Virtual Private Clouds (VPCs)

A Virtual Private Cloud (VPC) provides an isolated network environment for your virtual machines and other resources within a project. The VPC creates a private network space where your VMs can communicate securely with each other, even across different availability zones.

How VPCs work in evroc

When you create a project in evroc, a default VPC is automatically created for you. This VPC spans all availability zones in the region and includes the essential networking components needed to run VMs: subnets (one per zone) and default security groups.

You can also create additional VPCs to organize your network resources. Each project can have up to 5 VPCs.

Each VPC provides:

• Network isolation - Resources in different VPCs can't communicate with each other
• Private IP address space - Internal IP addresses for VM-to-VM communication
• Cross-zone connectivity - VMs in different zones can communicate over the VPC's private network
• Internet connectivity - VMs can make outbound connections to the internet, and inbound connections are possible with a Public IP

Stack types

Each VPC has a stack type that determines which IP protocols it supports:

• Dual-stack (default) - Supports both IPv4 and IPv6 addresses
• IPv6-only - Supports only IPv6 addresses

A dual-stack VPC receives an IPv4 CIDR block (default 10.0.0.0/16 or a custom block you specify from the RFC 1918 blocks 10.0.0.0/8, 172.16.0.0/12 and 192.168.0.0/16) and a /56 IPv6 CIDR block allocated automatically from the service's pool. An IPv6-only VPC has no IPv4 CIDR block.

The VPC's stack type constrains the stack types of subnets within it. A dual-stack VPC can contain dual-stack or IPv6-only subnets. An IPv6-only VPC can only contain IPv6-only subnets.

Regional scope

VPCs are regional resources—they span all availability zones in a region. This means:

• A single VPC serves your entire project
• VMs in zone se-sto-a can communicate with VMs in zone se-sto-b or se-sto-c over the private network
• Cross-zone traffic is subject to security group rules, just like traffic within a single zone

MTU

The maximum transmission unit (MTU) within a VPC is 8900 bytes. This means VM-to-VM traffic within the VPC can use larger frames for better throughput.

Egress traffic leaving the VPC is limited to a 1500-byte MTU. TCP connections are MSS-clamped to ensure packets are correctly sized for external networks without requiring manual configuration.

Limitations

Each project can have up to 5 VPCs. You can delete a VPC when it has no subnets in it.

Next steps

• Learn about Regions and zones and how VPCs span zones
• Learn about Subnets - the IP address ranges within your VPC
• Understand the Default Networking Setup - what gets created automatically
• Configure Security Groups to control traffic to and from your VMs
• Learn about IPv6 networking