All Products
Search
Document Center

Virtual Private Cloud:Create a VPC with an IPv4 CIDR block

Last Updated:Feb 23, 2024

This topic describes how to create a virtual private cloud (VPC) with an IPv4 CIDR block and associate an elastic IP address (EIP) with an Elastic Compute Service (ECS) instance in the VPC. After an EIP is associated with an ECS instance, the ECS instance can communicate with the Internet.

Prerequisites

Before you deploy cloud resources in a VPC, you must first plan CIDR blocks for the VPC. For more information, see Plan networks.

Procedure

Resource Orchestration Service (ROS) console

  1. Click Create Stack to go to the Resource Orchestration Service (ROS) console. You are automatically redirected to the Create Stack page.

  2. Set the parameters based on the instructions and click Create.

    If the status on the Stack Information changes from Creating to Created, the VPC is created.

    Click the Output tab to view information about the VPC, EIP, and ECS instance.

VPC console (manual creation)

Step 1: Create a VPC and vSwitches

  1. Log on to the VPC console.

  2. In the top navigation bar, select the region where the VPC is deployed.

    The VPC and the cloud resources that you want to deploy must belong to the same region. China (Qingdao) is selected in this example.

  3. On the VPCs page, click Create VPC.

  4. On the Create VPC page, set the following parameters and click OK.

    Note

    In this example, IPv6 is enabled.

    Parameter

    Description

    VPC

    Region

    Displays the region where you want to create the VPC.

    Name

    Enter a name for the VPC.

    IPv4 CIDR Block

    Enter the primary IPv4 CIDR block of the VPC.

    • You can specify one of the following CIDR blocks or their subsets as the primary IPv4 CIDR block of the VPC: 192.168.0.0/16, 172.16.0.0/12, and 10.0.0.0/8. These CIDR blocks are standard private CIDR blocks as defined by Request for Comments (RFC) documents. The subnet mask must be 8 to 28 bits in length. Example: 192.168.0.0/24.

    • You can also use a custom CIDR block other than 100.64.0.0/10, 224.0.0.0/4, 127.0.0.0/8, 169.254.0.0/16, and their subnets as the primary IPv4 CIDR block of the VPC.

    • In scenarios where multiple VPCs are used or in hybrid cloud scenarios where data centers and VPCs are used, we recommend that you use subsets of standard RFC CIDR blocks as VPC CIDR blocks with subnet masks no more than 16 bits in length. Make sure that the CIDR blocks of the VPCs do not overlap in both scenarios. In addition, the CIDR blocks of the VPCs cannot overlap with those of the data centers in hybrid cloud scenarios.

    Note

    After a VPC is created, you can add secondary IPv4 CIDR blocks to the VPC. For more information, see Add a secondary CIDR block.

      IPv6 CIDR Block

      Specify whether to assign an IPv6 CIDR block to the VPC. In this example, Assign (Alibaba Cloud) is selected.

      If you set this parameter to Assign, the system automatically creates an IPv6 gateway of Free Edition for this VPC, and assigns an IPv6 CIDR block with the subnet mask /56, such as 2408:4005:3c5:6e00::/56. By default, IPv6 addresses are used only for communication within private networks. If you want to use an IPv6 address to access the Internet or provide services for IPv6 clients over the Internet, you must purchase Internet bandwidth for the IPv6 address. For more information, see Enable and manage IPv6 Internet bandwidth.

      Note
      • The following regions support IPv6 CIDR blocks: China (Qingdao), China (Beijing), China (Zhangjiakou), China (Hohhot), China (Ulanqab), China (Hangzhou), China (Shanghai), China (Fuzhou - Local Region), China (Shenzhen), China (Heyuan), China (Guangzhou), China (Chengdu), China (Hong Kong), Philippines (Manila), Singapore, Japan (Tokyo), South Korea (Seoul), Indonesia (Jakarta), US (Virginia), Germany (Frankfurt), and SAU (Riyadh - Partner Region).

      • After you create a VPC, you cannot change its IPv6 CIDR block. However, you can add a secondary IPv6 CIDR block to the VPC. For more information, see Add a secondary CIDR block.

      Description

      Enter a description for the VPC.

      Resource Group

      Select the resource group to which the VPC belongs.

      Tag Key

      Select or enter a tag key.

      You can specify up to 20 tag keys. A tag key can be up to 64 characters in length. It cannot start with aliyun or acs:, and cannot contain http:// or https://.

      Tag Value

      Select or enter a tag value.

      You can specify at most 20 tag values. A tag value can be at most 128 characters in length. It cannot start with aliyun or acs:, and cannot contain http:// or https://.

      vSwitch

      Name

      Enter a name for the vSwitch.

      Zone

      In the drop-down list, select a zone for the vSwitch. In the same VPC, vSwitches in different zones can communicate with each other.

      The drop-down list shows whether Elastic Compute Service (ECS) instances, ApsaraDB RDS instances, internal-facing Classic Load Balancer (CLB) instances, and internal-facing Application Load Balancer (ALB) instances are supported in each zone. The supported cloud resources vary based on the zone and the creation time of the cloud resources. The instances provided in this topic are for reference only. The actual instances on the buy page shall prevail.

      IPv4 CIDR Block

      Enter an IPv4 CIDR block for the vSwitch. When you specify a CIDR block for the vSwitch, take note of the following limits:

      • The CIDR block of a vSwitch must be a subset of the CIDR block of the VPC to which the vSwitch belongs.

        For example, if the CIDR block of a VPC is 192.168.0.0/16, the CIDR block of a vSwitch in the VPC can range from 192.168.0.0/17 to 192.168.0.0/29.

      • The first IP address and the last three IP addresses of a vSwitch CIDR block are reserved.

        For example, if a vSwitch CIDR block is 192.168.1.0/24, the IP addresses 192.168.1.0, 192.168.1.253, 192.168.1.254, and 192.168.1.255 are reserved.

      • If a vSwitch is required to communicate with vSwitches in other VPCs or with data centers, make sure that the CIDR block of the vSwitch does not overlap with the destination CIDR blocks.

      Note

      After you create the vSwitch, you cannot change its CIDR block.

      IPv6 CIDR Block

      Enable IPv6 and configure an IPv6 CIDR block for the vSwitch.

      Note
      • If your VPC is assigned an IPv6 CIDR block, you must configure the IPv6 CIDR block of the vSwitch.

      • If your VPC is not assigned an IPv6 CIDR block, you do not need to configure the IPv6 CIDR block of the vSwitch.

      • By default, the subnet mask of the IPv6 CIDR block of a vSwitch is /64. You can enter a decimal number from 0 to 255 to define the last 8 bits of the IPv6 CIDR block.

        For example, if the IPv6 CIDR block of the VPC is 2408:4005:3c5:6e00::/56, you can enter 255 (ff in hexadecimal format) for the IPv6 CIDR block of the vSwitch. In this case, the IPv6 CIDR block of the vSwitch is 2408:4005:3c5:6eff::/64.

      • The first IPv6 address and last nine IPv6 addresses are reserved by the system.

        For example, if the IPv6 CIDR block is 2408:4005:3c5:6eff::/64, the first IPv6 address 2408:4005:3c5:6eff:: and the last nine IPv6 addresses are reserved by the system: 2408:4005:3c5:6eff:ffff:ffff:ffff:fff7, 2408:4005:3c5:6eff:ffff:ffff:ffff:fff8, 2408:4005:3c5:6eff:ffff:ffff:ffff:fff9, 2408:4005:3c5:6eff:ffff:ffff:ffff:fffa, 2408:4005:3c5:6eff:ffff:ffff:ffff:fffb, 2408:4005:3c5:6eff:ffff:ffff:ffff:fffc, 2408:4005:3c5:6eff:ffff:ffff:ffff:fffd, 2408:4005:3c5:6eff:ffff:ffff:ffff:fffe, and 2408:4005:3c5:6eff:ffff:ffff:ffff:ffff.

    • (Optional): If you need to add more vSwitches for the VPC, click Add below the vSwitch list and set the parameters.

      You can create at most 10 vSwitches in each VPC.

    • Click OK.

    Step 2: Create an ECS instance

    Create an ECS instance in the VPC.

    1. Log on to the VPC console.

    2. In the left-side navigation pane, click vSwitch.

    3. In the top navigation bar, select the region where the vSwitch is deployed. In this example, China (Qingdao) is selected.

    4. On the vSwitch page, find the vSwitch that you want to manage, and choose Add Cloud Service > ECS Instance in the Actions column.

    5. On the Custom Launch tab, set the following parameters:

      The ECS instance uses the following configuration. For more information, see Create an instance by using the wizard.

      • Region and Zone: Select a region and a zone.

      • Public IP Address: Clear the check box.

      • Security Group: Use the default security group.

    6. Click Create Order and complete the payment.

    7. Log on to the ECS console. In the left-side navigation pane, click Instances. On the Instances page, view the ECS instance.

    Step 3: Create an EIP and associate the EIP with the ECS instance

    An EIP is a public IP address that you can purchase and use as an independent resource. You can associate an EIP with an ECS instance in a VPC to enable the ECS instance to communicate with the Internet.

    1. Log on to the Elastic IP Address console .
    2. In the top navigation bar, select the region where you want to create the EIP. In this example, China (Qingdao) is selected.

    3. On the Elastic IP Addresses page, click Create EIP.

    4. On the Elastic IP page, configure and buy the EIP.

      For more information, see Apply for an EIP.

    5. On the Elastic IP Addresses page, find the EIP and click Associate with Resource in the Actions column.

    6. In the Associate EIP with Resource dialog box, set the following parameters and click OK.

      Parameter

      Description

      Instance Type

      Select ECS Instance.

      Resource Group

      Select the resource group to which the ECS instance belongs.

      Mode

      Select the mode in which the EIP is associated with the ECS instance.

      You can select only NAT Mode.

      Select an instance to associate.

      Select the ECS instance that you created in Step 2.

    Test the network connectivity

    1. Log on to the ECS instance. For more information, see Connection methods.

    2. Run the ping command to test the connectivity between the ECS instance and the Internet.

      The test result shows that the ECS instance can communicate with the Internet.验证连通性