All Products
Search
Document Center

Virtual Private Cloud:Create a VPC with an IPv6 CIDR block

Last Updated:Feb 23, 2024

To enable private IPv6 communication among Elastic Compute Service (ECS) instances in a virtual private cloud (VPC), you can create ECS instances with IPv6 addresses in the VPC. Make sure that IPv6 is enabled for the VPC.

Regions that support IPv6 gateways

Area

Region

China

China (Qingdao), China (Beijing), China (Zhangjiakou), China (Hohhot), China (Ulanqab), China (Hangzhou), China (Shanghai), China (Fuzhou - Local Region), China (Shenzhen), China (Heyuan), China (Guangzhou), China (Chengdu), and China (Hong Kong)

Asia Pacific

Philippines (Manila), Singapore, Japan (Tokyo), South Korea (Seoul), and Indonesia (Jakarta)

Europe and Americas

US (Virginia) and Germany (Frankfurt)

Middle East

SAU (Riyadh)

Scenarios

The following scenario is used as an example. You want to enable IPv6 communication among ECS instances in Hangzhou Zone H.

You can create a VPC with an IPv6 CIDR block in China (Hangzhou) and create two ECS instances (ECS01 and ECS02) with IPv6 addresses. This way, ECS01 and ECS02 can communicate with each other through IPv6 addresses.

liuchengtu

Prerequisites

Before you use cloud resources in a VPC, you must plan your networks. For more information, see Plan networks.

Procedure

image

The following section describes the general procedure.

  1. Create a VPC with an IPv6 CIDR block and create a vSwitch

    Before you assign an IPv6 address to an ECS instance, you must create a VPC with an IPv6 CIDR block and create a vSwitch.

  2. Create and configure an ECS instance

    You need to assign an IPv6 address to the ECS instance.

  3. Configure security group rules

    You can add security group rules to allow or deny ECS instances to access IPv6 addresses.

  4. Test the network connectivity

    You can log on to one of the ECS instances to test whether the ECS instances can communicate with each other through IPv6 addresses.

  5. (Optional) Delete the IPv6 gateway

Procedure

Resource Orchestration Service (ROS) console

  1. Click Create Stack to go to the Resource Orchestration Service (ROS) console. You are automatically redirected to the Create Stack page.

  2. Set the parameters based on the instructions and click Create.

    On the Stacks page, if the status of the stack changes from Creating to Created, the VPC with IPv6 CIDR blocks is created.

    Click the Output tab to view the created VPC, vSwitch, and ECS instances.

VPC console (manual creation)

Step 1: Create a VPC with an IPv6 CIDR block and create a vSwitch

  1. Log on to the VPC console.

  2. In the top navigation bar, select the region where you want to create the VPC. In this example, China (Hangzhou) is selected.

  3. On the VPC page, click Create VPC.

  4. On the Create VPC page, set the following parameters and click OK.

    Note

    In this example, Assign (Alibaba Cloud) is selected for the IPv6 CIDR Block parameter. After the VPC is created, the system automatically assigns a /56 IPv6 CIDR block to the VPC and creates an IPv6 gateway. You can use the IPv6 gateway to control IPv6 traffic. For more information, see What is an IPv6 gateway?

    Parameter

    Description

    VPC

    Region

    The region where you want to create the VPC is displayed. In this example, China (Hangzhou) is displayed.

    Name

    Enter a name for the VPC.

    IPv4 CIDR Block

    Enter a primary IPv4 CIDR block for the VPC. In this example, 192.168.0.0/16 is used.

    Note

    After you create the VPC, you cannot change its primary IPv4 CIDR block. However, you can add a secondary IPv4 CIDR block for the VPC. For more information, see the Add a secondary CIDR block section of the Create and manage a VPC topic.

    IPv6 CIDR Block

    Specify whether to assign an IPv6 CIDR block to the VPC. In this example, Assign (Alibaba Cloud) is selected.

    If you select Assign (Alibaba Cloud), the system automatically assigns a /56 IPv6 CIDR block, for example, 2xx1:db8::/56, to the VPC and creates an IPv6 gateway. By default, IPv6 addresses are used only for communication within private networks.

    Note

    After you create the VPC, you cannot change the IPv6 CIDR block.

    Description

    Enter a description for the VPC.

    Resource Group

    Select the resource group to which the VPC belongs.

    Tag Key

    Select or enter a tag key. You can use tags to group VPCs.

    Tag Value

    Select or enter a tag value.

    vSwitch

    Name

    Enter a name for the vSwitch.

    Zone

    Select a zone for the vSwitch from the drop-down list. In this example, Hangzhou Zone H is selected.

    IPv4 CIDR Block

    Enter an IPv4 CIDR block for the vSwitch. In this example, 192.168.24.0/24 is entered.

    When you specify an IPv4 CIDR block for the vSwitch, take note of the following limits:

    • The CIDR block of a vSwitch must be a subset of the CIDR block of the VPC to which the vSwitch belongs.

      For example, if the CIDR block of a VPC is 192.168.0.0/16, the CIDR block of a vSwitch in the VPC can range from 192.168.0.0/17 to 192.168.0.0/29.

    • The first IP address and the last three IP addresses of a vSwitch CIDR block are reserved.

      For example, if a vSwitch CIDR block is 192.168.1.0/24, the IP addresses 192.168.1.0, 192.168.1.253, 192.168.1.254, and 192.168.1.255 are reserved.

    • If a vSwitch is required to communicate with vSwitches in other VPCs or with data centers, make sure that the CIDR block of the vSwitch does not overlap with the destination CIDR blocks.

    Note

    After you create the vSwitch, you cannot change its CIDR block.

    IPv6 CIDR Block

    Enter an IPv6 CIDR block for the vSwitch.

    By default, the subnet mask of the IPv6 CIDR block for the vSwitch is /64. You can enter a decimal number from 0 to 255 to define the last 8 bits of the IPv6 CIDR block.

  5. (Optional): If you need to add more vSwitches for the VPC, click Add below the vSwitch list and set the parameters.

    You can add at most 10 vSwitches in each VPC.

  6. Click OK.

Step 2: Create ECS instances

After you create a VPC and a vSwitch with IPv6 CIDR blocks, create ECS instances with IPv6 IP addresses. In this example, the ECS instances are named ECS01 and ECS02. After you create the ECS instances, assign IPv6 IP addresses to the ECS instances.

  1. Log on to the VPC console.

  2. In the left-side navigation pane, click vSwitch.

  3. Select the region where the vSwitch resides. In this example, China (Hangzhou) is selected.

  4. On the vSwitch page, find the vSwitch that you want to manage, and choose Add Cloud Service > ECS Instance in the Actions column.

  5. On the Custom Launch tab of the ECS instance buy page, set the parameters and complete the payment. For more information, see Create an instance by using the wizard.

    Set the Quantity and IPv6 parameters based on the following information:

    • Quantity: Specify 2 Units.

    • IPv6: Select Assign IPv6 Address Free of Charge.

  6. Go to the Instances page of the ECS console, click the instance IDs to view the assigned IPv6 addresses, and change the instance names to ECS01 and ECS02.

  7. Configure the IPv6 addresses of ECS01 and ECS02.

Step 3: Configure security group rules

If the security group rules cannot meet your business requirements, you need to configure IPv6 security group rules for ECS01 and ECS02.

  • An inbound rule that allows Internet Control Message Protocol (ICMP) version 6 (ICMPv6) traffic to support operations such as running the ping6 command on ECS instances.

  • An inbound rule that allows traffic on SSH port 22 and Remote Desktop Protocol (RDP) port 3389 to access ECS instances, and that allows traffic on HTTP port 80 and HTTPS port 443 to access the web services provided by ECS instances.

  1. Log on to the ECS console.

  2. In the left-side navigation pane, choose Network & Security > Security Groups.

  3. In the top navigation bar, select a region from the drop-down list.

  4. Find the security group and click Add Rules in the Actions column.

  5. Configure security group rules.

    Enter the IPv6 CIDR block that you want to authorize in the Authorization Object field. For example, enter ::/0 to authorize all IPv6 addresses.

    For more information about the configurations and common use cases of security group rules, see Add a security group rule and Security groups for different use cases.

Test the network connectivity

After you complete the preceding operations, ECS01 and ECS02 in the VPC can communicate with each other through IPv6 addresses. You can perform the following operations to test the network connectivity between ECS01 and ECS02, and between ECS01 and IPv6 Internet.

Note

In this example, ECS01 and ECS02 run the Alibaba Cloud Linux operating system. For more information about how to use the ping6 command in other operating systems, see the manual of the operating system that you use.

Test whether ECS01 and ECS02 can communicate with each other by using IPv6 addresses.

  1. Log on to ECS01 and ECS02. For more information, see Connection method overview.

  2. Run the ping6 command on ECS01 to send ICMP version 6 (ICMPv6) echo request packets to the IPv6 address of ECS02.

    If ECS01 can receive ICMPv6 echo reply packets, the connection is established. The test result shows that ECS01 can access ECS02 by using the IPv6 address.pingecs02

  3. Run the ping6 command on ECS02 to send ICMPv6 echo request packets to the IPv6 address of ECS01.

    If ECS02 can receive ICMPv6 echo reply packets, the connection is established. The test result shows that ECS02 can access ECS01 by using the IPv6 address.pingecs01

What to do next: Delete the IPv6 gateway

If you no longer need a VPC with an IPv6 CIDR block, you can delete the IPv6 gateway.

  1. Log on to the VPC console.

  2. In the left-side navigation pane, choose Access to Internet > IPv6 Gateway.

  3. In the top navigation bar, select the region where the IPv6 gateway is deployed.
  4. On the IPv6 Gateway page, find the IPv6 gateway that you want to delete and click Delete in the Actions column.
  5. In the Delete IPv6 Gateway message, click OK.