Underlay network
The underlay network refers to the physical network infrastructure responsible for transmitting packets across networks. In data center environments, the physical underlay network provides IP connectivity from certain physical devices, such as servers, storage devices, routers, or switches, to other physical devices.
Overlay network
An overlay network creates a virtualized network abstraction layer with software, enabling multiple independent virtual networks to operate over the physical network. While different overlay networks share the same underlying devices and links, the data in the overlay network remains invisible to the underlay network, and the topology of the overlay network is decoupled from the physical layout and connectivity of the underlay network.
Virtual Private Cloud (VPC)
A VPC is a user-defined logically isolated network space. Within each VPC, you can manage VPC subnets, route tables, floating IP addresses, gateway services, and security services to meet different network requirements.
VPC subnet
A VPC subnet is the basic network module that makes up a VPC. Virtual machines inside the same VPC can communicate with each other within a VPC subnet and between VPC subnets.
Edge gateway
The edge gateway is a group of virtual machines that provide edge gateway services for VPC networking, used to implement Layer 3 connectivity between a VPC and external networks, including the underlay network or overlay network. When a VPC needs to communicate with an external network on the local data center or public network, the edge gateway must first be created in the VPC networking service.
External subnet
An external subnet is a routable IP resource pool used for mapping between VPC networks and physical networks. IP addresses in the external subnet can be used as NAT IP addresses, floating IP addresses, routing IP addresses, etc in a VPC. In Arcfra's virtualized environment, an external subnet is a subnet of the VM network.
Security group
A security group is a collection of objects to which the security policy is applied. consisting of specific virtual machines or virtual machines selected by labels. VPC security groups are only effective for virtual machines associated with VPC networks.
Security policy
Security policies consist of a series of traffic rules, controlling the ingress and egress traffic of the target objects. VPC security policies are only effective for virtual machines associated with VPC networks.
Network address translation (NAT)
SNAT
Source network address translation, which enables the shared IP address in a VPC to access external networks.
When a virtual machine inside the VPC needs to access an external network, the internal address initiates an active connection, and the SNAT service translates the internal IP to a SNAT IP address.
DNAT
Destination network address translation, which is used to publish VPC internal services.
When a virtual machine inside the VPC needs to provide external services, the external address initiates an active connection to access the DNAT IP address, and then the DNAT service routes the connection to the address within the VPC according to the DNAT rules.
Floating IP
A floating IP is a 1:1 NAT configuration that binds an IP address from the external subnet to a virtual machine inside the VPC that needs to be actively connected from the outside, equivalent to an elastic IP address in public clouds.
Layer 2 Gateway
A Layer 2 gateway connects subnets in the underlay network with subnets inside the VPC, enabling the VLAN subnets of the underlay network and VPC subnets to form a unified logical Layer 2 subnet.
Tunnel endpoint (TEP)
Tunnel endpoints are the starting and ending points for establishing an overlay tunnel between two nodes. During data transmission, the IP addresses of these endpoints define the source and destination addresses in the outer IP packet header.
In clusters associated with a VPC, each node serves as a tunnel endpoint, encapsulating the traffic of virtual machines in the overlay network and routing it to the target tunnel endpoint based on the address in the outer IP header of the packet.
VPC system network
The VPC system network, also known as the host TEP network, is used to implement tunnel connections and data exchange between nodes in clusters associated with a VPC.
