Virtual Private Cloud (VPC) Basics

Questions and Answers

What is a key benefit of using a Virtual Private Cloud (VPC) regarding network isolation?

• VPCs can communicate freely with each other.
• VPCs require public IPs for interaction.
• VPCs are logically isolated, preventing default communication. (correct)
• VPCs can automatically connect to other public clouds.

Which of the following configurations can be customized within a VPC?

• Internet traffic statement
• Subnets and route tables (correct)
• Data transfer speeds
• Public IP ranges

What is the purpose of Network ACLs (Access Control Lists) in a VPC?

• They assign public IP addresses to subnets.
• They protect subnets by controlling inbound and outbound traffic. (correct)
• They connect VPCs to external networks seamlessly.
• They isolate VPCs for greater accessibility.

What must be specified when creating a VPC?

Private CIDR block (D)

Which of the following statements about VPC peering connections is true?

They allow VPCs in the same region to communicate using private IPs. (B)

Which service is NOT typically required for a VPC to connect to the Internet?

Virtual Router (A)

How many dynamic BGP connections can a VPC establish to multiple carriers?

21 (C)

What does the flexibility of a VPC customization allow users to manage?

Division of subnets and configuration of route tables (A)

What is the primary function of the default route table in a VPC?

To ensure that all subnets in the VPC can communicate with each other (C)

Which component acts as a virtual firewall in a VPC to provide access rules?

Security groups (A)

What is a requirement for creating a VPC peering connection?

The VPCs must be located within the same region (B)

How can a cloud server without an EIP bound access the Internet?

By creating a custom route table with specific routes (B)

Which connectivity option allows for connection between an on-premises data center and a VPC?

Direct Connect (C)

What is the purpose of using load balancers in conjunction with ECSs in a VPC?

To evenly distribute traffic across multiple ECSs (C)

How can distinct access control rules be managed for different types of servers in a VPC?

By creating multiple security groups for different server types (C)

Which of the following statements about VPCs is true?

VPCs are logically isolated from one another (D)

What is the purpose of using a hybrid cloud deployment?

To keep core data in an on-premises data center while utilizing the cloud. (B)

What is an elastic network interface?

A virtual network card that can be configured and attached to instances. (A)

What does an IP address group allow you to do?

Manage IP addresses with the same security requirements more efficiently. (B)

What is the consequence of a subnet's CIDR block once it is created?

It cannot be modified after its creation. (B)

How do Elastic IPs (EIPs) function in cloud networking?

They enable communication with the Internet using static public IPs. (D)

What is the relationship between subnets and route tables in a VPC?

Every subnet must be associated with a route table. (C)

What is the main purpose of VPC peering connections?

To allow communication between ECSs in different VPCs. (B)

What is the ability of a route table within a VPC?

To manage how network traffic is directed from subnets. (B)

What is a primary characteristic of a security group in a VPC?

It is a collection of access control rules for ECSs with mutual trust. (A)

Which statement about VPC peering connections is true?

They allow traffic to be routed using private IP addresses. (B)

What additional functionality do network ACLs provide compared to security groups?

They implement rules for both allow and deny traffic. (B)

What purpose do virtual IP addresses serve in relation to ECSs?

They enable active/standby ECS switchover for high availability. (B)

How does a network ACL interact with security groups?

They offer complementary control for finer access management. (B)

In what scenario would you use an L2CG?

To migrate data center services to the cloud without changing configurations. (D)

Which of the following statements is false regarding security groups?

They can be associated with multiple subnets. (D)

Which best explains the limitation of VPC peering connections?

They cannot cross regional boundaries. (C)

Study Notes

Virtual Private Cloud (VPC)

• A VPC is a logically isolated, virtual network.
• Allows for customization, including subnets, route tables, security groups, and bandwidth management.
• Provides secure and isolated networks based on assigned IP addresses and security configurations.
• VPC is the basis of HUAWEI CLOUD networks.

Advantages of VPC

• Flexible Configuration: Customize VPCs, divide subnets as needed, configure DHCP and route tables.
• Security and Reliability: VPCs are logically isolated from each other. They can't communicate by default.
  • Network ACLs protect subnets.
  • Security groups protect ECSs (Elastic Cloud Servers).
• Seamless Connectivity:
  • VPCs are not connected to the internet by default.
  • Connect to the internet through EIP, ELB, NAT Gateway, VPN, and Direct Connect.
  • VPC peering connections allow communication between two VPCs in the same region using private IP addresses.
• High-Speed Access:
  • Up to 21 dynamic BGP connections to various carriers.
  • Dynamic BGP allows for automatic failover and chooses the optimal path in case of network failures.

VPC Architecture

• Each VPC contains a private CIDR block, route tables, and at least one subnet.
• When creating a VPC, specify a private CIDR block within the supported ranges: 10.0.0.0/8-24, 172.16.0.0/12-24, and 192.168.0.0/16-24.
• Cloud resources (like ECSs and databases) must be deployed in subnets.
• A default route table is automatically generated by the system. This ensures subnets in the same VPC communicate.
• To meet specific application requirements, create custom route tables.

Security in VPC

• Security Groups:
  • Act as virtual firewalls that provide access rules for ECSs within a VPC.
  • Apply to instances with the same security requirements and mutual trust.
• Network ACLs:
  • Associated with subnets that have the same access control needs.
  • Allow for specific control of inbound and outbound traffic at the subnet level.

Connectivity Options

• VPC Peering Connection: Establishes communication between two VPCs in the same region using private IP addresses.
• EIP or NAT Gateway: Allows ECSs in a VPC to communicate with the internet.
• On-premise Connections: VPN, Cloud Connect, Direct Connect, and L2CG (Layer 2 Connection Gateway) can connect your on-premises data center to VPCs.

Application Scenarios

• Dedicated Networks on Cloud: Each VPC represents a private network, providing isolation for service systems.
• Web Application/Website Hosting: Host web applications and websites in a VPC. Connect ECSs running web applications to the internet using EIPs or NAT gateways. Distribute traffic using load balancers.
• Web Application Access Control:
  • Create multiple security groups for web and database servers.
  • Associate different security groups to web and database servers.
  • Implement access control rules for security groups.
• Hybrid Cloud Deployment:
  • Combine on-premises data centers with cloud resources for flexibility.

VPC Concepts

• Elastic Network Interface: A virtual network card. Create and configure network interfaces and attach them to your instances.
• IP Address Group: A collection of IP addresses that share the same security group rules. It simplifies management for addresses with similar security requirements.
• Subnet: A unique CIDR block within your VPC. Deploy resources in subnets.
• Elastic IP (EIP): Enables your cloud resources to communicate with the internet using static public IP addresses and scalable bandwidths.
• Route Table: Contains routes used to determine the direction of network traffic from VPC subnets. Associate a route table with each subnet.
• Security Group: A collection of access control rules for ECSs within a VPC. You can create and apply specific rules to the security group.
• VPC Peering Connection: Connects two VPCs in the same region, allowing traffic routing between them using private IP addresses.
• Network ACL: Creates rules to manage traffic in and out of subnets. Offers fine-grained control by allowing both allow and deny rules.
• Virtual IP Address: A shared IP address shared among multiple ECSs. Allows access through either the private or virtual IP address.
• L2CG (Layer 2 Connection Gateway): A virtual tunnel gateway that facilitates communication between cloud and on-premises networks. This enables migration of data center services to the cloud without changing subnets or IP addresses.

Description

Explore the fundamentals of Virtual Private Cloud (VPC) technology, its advantages, and configurations. This quiz covers aspects like flexible setup, security features, and connectivity that define VPC in HUAWEI CLOUD environments.