You can use an IP address pool to allocate IP addresses to elastic IP addresses (EIPs). You can create an IP address pool and specify a CIDR block for the IP address pool. When you create EIPs, you can allocate IP addresses from the IP address pool to the EIPs.
Limits
The IP address pool feature is available only to users who have obtained the required privilege. You can apply for the privilege to use the IP address pool feature on the Quota Center page. For more information, see Request a quota increase.
You can add only IPv4 CIDR blocks to an IP address pool.
By default, you can create at most two IP address pools in each region. Each address pool can contain at most 256 IP addresses.
Only BGP (Multi-ISP) lines support IP address pools of the Anti-DDoS Pro/Premium type.
When you specify an IP address pool to create EIPs:
The EIPs must use the pay-as-you-go billing method.
The IP address pool and the EIPs must belong to the same region and use the same line type.
When you create EIPs protected by Anti-DDoS Pro/Premium, you must specify an IP address pool of the Anti-DDoS Pro/Premium type.
If your Alibaba Cloud account has overdue payments, you can only delete IP address pools.
Billing
IP address pools are free of charge before May 31, 2024.
Create an IP address pool and add CIDR blocks
Before you use an IP address pool, you must create an IP address pool and add CIDR blocks to the IP address pool. You can add CIDR blocks when you create an IP address pool. You can also add CIDR blocks based on your business requirements after you create an IP address pool.
Log on to the IP Address Pool console.
If you do not have the permissions to create an IP address pool, click Request Permissions and complete your application for the privilege to use the IP address pool feature on the Privileges page.
For more information, see Adjust quotas.
In the top navigation bar, select the region in which you want to create an IP address pool.
On the IP Address Pool page, click Create IP Address Pool.
On the Create IP Address Pool page, use one of the following methods to create an IP address pool and add a CIDR block:
Add a CIDR block when you create an IP address pool
Specify the following parameters and click Submit.
Parameter
Description
IP Address Pool Name
Enter a name for the IP address pool.
Line Type
Select a line type for the IP address pool.
BGP (Multi-ISP): provides premium BGP lines across the world. BGP lines from different ISPs are used at the same time and the optimal BGP line is automatically selected to ensure network stability. Supported ISPs are China Telecom, China Unicom, China Mobile, China Mobile Tietong, China Netcom, CERNET, NRTA, Dr. Peng Group, and Founder Broadband.
BGP (Multi-ISP) Pro: BGP (Multi-ISP) Pro improves the efficiency of data transmission from regions outside the Chinese mainland to the Chinese mainland. Compared with BGP (Multi-ISP), BGP (Multi-ISP) Pro establishes cross-border connections by using Chinese mainland ISP services to provide services to users in the Chinese mainland, excluding data centers. This reduces network latency.
NoteOnly the following regions support BGP (Multi-ISP) Pro: China (Hong Kong), Japan (Tokyo), Singapore, Malaysia (Kuala Lumpur), Philippines (Manila), Indonesia (Jakarta), and Thailand (Bangkok).
Security Protection
Select a protection type based on your business requirements.
Default: Default EIPs from the Default IP address pool can mitigate DDoS attacks at 5 Gbit/s or lower. For more information, see What is Anti-DDoS Origin?
Anti-DDoS Pro/Premium: EIPs allocated from IP address pools of the Anti-DDoS Pro/Premium type can mitigate DDoS attacks at the Tbit/s level.
You can select Anti-DDoS Pro/Premium only if Line Type is set to BGP (Multi-ISP).
NoteOnly the following regions support IP address pools of the Anti-DDoS Pro/Premium type: US (Virginia), US (Silicon Valley), and Germany (Frankfurt).
Destination CIDR Block/Mask
Select the method in which IP addresses are allocated.
If you select Destination CIDR Block, you need to enter a CIDR block.
You can add only an IPv4 CIDR block. The CIDR block cannot start with 0 and the subnet mask must be 23 to 30 bits in length.
NoteIf you select Destination CIDR Block, you can contact your account manager to request a specific CIDR block. You can also use an on-premises CIDR block. Make sure that the on-premises CIDR block is migrated to the cloud before you use it. For more information, see Bring your public IP address range to Alibaba Cloud.
Select Mask and select a mask from the drop-down list.
If you select Mask, the system can automatically create a CIDR block. The subnet mask must be 24 to 28 bits in length.
Resource Group
Select the resource group to which the IP address pool belongs.
The resource group must be created by the current Alibaba Cloud account in Resource Management. For more information, see Create a resource group.
Tag
Add a tag to the IP address pool.
Specify Tag Key and Tag Value.
Description
Enter a description for the IP address pool.
In the message that appears, check the status of the IP address pool and click Disable.
Add a CIDR bock after you create an IP address pool
Specify the following parameters and click Submit.
Parameter
Description
IP Address Pool Name
Enter a name for the IP address pool.
Line Type
Select a line type for the IP address pool.
BGP (Multi-ISP): provides premium BGP lines across the world. BGP lines from different ISPs are used at the same time and the optimal BGP line is automatically selected to ensure network stability. Supported ISPs are China Telecom, China Unicom, China Mobile, China Mobile Tietong, China Netcom, CERNET, NRTA, Dr. Peng Group, and Founder Broadband.
BGP (Multi-ISP) Pro: BGP (Multi-ISP) Pro improves the efficiency of data transmission from regions outside the Chinese mainland to the Chinese mainland. Compared with BGP (Multi-ISP), BGP (Multi-ISP) Pro establishes cross-border connections by using Chinese mainland ISP services to provide services to users in the Chinese mainland, excluding data centers. This reduces network latency.
NoteOnly the following regions support BGP (Multi-ISP) Pro: China (Hong Kong), Japan (Tokyo), Singapore, Malaysia (Kuala Lumpur), Philippines (Manila), Indonesia (Jakarta), and Thailand (Bangkok).
Security Protection
Select a protection type based on your business requirements.
Default: Default EIPs from the Default IP address pool can mitigate DDoS attacks at 5 Gbit/s or lower. For more information, see What is Anti-DDoS Origin?
Anti-DDoS Pro/Premium: EIPs allocated from IP address pools of the Anti-DDoS Pro/Premium type can mitigate DDoS attacks at the Tbit/s level.
You can select Anti-DDoS Pro/Premium only if Line Type is set to BGP (Multi-ISP).
NoteOnly the following regions support IP address pools of the Anti-DDoS Pro/Premium type: US (Virginia), US (Silicon Valley), and Germany (Frankfurt).
Resource Group
Select the resource group to which the IP address pool belongs.
The resource group must be created by the current Alibaba Cloud account in Resource Management. For more information, see Create a resource group.
Tag
Add a tag to the IP address pool.
Specify Tag Key and Tag Value.
Description
Enter a description for the IP address pool.
In the message that appears, check the status of the IP address pool and click Disable.
On the IP Address Pool page, find the IP address pool to which you want to add a CIDR block and click Add CIDR Block in the Actions column.
On the CIDR Blocks tab, click Add CIDR Block.
In the Add CIDR Block dialog box, select a type and click OK.
If you select Destination CIDR Block, you need to enter a CIDR block.
Select Mask and select a mask from the drop-down list.
Specify an IP address pool for an EIP
When you create a pay-as-you-go EIP, you can specify an IP address pool for the EIP. The system assigns an IP address from a CIDR block in the IP address pool to the EIP.
- Log on to the Elastic IP Address console .
On the Elastic IP Addresses page, click Create EIP.
On the Elastic IP page, configure the following parameters, click Buy Now, and then complete the payment.
This topic describes only the key parameters. For more information, see Apply for an EIP.
Parameter
Description
Billing Method
Only pay-as-you-go EIPs support the IP address pool feature. In this example, Pay-As-You-Go is selected.
Region
The region in which you want to create the EIP.
You can associate the EIP with a cloud resource such as an ECS instance, a NAT gateway, a CLB instance, an HAVIP, or a secondary ENI. Make sure that the EIP and the cloud resource are deployed in the same region.
Line Type
The line type of the EIP.
BGP (Multi-ISP): provides premium BGP lines across the world. BGP lines from different ISPs are used at the same time and the optimal BGP line is automatically selected to ensure network stability. Supported ISPs are China Telecom, China Unicom, China Mobile, China Mobile Tietong, China Netcom, CERNET, NRTA, Dr. Peng Group, and Founder Broadband.
BGP (Multi-ISP) Pro: BGP (Multi-ISP) Pro improves the efficiency of data transmission from regions outside the Chinese mainland to the Chinese mainland. Compared with BGP (Multi-ISP), BGP (Multi-ISP) Pro establishes cross-border connections by using Chinese mainland ISP services to provide services to users in the Chinese mainland, excluding data centers. This reduces network latency.
NoteOnly the following regions support BGP (Multi-ISP) Pro: China (Hong Kong), Japan (Tokyo), Singapore, Malaysia (Kuala Lumpur), Philippines (Manila), Indonesia (Jakarta), and Thailand (Bangkok).
Make sure that the line type of the EIP is the same as the line type of the IP address pool that you want to select.
Security Protection
Select an edition of Anti-DDoS based on your business requirements.
Default: specifies Anti-DDoS Origin Basic, which can mitigate DDoS attacks at 5 Gbit/s or lower. For more information, see What is Anti-DDoS Origin?
Anti-DDoS Pro/Premium: specifies Anti-DDoS Pro/Premium, which can mitigate DDoS attacks at the Tbit/s level.
ImportantIf you use Anti-DDoS Pro/Premium to protect your EIPs, take note of the following items:
The first time you use Anti-DDoS Pro/Premium for your EIPs, click Anti-DDoS Origin (pay-as-you-go) to activate Anti-DDoS Pro/Premium on a pay-as-you-go basis.
If you use Anti-DDoS Pro/Premium to protect your EIPs, you are charged a security protection fee by Anti-DDoS. For more information, see Anti-DDoS Origin 2.0 (Pay-as-you-go).
IP Address pool
Select an IP address pool based on your business requirements.
By default, Default is selected. The system assigns an IP address from the public IP address pool of Alibaba Cloud.
You can select another IP address pool from the drop-down list. The system assigns an IP address from the selected IP address pool.
Make sure that the EIPs and the IP address pool use the same security protection type.
More operations
Operation | Description |
Modify an IP address pool |
|
Delete an IP address pool | Before you delete an IP address pool, make sure that the IP addresses in the CIDR blocks that are added to the IP address pool are not assigned to EIPs.
|
Delete a CIDR block from an IP address pool | Before you delete a CIDR block, make sure that the IP addresses in the CIDR block are not assigned to EIPs.
|
References
Share an IP address pool: The owner Alibaba Cloud account of an IP address pool can share the IP address pool with other Alibaba Cloud accounts. Then, the Alibaba Cloud accounts can assign IP addresses from the IP address pool to EIPs.
Best practices for using EIPs protected by Anti-DDoS Pro/Premium: Specify an IP address pool of the Anti-DDoS Pro/Premium type to create EIPs protected by Anti-DDoS Pro/Premium.
CreatePublicIpAddressPool: creates an IP address pool.
UpdatePublicIpAddressPoolAttribute: modifies the attributes of an IP address pool.
ListPublicIpAddressPools: queries available IP address pools.
DeletePublicIpAddressPool: deletes an IP address pool.
AddPublicIpAddressPoolCidrBlock: adds a CIDR block to an IP address pool.
ListPublicIpAddressPoolCidrBlocks: queries CIDR blocks in an IP address pool.
DeletePublicIpAddressPoolCidrBlock: deletes a CIDR block from an IP address pool.