A virtual private cloud (VPC) is a private network dedicated for your use. You have full control over your VPC. For example, you can specify CIDR blocks, and configure route tables and gateways for your VPC. You can create a VPC, and then deploy Alibaba Cloud resources, such as Elastic Compute Service (ECS), ApsaraDB RDS, and Server Load Balancer (SLB) instances in the VPC. After you create a VPC, you can add secondary IPv4 CIDR blocks to it to expand the VPC. This topic describes how to work with VPCs.

Operations

Create a VPC

Before you create a VPC, you must plan your networks. For more information, see Plan your network.

  1. Log on to the VPC console.
  2. In the top navigation bar, select the region where you want to deploy the VPC.
    Note The VPC must be deployed in the same region as that of the cloud resources that you want to deploy in this VPC.
  3. On the VPC page, click Create VPC.
  4. On the Create VPC page, set the following parameters and click OK.
    Parameter Description
    VPC
    Region The region where the VPC is to be deployed.
    Name Enter a name for the VPC.

    The name must be 2 to 128 characters in length, and can contain letters, digits, underscores (_), and hyphens (-). The name must start with a letter.

    IPv4 CIDR Block Enter an IPv4 CIDR block for the VPC.
    You can specify 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8, or their subnets as the primary IPv4 CIDR block of the VPC. The subnet mask must be 8 to 24 bits in length. 192.168.0.0/24 is used in this example. To use a public CIDR block as the CIDR block of the VPC,submit a ticket.
    Note After you create a VPC, you cannot change its primary IPv4 CIDR block. However, you can add a secondary IPv4 CIDR block to the VPC. For more information, see Add a secondary IPv4 CIDR block.
    IPv6 CIDR Block Specify whether to assign an IPv6 CIDR block to the VPC. By default, no IPv6 CIDR block is assigned.

    If you select Assign (Default), the system automatically creates a free IPv6 gateway for this VPC, and assigns an IPv6 CIDR block with subnet mask /56, such as 2xx1:db8::/56. By default, IPv6 addresses can be used to communicate only within private networks. If you want to use an IPv6 address to access the Internet or allow IPv6 clients to access the IPv6 address over the Internet, you must purchase an Internet bandwidth plan for the IPv6 address. For more information, see Purchase a public bandwidth plan for an IPv6 address.

    Note
    • The following regions support IPv6 CIDR blocks: China (Beijing), China (Zhangjiakou), China (Hohhot), China (Ulanqab), China (Hangzhou), China (Shanghai), China (Shenzhen), China (Heyuan), China (Guangzhou), China (Chengdu), China (Hong Kong), Singapore (Singapore), US (Virginia), and Germany (Frankfurt)..
    • After you create a VPC, you cannot change its IPv6 CIDR block.
    Description Enter a description for the VPC.

    The description must be 2 to 256 characters in length and cannot start with http:// or https://.

    Resource Group Select the resource group to which the VPC belongs.
    vSwitch
    Name Enter a name for the vSwitch.

    The name must be 2 to 128 characters in length, and can contain letters, digits, underscores (_), and hyphens (-). The name must start with a letter.

    Zone Select a zone for the vSwitch. In the same VPC, vSwitches in different zones can communicate with each other.
    Zone Resource Displays the cloud resources that can be created in the specified zone.

    The cloud resources that are available in the zone vary by time. The inventory status of the instance types on the buy page shall prevail. Only ECS, ApsaraDB RDS, and SLB instances can be queried on the buy page.

    IPv4 CIDR Block Specify an IPv4 CIDR block for the vSwitch.
    When you specify an IPv4 CIDR block for the vSwitch, take note of the following limits:
    • The CIDR block of a vSwitch must be a subset of the CIDR block of the VPC to which the vSwitch belongs.

      For example, if the CIDR block of a VPC is 192.168.0.0/16, the CIDR block of a vSwitch in the VPC must be a subset of 192.168.0.0/16. In this example, the CIDR block of the vSwitch can range from 192.168.0.0/17 to 192.168.0.0/29.

    • The first IP address and last three IP addresses of a vSwitch CIDR block are reserved.

      For example, if a vSwitch CIDR block is 192.168.1.0/24, the IP addresses 192.168.1.0, 192.168.1.253, 192.168.1.254, and 192.168.1.255 are reserved.

    • If a vSwitch is required to communicate with vSwitches in other VPCs or with data centers, make sure that the CIDR block of the vSwitch does not overlap with the destination CIDR blocks.
    Note After you create a vSwitch, you cannot modify its CIDR block.
    Available IP Addresses Displays the number of available IP addresses.
    IPv6 CIDR Block Specify an IPv6 CIDR block for the vSwitch.

    By default, the subnet mask for the IPv6 CIDR block of a vSwitch is /64. You can enter a number from 0 to 255 to define the last 8 bits of the IPv6 CIDR block.

    For example, if the IPv6 CIDR block of the VPC is 2xx8:4004:c0:b900::/56, you can specify 255 to define the last 8 bits of the IPv6 CIDR block. In this case, the IPv6 CIDR block of the vSwitch is 2xx8:4004:c0:b9ff::/64. ff is the hexadecimal value of 255.

    Description Enter a description for the vSwitch.

    The description must be 2 to 256 characters in length and cannot start with http:// or https://.

View a VPC

  1. Log on to the VPC console.
  2. In the top navigation bar, select the region where the VPC is deployed.
  3. On the VPCs page, find the VPC that you want to view and click its ID.
  4. You can view information about VPC Details, vRouter Basic Information, Resources, and CIDRs.
    Click the Advanced Features tab to view information about advanced features. You can find out whether the VPC supports advanced features. If the VPC supports advanced features, the tab displays details about the supported advanced features. If the VPC does not support advanced features, the tab displays the resources that do not support advanced features. For more information, see Advanced VPC features.

Modify basic information about a VPC

You can modify the name and description of a VPC.

  1. Log on to the VPC console.
  2. In the top navigation bar, select the region where the VPC is deployed.
  3. On the VPCs page, find the VPC that you want to manage and click its ID.
  4. In the VPC Details section, click Edit next to Name. In the dialog box that appears, enter a new name for the VPC and click OK.
    The name must be 2 to 128 characters in length, and can contain letters, digits, underscores (_), and hyphens (-). The name must start with a letter.
  5. Click Edit next to Description. In the dialog box that appears, enter a new description, and click OK.
    The description must be 2 to 256 characters in length and cannot start with http:// or https://.

Add a secondary IPv4 CIDR block

Before you add a secondary IPv4 CIDR block, make sure that a VPC is created.

The IPv4 CIDR block that you configure when you create a VPC is the primary IPv4 CIDR block. After a VPC is created, the primary IPv4 CIDR block of the VPC cannot be modified. However, you can add a secondary IPv4 CIDR block to expand the VPC. After you add a secondary IPv4 CIDR block to the VPC, both the primary and secondary IPv4 CIDR blocks are in effect. You can create a vSwitch with the primary or secondary IPv4 CIDR block. However, each vSwitch belongs to only one VPC CIDR block.

The system automatically adds a vSwitch route to the VPC route table when you create a vSwitch with the primary or secondary IPv4 CIDR block. The destination CIDR block of a vSwitch route is the CIDR block with which the vSwitch is created. The CIDR block range cannot be the same as or larger than those of other routes in the route table of the VPC.

For example, you have added 172.16.0.0/16 to the VPC as a secondary IPv4 CIDR block. The VPC route table already contains Cloud Enterprise Network (CEN) routes (overlapping routing is enabled), and the destination CIDR block is 172.16.0.0/24. In this case, you cannot create a vSwitch with a CIDR block that is the same or larger than the CIDR block 172.16.0.0/24. However, you can create a vSwitch with 172.16.0.0/25 or a smaller CIDR block.

Secondary IPv4 CIDR block

  1. Log on to the VPC console.
  2. In the top navigation bar, select the region where the VPC is deployed.
  3. On the VPC page, find the VPC that you want to manage and click its ID.
  4. On the VPC Details page, click the CIDRs tab and click Add IPv4 CIDR.
  5. In the Add Secondary CIDR dialog box, set the following parameters and click OK.
    Parameter Description
    VPC Displays the VPC to which you want to add a secondary IPv4 CIDR block.
    Secondary CIDR Select a method to configure the secondary IPv4 CIDR block:
    • Default CIDR Block: You can specify one of the following standard IPv4 CIDR blocks as the secondary IPv4 CIDR block: 192.168.0.0/16, 172.16.0.0/12, and 10.0.0.0/8.
    • Custom CIDR Block: You can specify one of the following standard IPv4 CIDR blocks or their subnet as the secondary IPv4 CIDR block: 192.168.0.0/16, 172.16.0.0/12, and 10.0.0.0/8.

      To use a public CIDR block as the secondary IPv4 CIDR block,submit a ticket.

    When you add a secondary IPv4 CIDR block, take note of the following limits:
    • The CIDR block cannot start with 0. The subnet mask must be 8 to 24 bits in length.
    • The secondary IPv4 CIDR block cannot overlap with the primary IPv4 CIDR block or an existing secondary IPv4 CIDR block.
      For example, if the primary IPv4 CIDR block of a VPC is 192.168.0.0/16, you cannot specify one of the following CIDR blocks as a secondary IPv4 CIDR block:
      • A CIDR block larger than 192.168.0.0/16, for example, 192.168.0.0/8.
      • 192.168.0.0/16.
      • A CIDR block smaller than 192.168.0.0/16, for example, 192.168.0.0/24.

Delete a secondary IPv4 CIDR block

You can delete a secondary IPv4 CIDR block of a VPC. However, you cannot delete the primary IPv4 CIDR block of a VPC.

Before you delete a secondary IPv4 CIDR block, make sure that you have deleted the vSwitch that is created with the secondary IPv4 CIDR block. For more information, see Delete a vSwitch.

  1. Log on to the VPC console.
  2. In the top navigation bar, select the region where the VPC is deployed.
  3. On the VPCs page, find the VPC that you want to manage and click its ID.
  4. On the VPC Details page, click the CIDRs tab.
  5. On the CIDRs tab, find the secondary IPv4 CIDR block and click Delete in the Actions column.
  6. In the message that appears, click OK.

Delete a VPC

You can delete a VPC that you no longer need. After you delete a VPC, vRouters and route tables that are associated with the VPC are also deleted. Before you delete a VPC, make sure that the following requirements are met:

  • No vSwitch exists in the VPC. If the VPC contains a vSwitch, you must delete the vSwitch before you delete the VPC. For more information, see Delete a vSwitch.
  • No IPv6 gateway is associated with the VPC. If the VPC is associated with an IPv6 gateway, you must delete the IPv6 gateway before you delete the VPC.
  1. Log on to the VPC console.
  2. In the top navigation bar, select the region where the VPC is deployed.
  3. On the VPCs page, find the VPC that you want to delete, and click Delete in the Actions column.
  4. In the Delete VPC message, click OK.