A vSwitch is a basic network component that connects different cloud resources in a virtual private cloud (VPC). After you create a vSwitch, you can create resources in it and associate it with a custom route table or a network access control list (ACL). This topic describes how to work with vSwitches.

Operations

Create a vSwitch

After you create a VPC, you can create vSwitches to divide the VPC into one or more subnets. vSwitches within the same VPC can communicate with each other. Cloud resources must be deployed in vSwitches. You can deploy applications in vSwitches that belong to different zones to improve service availability. vSwitches do not support multicasting or broadcasting.

  1. Log on to the VPC console.
  2. In the left-side navigation pane, click vSwitch.
  3. Select the region of the VPC for which you want to create a vSwitch.
  4. On the vSwitch page, click Create vSwitch.
  5. On the Create vSwitch page, set the following parameters and click OK.
    Parameter Description
    Resource Group Select the resource group to which the vSwitch belongs.
    VPC Select the VPC to which the vSwitch belongs.
    IPv6 CIDR Block Type Select the type of IPv6 CIDR block for the VPC. If the VPC has the IPv6 feature enabled, you must select IPv6 CIDR Block Type.
    IPv4 CIDR Block Displays the IPv4 CIDR block of the VPC.

    If the VPC has a secondary IPv4 CIDR block, you can select the primary or secondary CIDR block for the vSwitch based on your business requirements.

    IPv6 CIDR Block Displays the IPv6 CIDR block of the VPC.
    Note
    • Only the China (Beijing), China (Zhangjiakou), China (Hohhot), China (Ulanqab), China (Hangzhou), China (Shanghai), China (Shenzhen), China (Heyuan), China (Guangzhou), China (Chengdu), China (Hong Kong), Singapore (Singapore), US (Virginia), and Germany (Frankfurt). regions support IPv6 CIDR blocks.
    • If IPv6 is disabled for the VPC, click Enable IPv6. After the IPv6 CIDR block is enabled, the system automatically creates an IPv6 gateway free of charge.
    Name Enter a name for the vSwitch.

    The name must be 2 to 128 characters in length, and can contain digits, underscores (_), and hyphens (-). It must start with a letter.

    Zone Select a zone for the vSwitch. In the same VPC, vSwitches in different zones can communicate with each other.
    IPv4 CIDR Block Specify an IPv4 CIDR block for the vSwitch. When you specify an IPv4 CIDR block, take note of the following limits:
    • The CIDR block of a vSwitch must be a proper subset of the CIDR block of the VPC to which the vSwitch belongs.

      For example, if the CIDR block of the VPC is 192.168.0.0/16, the CIDR block of the vSwitch can range from 192.168.0.0/17 to 192.168.0.0/29.

    • The first IP address and last three IP addresses of each vSwitch are reserved.

      For example, if the CIDR block of a vSwitch is 192.168.1.0/24, the IP addresses 192.168.1.0, 192.168.1.253, 192.168.1.254, and 192.168.1.255 are reserved.

    • If the vSwitch is required to communicate with vSwitches in other VPCs or with data centers, make sure that the CIDR block of the vSwitch does not overlap with the destination CIDR blocks.
    • The CIDR block of a vSwitch cannot be the same as or larger than the destination CIDR block of a route in the route table of the VPC to which the vSwitch belongs.

      For example, if a Cloud Enterprise Network (CEN) route (overlapping routing enabled) with a destination CIDR block of 172.16.0.0/24 is added to the route table of the VPC, the CIDR block of the vSwitch must fall within 172.16.0.0/24. However, you can create a vSwitch with 172.16.0.0/25 or a smaller CIDR block.

    • CIDR blocks of vSwitches in the same VPC cannot overlap with each other. If a CIDR block overlaps with another one, you must modify the CIDR block.
    Notice After you create a vSwitch, you cannot modify the CIDR block of the vSwitch.
    Number of Available Private IPs Displays the number of available IPv4 addresses of the vSwitch.
    IPv6 CIDR Block Enter an IPv6 CIDR block for the vSwitch.

    By default, the subnet mask for the IPv6 CIDR block of a vSwitch is /64. You can enter a number from 0 to 255 to define the last 8 bits of the IPv6 CIDR block.

    For example, if the IPv6 CIDR block of the VPC is 2xx1:db8::/64, specify 255 to define the last 8 bits of the IPv6 CIDR block. In this case, the IPv6 CIDR block of the vSwitch is 2xx1:db8:ff::/64. ff is the hexadecimal value of 255.

    Description Enter a description for the vSwitch.

    The description must be 2 to 256 characters in length, and cannot start with http:// or https://.

Modify the basic information about a vSwitch

After you create a vSwitch, you can modify its name and description.

  1. Log on to the VPC console.
  2. In the left-side navigation pane, click vSwitch.
  3. Select the region of the VPC that you want to manage.
  4. On the vSwitch page, find the vSwitch that you want to manage and click its ID.
  5. In the vSwitch Basic Information section, click Edit next to Name to modify the name of the vSwitch.
    The name must be 2 to 128 characters in length, and can contain letters, digits, underscores (_), and hyphens (-). The name must start with a letter.
  6. Click Edit next to Description to modify the description of the vSwitch.
    The description must be 2 to 256 characters in length, and cannot start with http:// or https://.

Create cloud resources in a vSwitch

You cannot directly deploy cloud resources in a VPC. You must deploy cloud resources in a vSwitch that belongs to the VPC.

  1. Log on to the VPC console.
  2. In the left-side navigation pane, click vSwitch.
  3. In the top navigation bar, select the region of the VPC to which the vSwitch belongs.
  4. On the vSwitch page, find the vSwitch, click Create in the Actions column, and then select the cloud resource that you want to create.
    You can create Elastic Compute Service (ECS), Classic Load Balancer (CLB), and ApsaraDB RDS instances in a vSwitch.
  5. On the page that appears, create a cloud resource.

Associate a vSwitch with a custom route table

After you create a custom route table, you can perform the following operations in a vSwitch. For more information about how to create a custom route table, see Create a custom route table.
  • Associate a custom route table: If the vSwitch is associated with a system route table, you can associate the vSwitch with a custom route table to manage routes of the vSwitch. Each vSwitch can be associated with only one custom route table or one system route table. After a vSwitch is associated with a custom route table, the system route table is automatically disassociated.
  • Replace a custom route table: You can replace an associated custom route table with another one as needed.
  • Disassociate a custom route table: You can disassociate a custom route table from the vSwitch. After the custom route table is disassociated, the vSwitch is automatically associated with the system route table.
  1. Log on to the VPC console.
  2. In the left-side navigation pane, click vSwitch.
  3. In the top navigation bar, select the region of the VPC to which the vSwitch belongs.
    For more information about the regions that support custom route tables, see Route tables overview.
  4. On the vSwitch page, find the vSwitch that you want to manage and click its ID.
  5. In the vSwitch Basic Information section, click the Route tab. You can associate, replace, or disassociate a custom route table on the Route tab.
    • Replace an associated system route table with a custom route table
      1. In the Associated with Route Table section, click Bind next to the system route table.
      2. In the Associate RouteTable dialog box, select a custom route table from the Replace Custom Route Table drop-down list, select a custom route table, and then click OK.
    • Replace an associated custom route table with another one
      1. In the Associated with Route Table section, click Bind next to the custom route table.
      2. In the Associate RouteTable dialog box, select a custom route table from the Replace Custom Route Table drop-down list, select a custom route table, and then click OK.
    • Disassociate a custom route table
      1. In the Associated with Route Table section, click Bind next to the custom route table.
      2. In the Associate RouteTable dialog box, select Unbind Route Table and click OK.
      3. In the Unbind Route Table message, click OK.

Associate a network ACL with a vSwitch

You can use a network ACL to regulate access control for a VPC. You can create a custom network ACL and associate it with a vSwitch. This way, you can control traffic of the elastic network interface (ENI) of the vSwitch. When you associate a network ACL with a vSwitch, they must belong to the same VPC. Each vSwitch can be associated with only one network ACL.

After you create a network ACL, you can perform the following operations in a vSwitch. For more information about how to create a network ACL, see Work with network ACLs.

  • Associate a network ACL: You can associate a network ACL with a vSwitch to control traffic of the vSwitch ENI.
  • Replace an associated network ACL: You can replace the network ACL that is associated with a vSwitch with another network ACL. After the network ACL is replaced, the new network ACL takes effect immediately and controls traffic of ECS instances that belong to the vSwitch.
  • Disassociate a network ACL: You can disassociate a network ACL from a vSwitch. Then, the network ACL no longer controls traffic of the ECS instances that belong to the vSwitch.
  1. Log on to the VPC console.
  2. In the left-side navigation pane, click vSwitch.
  3. In the top navigation bar, select the region of the VPC to which the vSwitch belongs.
  4. On the vSwitch page, find the vSwitch that you want to manage and click its ID.
  5. In the vSwitch Basic Information section, you can perform the following operations:
    • Associate a network ACL
      1. Click Bind next to Network ACL.
      2. In the Bind Network ACL dialog box, select the network ACL that you want to associate and click OK.
    • Replace an associated network ACL
      1. Click Change next to Network ACL.
      2. In the Bind Network ACL dialog box, select a new network ACL and click OK.
    • Disassociate a network ACL
      1. Click Unbind next to Network ACL.
      2. In the Unbind Network ACL message, click OK.

Delete a vSwitch

You can delete a vSwitch that you no longer need. After you delete a vSwitch, you cannot deploy cloud resources in it.

Before you delete a vSwitch, make sure that the following requirements are met:

  • The following resources in the vSwitch are deleted: ECS, CLB, ApsaraDB RDS, ApsaraDB for MongoDB, PolarDB, Elasticsearch, Time Series Database (TSDB), ApsaraDB for HBase, ApsaraDB for ClickHouse, Tablestore, Container Registry, Elastic High Performance Computing (E-HPC), Data Lake Analytics (DLA), Database Backup (DBS), and Apsara File Storage NAS (NAS).
  • You must delete the resources if the vSwitch to be deleted is associated with the following resources: SNAT entries, high-availability virtual IP addresses (HAVIPs), custom route tables, or network ACLs.
  1. Log on to the VPC console.
  2. In the left-side navigation pane, click vSwitch.
  3. Select the region where the vSwitch that you want to delete is deployed.
  4. On the vSwitch page, find the vSwitch that you want to delete and click Delete in the Actions column.
  5. In the Delete vSwitch message, click OK.