Difference between VPC and VPN

05-Jan-2021

Introduction

Devs tend to mix up VPC and VPN a lot or they just assume they are both somehow related. I want to ELI5 the difference between the two.

Background

Before we get into the difference, I want to talk about our local network. The one at home. The one at the office. One where all the devices are connected securely behind a router. It is a safe place. Outsiders can’t connect to these devices directly but the devices on the network can. If you have a server running on your raspberry pi, which has an IP of 192.168.3.4 on port 8080 then you should be able to go to 192.168.3.4:8080 on your laptop or your phone, that is on the same network, and access that server. Having devices on a local network behind a router makes this simple and easy.

VPN: Virtual Private Network

But now if you were to try to connect to that raspberry pi from the office or an external network such as when you are on mobile data - you can’t. One option is to setup port forwarding on your router to allow traffic on that port into your local network and then access the router’s public IP but what if you have a bunch of stuff? Don’t want to add new configs each time. It also allows anyone to access it if they have your router’s public ip and the destination port and can be a bit insecure.

This is where a VPN comes in. It is an application that runs on your local network acting as a gate - only allowing trusted connections to come in. The best part is that once connected your client can now behave as it is part of that local network even though you are on an external network. So from the external network you connect to your VPN, which is publicly exposed, and once authenticated you can access all the resources on your local network using their private IPs.

You might have seen VPN ads around privacy or unblocking websites that are blocked on your local network - because once connected to a VPN you are now part of that other network with access to all the things that network has access to.

Takeaway: VPN is just a normal application running on a network. It allows clients connected to external networks to act like they are connected to this local network and access its resources securely.

VPC: Virtual Private Cloud

A VPC is something that you create on your cloud servers. Lets say you spin up three servers on digital ocean - a webserver, a cache, and a database. All three servers will be assigned a public IP i.e. an IP that can be accessed by anyone over the internet.

Wouldn’t it be great if we could do something that would make those servers act like our local network - machines behind a router that can communicate with each other over the local network and can’t be hit directly from the internet.

That is where a VPC comes in. A VPC allows you to create a ‘local network’ of machines that are provisioned in the cloud. They will be assigned private IPs and can communicate with each other using these private IPs. Best part is - communicating over private IP does not eat in to your bandwidth quota, which is expensive in the cloud.

The VPC can be created via terraform or in your cloud provider’s UI where it will ask you to define an IP range and then create a software defined private network for your machines. You can then create a load balancer to act as the router and make sure the webserver, cache, and database are only listening on their private IPs.

Congratulations, you have created something similar to your home local network in the cloud. The load balancer acts as the router and the other machines act as machines behind them. They can talk to each other over their private IPs similar to how you can access your raspberry pi from your laptop at home and can’t be accessed from the public internet.

Takeaway: VPC allows you to create a local network, like the on in your home, of machines in the cloud.

Conclusion

You can even have a VPN that allows you to connect to your cloud’s VPC. This is how devs can connect to their production databases when working from home. The VPN allows their machine to behave like it is part of the cloud’s local network i.e. the VPC.