All Products
Search

This Product

    :Unable to release vSwitches in a VPC

    Document Center

    :Unable to release vSwitches in a VPC

    Last Updated:Jul 19, 2023

    Issue

    When you delete a virtual private cloud (VPC), you may fail to release the vSwitches in the VPC console or by calling the DeleteVSwitch API operation because resources exist in the vSwitches or the CIDR blocks of the vSwitches are occupied.

    Possible causes

    This issue may be caused by the following reasons:

    • Basic cloud resources such as Elastic Compute Service (ECS) instances and ApsaraDB RDS instances are deployed in the vSwitches.

    • Cloud networking resources such as Classic Load Balancer (CLB) instances or custom elastic network interfaces (ENIs) are deployed in the vSwitches.

    • The Source Network Address Translation (SNAT) entries created on the NAT gateway are not deleted.

    • VPN gateways are deployed in the vSwitches.

    • One or more high-availability virtual IP addresses (HAVIPs) are created in the vSwitches.

    • A custom route table in the vSwitches is associated with an access control list (ACL).

    Solutions

    Release all basic cloud resources and cloud networking resources in the vSwitches

    To release cloud resources, perform the following steps:

    1. Log on to the VPC console.

    2. In the left-side navigation pane, click vSwitch.

    3. Select the region in which the cloud resource that you want to release is deployed.

    4. On the vSwitch page, click the ID of the vSwitch.

    5. On the Resource tab, check whether ECS instances, ApsaraDB RDS instances, or CLB instances are in the vSwitch. If yes, click the number on the right of the resource to go to the console and release or disassociate the resource.

    Disassociate all ENIs from the vSwitches

    1. Log on to the ECS console.

    2. In the left-side navigation pane, choose Network & Security > ENIs.

    3. In the top navigation bar, select the region in which the cloud resource that you want to release is deployed.

    4. On the ENIs page, select vSwitch ID in the drop-down list. Check whether ENIs are in the vSwitch. If yes, disassociate the ENIs from the vSwitch and release the vSwitch.

    5. You can release a vSwitch only after all resources in the vSwitch are released or disassociated from the vSwitch. For more information, see Delete a vSwitch.

    Delete all SNAT entries and release all VPN gateways

    To delete SNAT entries, perform the following steps:

    1. Log on to the VPC console.

    2. Delete SNAT entries from Internet NAT gateways.

      1. In the left-side navigation pane, choose NAT Gateway > Internet NAT Gateway.

      2. In the top navigation bar, select the region in which the Internet NAT gateway is deployed.

      3. On the Internet NAT Gateway page, use the vSwitch ID to search for the Internet NAT gateway and click its ID.

      4. On the NAT gateway details page, click the SNAT Management tab.

      5. In the Used in SNAT Entry section, find the SNAT entry that you want to delete and click Delete in the Actions column.

    3. Delete SNAT entries from VPC NAT gateways.

      1. In the left-side navigation pane, choose NAT Gateway > VPC NAT Gateway.

      2. In the top navigation bar, select the region in which the VPC NAT gateway is deployed.

      3. On the VPC NAT Gateway page, click the ID of the VPC NAT gateway that you want to manage.

      4. On the NAT gateway details page, click the SNAT Management tab.

      5. In the Used in SNAT Entry section, find the SNAT entry that you want to delete and click Delete in the Actions column.

    To release a VPN gateway, perform the following steps:

    1. Log on to the VPN Gateway console.

    2. In the top navigation bar, select the region in which the VPN gateway is deployed.

    3. On the VPN Gateways page, check whether VPC gateways exist in the vSwitch.

      Note

      You cannot delete VPN gateways. They are automatically released upon expiration.

    Delete all HAVIPs

    Note

    Before you delete an HAVIP, make sure that the following requirements are met:

    • The HAVIP is not associated with an ECS instance. If the HAVIP is associated with an ECS instance, disassociate the HAVIP from the ECS instance first. For more information, see Disassociate an HAVIP from an ECS instance.

    • The HAVIP is not associated with an elastic IP address (EIP). If the HAVIP is associated with an EIP, you must disassociate the HAVIP from the EIP first. For more information, see Disassociate HAVIPs from EIPs.

    • The HAVIP is not associated with an ENI. If the HAVIP is associated with the ENI, you must disassociate the HAVIP from the ENI first. For more information, see Disassociate an HAVIP from an ENI.

    1. Log on to the VPC console.

    2. In the left-side navigation pane, click HaVip.

    3. In the top navigation bar, select the region to which the HAVIP belongs.

    4. On the HaVip page, find the HAVIP and click Delete in the Actions column.

    5. In the message that appears, click OK.

    Delete custom route tables and ACLs

    Applicable scope

    • VPC