS VPC route tables, clarifies the difference between explicit and implicit subnet associations, and provides practical best‑practice recommendations to ensure reliable internet connectivity and secure network architecture.
This article outlines the background, architectural design, implementation details, and future roadmap of an internet‑boundary cloud firewall built on DPDK, covering physical and software structures, traffic steering, rule matching logic, and planned enhancements such as logging and traffic analysis.
This article explains how to design, configure, and verify a VM traffic mirroring solution in a cloud VPC, covering capture sources, filtering methods, receiver setup, and practical OVS commands for security auditing, intrusion detection, and business analysis.
This article explains a VPC NAT solution that lets function compute pods in a shared Kubernetes VPC securely access services in overlapping business VPCs by using NAT ENIs, MAC adjustments, VXLAN encapsulation, and SNAT/DNAT rules.
This article explains the network interruption issues of VM live migration in 360's VPC overlay (V1), analyzes the root causes, and presents a V2 redesign that eliminates downtime through pre‑loaded forwarding policies, traffic redirection, and streamlined component collaboration.
This article explains the background, overall architecture, and detailed design and implementation of PrivateLink and ClassicLink gateways within a cloud VPC environment, covering their control and forwarding planes, workflow steps, and future optimization plans.
This article describes how 360 unified Kubernetes pod networking with OpenStack VPC by developing a custom CNI plugin that leverages Neutron elastic ports, IPVLAN L2 mode, and OVS to achieve layer‑2 connectivity between VMs and pods, including detailed implementation steps and command examples.
Bilibili’s hybrid‑cloud architecture combines multiple public clouds and its own data centers using a star‑centered topology, employing VPCs, load balancers, NAT gateways, and dedicated lines managed via a multi‑cloud platform, while outlining project‑network setup, security rules, and proxy‑forwarding solutions for reliable, cost‑effective cloud networking.
The guide explains AWS Transit Gateway as a cloud router linking VPCs, VPNs, Direct Connect and on‑premises networks, details attachment types, route tables, MTU limits, step‑by‑step creation, custom routing, verification, and best‑practice design recommendations for scalable, highly available deployments.
This article traces Alibaba Cloud's network transformation—from early classic two‑layer networks to dedicated VPCs, hardware‑accelerated gateways, smart NICs, and NFV‑based virtualized network functions—highlighting the business drivers, architectural challenges, and the progressive solutions that enable massive, elastic, and secure cloud networking.
This article provides a comprehensive guide to OpenStack Neutron, covering its VPC virtual network model, network resource types, isolation methods, configuration examples for flat, VLAN, and VxLAN networks, as well as detailed instructions for creating subnets, ports, routers, and floating IPs with code snippets.
This article provides a detailed walkthrough of Kube-OVN's controller architecture, covering its deployment as a Kubernetes deployment, the main initialization flow, worker mechanisms for handling VPC, subnet, and pod resources, and the creation of the default VPC with associated OVN logical router.
This article reviews the evolution of cloud‑native networking in China, analyzes platformization and underlay trends, explains the technical challenges of traditional CNI solutions, and details Kube‑OVN's architecture, features, and roadmap as a comprehensive enterprise‑grade Kubernetes networking platform.
This article details the background, design rationale, network topology changes, and step‑by‑step procedures—including VPC configuration, BGP setup, and port‑channel adjustments—used to upgrade Qunar's data‑center network for Kubernetes deployments, with practical code examples and operational tips.
To meet growing business demands, 360’s virtualization team replaced the legacy overlay network with a host‑overlay VPC solution that decouples switches, supports private cloud isolation, leverages DPVS‑based gateways, and integrates monitoring, delivering high‑availability, scalable traffic handling across its 25 G data centers.
This article reviews Du Dongming’s presentation on Kube‑OVN, tracing the evolution of cloud‑native networking from early container experiments to modern multi‑tenant VPC, subnet management, overlay/underlay modes, and the roadmap that positions Kube‑OVN as a comprehensive SDN solution for enterprise Kubernetes environments.
Kube-OVN 1.8 introduces a re‑engineered Underlay with a new ProviderNetwork CRD supporting flexible NIC and VLAN mappings, achieves roughly 45% latency reduction through flow‑table and kernel optimizations, adds VPC security groups and service support, and bundles several other networking enhancements.
The article describes the design, architecture, and implementation details of the CLOUD‑DPVS gateway, a high‑performance, VXLAN‑based load‑balancing solution that connects VPC networks to classic IDC networks, covering its high‑availability improvements, FULLNAT mode, traffic flow, and future offload plans.
This article details a Cisco Nexus network scenario where two switches use VPC and BFD for link fault detection, explains why BFD neighbor establishment fails due to VPC peer‑gateway causing TTL reduction and MAC rewriting, and presents test results and configuration recommendations to resolve the issue.
This article explains the history and logic behind IP address classes, how subnetting transforms a two‑level address into three levels, the role of subnet masks in determining network membership, and the advantages of CIDR notation for flexible address allocation, concluding with a practical VPC exercise.
This article chronicles UCloud's VPC evolution—from early classic two‑layer networks through SDN‑based VPC 2.0 and the hardware‑integrated VPC 3.0 architecture, covering microservice migration, telemetry, dynamic flow learning, and high‑performance hardware offload to meet modern cloud networking demands.
This article explains why multi‑tenant VPC networks are essential for modern cloud‑native environments, outlines typical use cases such as public‑cloud container services, virtual‑machine workloads and finance, discusses the challenges of implementing tenant isolation in Kubernetes, and describes how the Kube‑OVN‑based solution was enhanced and deployed on edge‑computing platforms to provide strong VPC isolation, flexible IP management, and integrated load‑balancing services.
This tutorial demonstrates how to configure an open‑source Squid proxy in an AWS VPC to restrict Internet access, allow only approved Amazon S3 buckets and Yum repositories, route traffic through specific gateways, and achieve high availability using Auto Scaling and Route 53.
In a detailed interview, UCloud’s virtual network lead Zhou Jian explains how the company’s SDN‑based solutions address heterogeneous network challenges—security isolation, performance, and consistent user experience—through programmable VPCs, hybrid gateways, global traffic cleaning, and multi‑cloud connectivity, illustrating the evolution from VPC 1.0 to today’s global backbone.
This article investigates why a Kubernetes Namespace can get stuck in the Terminating state, analyzes logs from the API Server and Controller Manager, explains API group/version mechanics, uncovers a Metrics Server network issue caused by missing VPC routes and RAM role policies, and provides a step‑by‑step fix.
This guide walks you through configuring an IPv6 VPC, assigning addresses to cloud servers, deploying Nginx, creating an IPv6 Cloud Load Balancer with listeners, adding AAAA and A DNS records, and testing the setup on Tencent Cloud’s supported regions.
This lesson explains cloud networking fundamentals, covering overlay/underlay architecture, software-defined networking, network function virtualization, private VPC design, ACL and NAT gateways, routing tables, and three hybrid‑cloud deployment models, illustrating how networks enable scalable, flexible cloud services.
UK8S’s custom CNI plugin integrates VPC networking to give containers native cloud performance, but a bug caused kubelet to create a second sandbox container, leading to missing NETNS parameters and VPC IP leaks; the article details the investigation, root‑cause analysis, and the patch fixing the issue.
Using a vivid Journey to the West allegory, this article walks through cloud networking fundamentals—from regions, availability zones, and VPCs to BGP routing, DNS resolution, TCP handshakes, TLS encryption, load balancing, and micro‑service communication—illustrating each concept with clear diagrams and analogies.
The article outlines Qunar's data‑center network evolution, describing the limitations of traditional STP‑based designs, the adoption of vPC for active‑active redundancy, the transition to leaf‑spine topology for scalability, and the implementation of VXLAN to support large‑scale multi‑tenant cloud environments.
This article explains how VPC enables component layering and isolation, covering four typical scenarios—enabling internet access for subnets, separating internal and external resources, inter‑connecting multiple cloud VPCs, and linking on‑premises networks with cloud VPCs—along with step‑by‑step implementation guidance.
This article details the evolution of 360 Qiyun's VPC solution, describing the two‑stage migration from a customized OpenStack Neutron Liberty deployment to a hardware‑assisted EVPN + VXLAN architecture, the specific network enhancements made, performance problems encountered, and the operational benefits achieved.
The 2017 Double‑11 festival shattered records with 168.2 billion yuan in sales, and Alibaba Cloud’s VPC, load‑balancing SLB, NAT gateway, and high‑speed hybrid‑cloud network together ensured the massive traffic and payment spikes ran smoothly for millions of shoppers.
After a mis‑configured security group in a classic network exposed a neighboring Alibaba Cloud user, developers highlighted the risks of shared internal networks and advocated moving to isolated Virtual Private Clouds, which offer customizable subnets, fine‑grained security, hybrid connectivity, and are now favored across major public‑cloud providers.
This article explains why traditional "classic" cloud networking lacks proper layer‑2 isolation, compares flat, VLAN, and overlay designs in OpenStack Neutron, and shows how virtual private clouds (VPCs) offer secure, scalable network segmentation for modern multi‑tenant environments.
The article explains how to achieve network isolation for a QCloud SQL cluster by creating and binding additional elastic NICs via API—assigning separate production, heartbeat, and storage interfaces to each node—while noting that true physical isolation is impossible and detailing the required configuration steps and encountered challenges.
This article explains Tencent Cloud's end‑to‑end solution for global same‑server gaming, covering centralized data deployment, regional player access, high‑speed VPC interconnects, POP acceleration, and practical deployment steps to achieve low‑latency worldwide gameplay.
