IPv6 gateways help you build a secure and reliable IPv6 environment.

Scenario 1: Enable IPv6 for a virtual private cloud (VPC) and build an isolated IPv6 environment

If you enable IPv6 for an existing VPC, the VPC supports both IPv4 and IPv6. You can assign IPv6 addresses to the Elastic Compute Service (ECS) instances on which services are deployed. This way, the ECS instances can use IPv4 addresses and IPv6 addresses. By default, the IPv6 address of an ECS instance can be used only for communication within the VPC.

ECS instances for which IPv4 and IPv6 are enabled can use IPv4 addresses or IPv6 addresses to communicate with other resources in the VPC. The ECS instances cannot use IPv6 addresses to access the Internet or provide services to IPv6 clients over the Internet.

Scenario 2: Enable ECS instances in a VPC to communicate with the Internet by using IPv6 addresses

After you enable IPv6 Internet bandwidth for an IPv6 address, the IPv6 address can be used for communication over the Internet. IPv6 traffic between ECS instances in a VPC and IPv6 networks traverses the IPv6 gateway. The IPv6 gateway processes inbound and outbound IPv6 traffic.

IPv4 traffic between ECS instances and IPv4 networks traverses the Server Load Balancer (SLB) instance and the NAT gateway. The SLB instance and the NAT gateway process inbound and outbound IPv4 traffic.

Scenario 3: Configure egress-only rules to manage IPv6 traffic

If you want an ECS instance to access IPv6 clients and deny access from IPv6 clients,

you can configure an egress-only rule for the ECS instance. This way, the ECS instance can access IPv6 networks, but does not receive requests from IPv6 clients.