Docs
IaaS
Networking
VPCs

Virtual Private Clouds (VPCs) in Thalassa Cloud

A Virtual Private Cloud (VPC) is an isolated, software-defined network environment that allows users to deploy and manage cloud resources securely. In Thalassa Cloud, VPCs provide private networking, subnet management, routing, and firewalling, ensuring network segmentation and security for workloads.

VPCs enable users to:

  • Segment workloads across different network spaces for better security and isolation.
  • Define custom IP ranges using CIDR blocks.
  • Manage subnets within a region and availability zone.
  • Control traffic flow with customizable routing and security rules.

This guide explains VPC concepts, capabilities, and API interactions in Thalassa Cloud.

VPC Capabilities

Network Isolation

Each VPC is a logically isolated network, meaning resources deployed within it cannot communicate with external networks unless explicitly allowed. This is useful for multi-tier applications, security zoning, and regulatory compliance. VPCs are tied to a specific region.

Custom IP Addressing

Users define CIDR ranges for a VPC, controlling the private IP address space.

Subnet Management

A VPC can contain multiple subnets. Subnets allow further segmentation of workloads and define where virtual machines (VMs) and other resources are deployed. Subnets are available across all AZs within a region (stretched networking). In Thalassa Cloud, subnets are designed to span all Availability Zones (AZs) within a region, enabling high availability and fault tolerance through stretched networking.

Routing and Internet Connectivity

VPCs can be configured with custom route tables, allowing traffic to flow between subnets, other VPCs, or external networks. Default and custom NAT Gateways or Load Balancers can be used to route outbound and inbound traffic.

Security and Access Control

Network security is enforced through firewall rules, access control lists (ACLs), and security groups to control inbound and outbound traffic at the subnet or instance level.

Routing and Connectivity

Subnets within the same VPC can communicate by default unless restricted by firewall rules or security groups. Custom route tables can be applied for inter-VPC communication or external access.

DNS

Each VPC includes a dedicated DNS forwarding server, which can be accessed at the IP address 172.21.8.123 on port 53, supporting both TCP and UDP protocols. This setup provides efficient DNS resolution with built-in load balancing, which randomizes the order of IP addresses returned for DNS queries, such as A records. The DNS server caches responses based on their Time-To-Live (TTL) settings, optimizing performance and reducing latency. The DNS IP is reachable from the

Please take care when crafting firewall rules, to also allow access to the DNS endpoint within a VPC.

Subnets