Cloud Networking: AWS VPC vs GCP VPC vs Alibaba Cloud VPC

Virtual Private Cloud (VPC) is the cornerstone of cloud network architecture, directly determining application security isolation, traffic control, and cross-region connectivity. AWS, GCP, and Alibaba Cloud — three of the world's leading cloud platforms — each implement VPC differently. Understanding their differences is the first step toward building a robust cloud architecture.

VPC Architecture Model Comparison

The three platforms differ fundamentally in their VPC architecture models, which impacts subnet design, routing policies, and overall network planning.

| Architecture Dimension | AWS VPC | GCP VPC | Alibaba Cloud VPC | |----------------------|--------|--------|-------------------| | VPC Scope | Regional (single region) | Global (cross-region) | Regional (single region) | | Subnet Type | AZ-level (bound to AZ) | Regional (spans AZs) | AZ-level (bound to AZ) | | IP Address Mgmt | VPC CIDR + Subnet CIDR | VPC CIDR + Subnet CIDR | VPC CIDR + vSwitch CIDR | | Route Tables | Subnet-level | Subnet-level | vSwitch-level | | Default VPC | Can create default VPC | Auto-created default VPC | Can create default VPC | | IPv6 Support | Full | Full | Full |

Key Architecture Differences

AWS VPC follows the classic regional model: one VPC per region, subnets bound to availability zones. Cross-region communication requires VPC Peering or Transit Gateway. The advantage is strong isolation; the trade-off is more complex cross-region networking.

GCP VPC adopts a global model: one VPC can span all regions, with region-level subnets. Cross-region communication happens natively within the VPC, eliminating the need for Peering and greatly simplifying global deployments.

Alibaba Cloud VPC resembles the AWS regional model but replaces subnets with "vSwitches" bound to availability zones. This design maps more closely to the thinking patterns of traditional network engineers.

Security Policy Comparison

| Security Dimension | AWS | GCP | Alibaba Cloud | |-------------------|-----|-----|---------------| | Network ACLs | Subnet-level stateless ACLs | None (relies on firewall rules) | Subnet-level stateless ACLs | | Security Groups | Instance-level stateful | None (replaced by firewall rules) | Instance-level stateful security groups | | Firewalls | Security Groups + NACLs | VPC firewall rules (hierarchical) | Security Groups + NACLs + Cloud Firewall | | Rule Direction | Inbound + outbound configured separately | Inbound + outbound configured separately | Inbound + outbound configured separately | | Reference Style | Security groups can reference each other | Network tags | Security groups can reference each other |

The AWS and Alibaba Cloud dual-layer model (security groups + ACLs) provides finer granularity for precise security control. GCP's hierarchical firewall rules (from VPC down to subnet and instance) offer more flexibility but also make rule conflicts easier to introduce.

Cross-Network Connectivity Comparison

| Connectivity | AWS | GCP | Alibaba Cloud | |-------------|-----|-----|---------------| | VPC Peering | Supported (non-transitive) | Supported (non-transitive) | Supported (non-transitive) | | Centralized Routing | Transit Gateway | Network Connectivity Center | Cloud Enterprise Network (CEN) | | Hybrid Cloud | Direct Connect | Cloud Interconnect | Physical Express Connect | | VPN | Site-to-Site VPN | Cloud VPN | IPsec VPN | | Private Service Access | VPC Endpoint | Private Google Access | PrivateLink |

Transit Gateway is the core of AWS cross-region networking, supporting centralized routing and transit peering with clear architecture. Alibaba Cloud's CEN provides similar functionality with better bandwidth quality for intra-China connectivity. GCP's global VPC naturally reduces the need for Peering, but VPC Peering is still needed for inter-organization connectivity.

Performance and Limits

| Metric | AWS | GCP | Alibaba Cloud | |--------|-----|-----|---------------| | Subnets per VPC | 200 (increasable) | 300 (increasable) | 1,000+ (via vSwitches) | | Security Group Rules per VPC | Mixed limits | 256 rules/direction | Mixed limits | | VPC Peering Bandwidth | Up to 100 Gbps | No hard limit | Up to cross-region cap | | ENIs per Instance | Instance-type dependent | Instance-type dependent | Instance-type dependent | | Flow Logs | VPC Flow Logs | VPC Flow Logs | Flow Logs |

Multi-Cloud Network Architecture in Practice

In real-world multi-cloud architectures, common patterns include:

• Asia-Pacific primary region: Alibaba Cloud VPC leveraging its China mainland network advantage
• Global expansion: AWS VPC + Transit Gateway connecting worldwide regions
• AI/Data Analytics: GCP global VPC simplifying private access to BigQuery and other services

Cross-cloud interconnection is typically achieved through physical dedicated connections (Direct Connect / Cloud Interconnect / Express Connect), ensuring low latency and high bandwidth for hybrid cloud scenarios.

Selection Guide

| Scenario | Recommendation | |----------|--------------| | Global unified network | GCP VPC (global model) | | Strict regional isolation compliance | AWS or Alibaba Cloud VPC | | China mainland network quality priority | Alibaba Cloud VPC | | Largest ecosystem and tool support | AWS VPC | | Traditional networking team | Alibaba Cloud VPC (vSwitch model) | | Multi-cloud SD-WAN | All three work, paired with Transit/CEN |

Optimize Cloud Networking Costs with Duoyun Cloud

Cloud networking expenses (bandwidth, Peering, dedicated lines) represent a non-trivial portion of overall cloud spend. By purchasing through Duoyun Cloud (duoyun.io), you can access:

• Up to 30% off Alibaba Cloud dedicated line bandwidth, reducing hybrid cloud interconnection costs
• Exclusive AWS Transit Gateway and data transfer discounts, optimizing global networking spend
• GCP network egress discounts, reducing cross-region data transfer fees
• Multi-cloud network architecture consulting, with expert teams designing your optimal cross-cloud connectivity solution

Visit duoyun.io today and build an efficient, cost-effective cloud network architecture!