1 views collected around this technical thread.
This article outlines the background, architectural design, implementation details, and future roadmap of an internet‑boundary cloud firewall built on DPDK, covering physical and software structures, traffic steering, rule matching logic, and planned enhancements such as logging and traffic analysis.
This article explains how to design, configure, and verify a VM traffic mirroring solution in a cloud VPC, covering capture sources, filtering methods, receiver setup, and practical OVS commands for security auditing, intrusion detection, and business analysis.
This article explains a VPC NAT solution that lets function compute pods in a shared Kubernetes VPC securely access services in overlapping business VPCs by using NAT ENIs, MAC adjustments, VXLAN encapsulation, and SNAT/DNAT rules.
This article explains the network interruption issues of VM live migration in 360's VPC overlay (V1), analyzes the root causes, and presents a V2 redesign that eliminates downtime through pre‑loaded forwarding policies, traffic redirection, and streamlined component collaboration.
This article explains the background, overall architecture, and detailed design and implementation of PrivateLink and ClassicLink gateways within a cloud VPC environment, covering their control and forwarding planes, workflow steps, and future optimization plans.
This article describes how 360 unified Kubernetes pod networking with OpenStack VPC by developing a custom CNI plugin that leverages Neutron elastic ports, IPVLAN L2 mode, and OVS to achieve layer‑2 connectivity between VMs and pods, including detailed implementation steps and command examples.
Bilibili’s hybrid‑cloud architecture combines multiple public clouds and its own data centers using a star‑centered topology, employing VPCs, load balancers, NAT gateways, and dedicated lines managed via a multi‑cloud platform, while outlining project‑network setup, security rules, and proxy‑forwarding solutions for reliable, cost‑effective cloud networking.
The guide explains AWS Transit Gateway as a cloud router linking VPCs, VPNs, Direct Connect and on‑premises networks, details attachment types, route tables, MTU limits, step‑by‑step creation, custom routing, verification, and best‑practice design recommendations for scalable, highly available deployments.
This article details the background, design rationale, network topology changes, and step‑by‑step procedures—including VPC configuration, BGP setup, and port‑channel adjustments—used to upgrade Qunar's data‑center network for Kubernetes deployments, with practical code examples and operational tips.
To meet growing business demands, 360’s virtualization team replaced the legacy overlay network with a host‑overlay VPC solution that decouples switches, supports private cloud isolation, leverages DPVS‑based gateways, and integrates monitoring, delivering high‑availability, scalable traffic handling across its 25 G data centers.
This article reviews Du Dongming’s presentation on Kube‑OVN, tracing the evolution of cloud‑native networking from early container experiments to modern multi‑tenant VPC, subnet management, overlay/underlay modes, and the roadmap that positions Kube‑OVN as a comprehensive SDN solution for enterprise Kubernetes environments.
The article describes the design, architecture, and implementation details of the CLOUD‑DPVS gateway, a high‑performance, VXLAN‑based load‑balancing solution that connects VPC networks to classic IDC networks, covering its high‑availability improvements, FULLNAT mode, traffic flow, and future offload plans.
This article details a Cisco Nexus network scenario where two switches use VPC and BFD for link fault detection, explains why BFD neighbor establishment fails due to VPC peer‑gateway causing TTL reduction and MAC rewriting, and presents test results and configuration recommendations to resolve the issue.
This article explains why multi‑tenant VPC networks are essential for modern cloud‑native environments, outlines typical use cases such as public‑cloud container services, virtual‑machine workloads and finance, discusses the challenges of implementing tenant isolation in Kubernetes, and describes how the Kube‑OVN‑based solution was enhanced and deployed on edge‑computing platforms to provide strong VPC isolation, flexible IP management, and integrated load‑balancing services.
This tutorial demonstrates how to configure an open‑source Squid proxy in an AWS VPC to restrict Internet access, allow only approved Amazon S3 buckets and Yum repositories, route traffic through specific gateways, and achieve high availability using Auto Scaling and Route 53.
This guide walks you through configuring an IPv6 VPC, assigning addresses to cloud servers, deploying Nginx, creating an IPv6 Cloud Load Balancer with listeners, adding AAAA and A DNS records, and testing the setup on Tencent Cloud’s supported regions.
The article outlines Qunar's data‑center network evolution, describing the limitations of traditional STP‑based designs, the adoption of vPC for active‑active redundancy, the transition to leaf‑spine topology for scalability, and the implementation of VXLAN to support large‑scale multi‑tenant cloud environments.
This article details the evolution of 360 Qiyun's VPC solution, describing the two‑stage migration from a customized OpenStack Neutron Liberty deployment to a hardware‑assisted EVPN + VXLAN architecture, the specific network enhancements made, performance problems encountered, and the operational benefits achieved.
After a mis‑configured security group in a classic network exposed a neighboring Alibaba Cloud user, developers highlighted the risks of shared internal networks and advocated moving to isolated Virtual Private Clouds, which offer customizable subnets, fine‑grained security, hybrid connectivity, and are now favored across major public‑cloud providers.
This article explains why traditional "classic" cloud networking lacks proper layer‑2 isolation, compares flat, VLAN, and overlay designs in OpenStack Neutron, and shows how virtual private clouds (VPCs) offer secure, scalable network segmentation for modern multi‑tenant environments.