From b87fcb7876038a87f6be4b25719d093745a0b601 Mon Sep 17 00:00:00 2001
From: Dorota Wojcik <dorota.wojcik@aiven.io>
Date: Wed, 27 Nov 2024 17:18:04 +0100
Subject: [PATCH] vpc description draft

---
 docs/platform/concepts/vpcs.md | 105 +++++++++++++++++++++++++++++++++
 sidebars.ts                    |   4 ++
 2 files changed, 109 insertions(+)
 create mode 100644 docs/platform/concepts/vpcs.md

diff --git a/docs/platform/concepts/vpcs.md b/docs/platform/concepts/vpcs.md
new file mode 100644
index 00000000..2a1a479e
--- /dev/null
+++ b/docs/platform/concepts/vpcs.md
@@ -0,0 +1,105 @@
+---
+title: Virtual private clouds (VPCs) and VPC peering in Aiven
+sidebar_label: VPCs overview
+---
+
+import Tabs from '@theme/Tabs';
+import TabItem from '@theme/TabItem';
+
+Virtual private clouds (VPCs) and VPC peering in Aiven provide enhanced security,
+flexibility, and control over resources, allow traffic and access management, and help
+reduce network latency.
+
+## VCP
+
+A VPC is a private network within a public cloud. It allows you to define and
+control a logically isolated section of a cloud provider’s network, where you can deploy
+and manage resources. A VPC provides a secure customizable network environment within the
+cloud.
+
+### VPC characteristics
+
+- Isolation: Each VPC operates independently from other VPCs, ensuring secure separation.
+- Customizable IP Range: You can define your own IP address range (CIDR block).
+- Subnets: Divide the VPC into smaller sub-networks (subnets) for organizing resources
+  based on availability zones or functional groups.
+- Network Control: Configure route tables, network gateways, and security settings.
+- Internet Connectivity: Control whether the VPC connects to the internet via Internet
+  Gateways or remains isolated.
+- Security: Strong control over network traffic and isolation.
+- Flexibility: Custom network architecture tailored to your application’s needs.
+- Scalability: Easily expand or modify the network as demand grows.
+
+### VPC components
+
+- Subnets: Smaller networks within the VPC. They can be public or private.
+- Route Tables: Define how network traffic is directed within the VPC.
+- Internet Gateway (IGW): Allows public traffic to access the internet.
+- NAT Gateway (Network Address Translation): Enables outbound internet access for private
+  subnets.
+- Security Groups: Firewall rules to control inbound and outbound traffic for resources.
+- Network Access Control Lists (NACLs): Additional layer of security at the subnet level.
+- Peering Connections: Connect VPCs together for intercommunication.
+
+### VPC use cases
+
+- Hosting Applications: Deploying scalable web and database applications.
+- Hybrid Cloud Architecture: Connecting on-premises networks to the cloud securely.
+- Data Isolation: Keeping sensitive data within a private network.
+- Multi-tier Architecture: Separating application layers (web, app, database) within
+- distinct subnets.
+
+## VPC types
+
+The Aiven Platform allows creating and using two types of VPCs, which differ in scope:
+[project-wide VPCs](/docs/platform/concepts/vpcs#project-vpcs) and
+[organization-wide VPCs](/docs/platform/concepts/vpcs#organization-vpcs).
+
+### Project VPCs
+
+### Organization VPCs
+
+## VCP peering
+
+VPC peering is a networking connection between two VPCs. It allows private and direct
+communication between the VPCs with no traffic routing over the public internet.
+
+### VPC peering characteristics
+
+- Private communication: Private IP addresses used to comminicate
+- High performance: Low latency thanks traffic remaining on the cloud provider's network
+- Security: Reduced exposure to public networks without using internet gateways, VPNs, or
+  NAT
+- Scalability: Connections supported across different accounts and regions, depending on a
+  cloud privider
+
+### VPC peering use cases
+
+- Multi-tier applications: Secure connnection between VPCs hosting different application
+  layers, such as web or database
+- Resource sharing: Secure sharing between VPCs hosting different resources,
+  for example, datasets or APIs
+- Data isolation: Access control by using separate VPCs for different projects or teams in
+  an organization
+
+## Learn more
+
+There are the following cloud-privider-specific articles you might want to read to have a
+full picture:
+
+- AWS
+  - [How Amazon VPC works](https://docs.aws.amazon.com/vpc/latest/userguide/how-it-works.html])
+  - [VPC peering process, lifecycle, and limitations](https://docs.aws.amazon.com/vpc/latest/peering/vpc-peering-basics.html)
+
+- Google Cloud
+  - [VPC networks](https://cloud.google.com/vpc/docs/vpc)
+  - [VPC Network Peering](https://cloud.google.com/vpc/docs/vpc-peering)
+
+- Azure
+  - [What is Azure Virtual Network?](https://learn.microsoft.com/en-us/azure/virtual-network/virtual-networks-overview)
+  - [Virtual network peering](https://learn.microsoft.com/en-us/azure/virtual-network/virtual-network-peering-overview)
+
+- UpCloud
+  - [How to configure SDN Private networks](https://upcloud.com/docs/guides/configure-sdn-private-networks/)
+  - [How to configure SDN Private networks using the UpCloud API](https://upcloud.com/docs/guides/configure-sdn-private-networks-upcloud-api/)
+  - [How to configure network peering](https://upcloud.com/docs/guides/configure-network-peering/)
diff --git a/sidebars.ts b/sidebars.ts
index 72d61508..d0114af8 100644
--- a/sidebars.ts
+++ b/sidebars.ts
@@ -251,6 +251,10 @@ const sidebars: SidebarsConfig = {
             {
               type: 'category',
               label: 'VPCs',
+              link: {
+                type:'doc',
+                id: 'platform/concepts/vpcs',
+              },
               items: [
                 'platform/howto/manage-vpc-peering',
                 'platform/howto/public-access-in-vpc',