ECS Networking
Start course

This course introduces you to Alibaba’s Elastic Compute Service, or ECS, one of the most common services within the Alibaba platform. It is a high-performance, stable, reliable, and scalable compute service that allows you to deploy virtual servers within your Alibaba Cloud environment. Most people will require some form of ECS Instance running within their environment as a part of at least one of their solutions.

This course covers the following components:

  • ECS Concepts
  • ECS Instances
  • ECS Images
  • ECS Storage
  • ECS Snapshots
  • ECS Security Groups and
  • ECS Networks

For feedback, queries, or suggestions on this course, please contact us at

Intended Audience

This course is designed for IT professionals who are just starting out in the world of Alibaba Cloud and want to know more about the ECS service it offers.


To get the most from this course, you should already have some basic knowledge of cloud computing. If you would like to brush up on your knowledge before taking this course, please consider taking our What is Cloud Computing? course.


The next section we will cover is ECS Networking. Virtual Private Cloud (VPC) is a logically isolated Virtual Network. It provides VLAN-level isolation and blocks outer network communications, it is a requirement when provisioning an ECS Instance.

VPC offers two major features, users can customize their own network topology, Assign Private IP address ranges, allocate network segments, and Configure VSwitches.

Customers can Integrate existing Datacentres through a dedicated line (Express Connect) or a VPN Gateway to form a hybrid cloud.

A Virtual Private Network is made up of two main components: A Virtual Router (VRouter) and one or more Virtual Switches (VSwitch).

A VSwitch is a basic network device of a VPC network and is used to connect different ECS instances together in a subnet. A VPC can have a maximum of 24 VSwitches.

A VRouter is a hub that connects all of the VSwitches in the VPC and serves as a gateway device that can connect to other networks.

In the diagram, you can see depicted zone A and zone B in the UK London region. And you’ll see in zone A that VM 1 and VM 2 are connected to a vSwitch, and in zone B, VM 3 is connected to a VSwitch. But both of these VSwitches are within the VPC that’s been created, so therefore, VM1, VM2, and VM 3 can all communicate with each other, irrespective of the fact that they’re in different zones; they are in the same virtual private cloud network.

Each VPC-Connected ECS instance is assigned a private IP address when it is created. That address is determined by the VPC and the CIDR block of the vSwitch to which the instance is connected.

A Private IP Address can be used in the following scenarios

  • Load balancing
  • Communication among ECS instances within an intranet
  • Communication between an ECS instance and other cloud products (such as OSS and RDS) or within an intranet.

ECS instances support two public IP address types. The first is NATPublicIP, which is assigned to a VPC-Connected ECS instance. This type of address can be released only, and cannot be disassociated from the instance. And the second is Elastic IP Address (EIP). An Elastic IP Address (EIP) is an independent public IP address that you can purchase and use. EIPs can be associated to different ECS instances that reside within VPCs over time to allow public access to the ECS instances.

Their use cases are:

  • If you do not want to retain the public IP address when the instance is released, you can use a NatPublicIP address
  • If you want to keep a public IP address and associate it to any of your VPC-Connected ECS instances in the same region, you would use the EIP address


Overview - ECS Concepts - ECS Instances - ECS Images - ECS Storage - ECS Snapshots - ECS Security Groups - ECS Demo

About the Author

David has been a trainer with QA for over 12 years and has been training cloud technologies since 2017.  Currently certified in Microsoft and Alibaba cloud technologies David has previously been a system and Network administrator amongst other roles.    

Currently, he is a Principle Technology Learning Specialist (Cloud) at QA. He loves nothing more than teaching cloud-based courses and also has a passion for teaching PowerShell scripting.

Outside of work, his main love is flying Radio control airplanes, and teaching people to fly them.