Virtual Private Clouds (VPCs)

A Virtual Private Cloud (VPC) provides an isolated network environment for your virtual machines and other resources within a project. The VPC creates a private network space where your VMs can communicate securely with each other, even across different availability zones.

How VPCs work in evroc

When you create a project in evroc, a default VPC is automatically created for you. This VPC spans all availability zones in the region and includes the essential networking components needed to run VMs: subnets (one per zone) and default security groups.

Each VPC provides:

  • Network isolation - Resources in different VPCs can't communicate with each other
  • Private IP address space - Internal IP addresses for VM-to-VM communication
  • Cross-zone connectivity - VMs in different zones can communicate over the VPC's private network
  • Internet connectivity - VMs can make outbound connections to the internet, and inbound connections are possible with a Public IP

Regional scope

VPCs are regional resources—they span all availability zones in a region. This means:

  • A single VPC serves your entire project
  • VMs in zone se-sto-a can communicate with VMs in zone se-sto-b or se-sto-c over the private network
  • Cross-zone traffic is subject to security group rules, just like traffic within a single zone

MTU

The maximum transmission unit (MTU) within a VPC is 8900 bytes. This means VM-to-VM traffic within the VPC can use larger frames for better throughput.

Egress traffic leaving the VPC is limited to a 1500-byte MTU. TCP connections are MSS-clamped to ensure packets are correctly sized for external networks without requiring manual configuration.

Limitations

Each project can have exactly one VPC. This VPC is created automatically when the project is created and can't be deleted separately from the project.

Next steps