By default, IPv6 addresses can be used only for communication over internal networks. To use an IPv6 address for communication over the Internet, you must create an IPv6 gateway and allocate IPv6 Internet bandwidth to the pod that uses the IPv6 address. This topic describes how to configure an Internet bandwidth plan and egress-only rules for a pod that uses an IPv6 address in a Container Service for Kubernetes (ACK) cluster.


  • An ACK managed cluster or ACK dedicated cluster is created. For more information, see Create an ACK managed cluster or Create an ACK dedicated cluster. The cluster meets the following requirements:
    • IPv4/IPv6 dual stack is enabled.
    • The Terway network plug-in is used.
  • The ack-extend-network-controller component is installed in the cluster and the ipv6gw controller is enabled. You can install ack-extend-network-controller from the Marketplace page in the ACK console. For more information, see App Marketplace.
  • An IPv6 gateway is created in the virtual private cloud (VPC) in which the cluster resides. The ipv6gw controller is configured after the IPv6 gateway is created. For more information about how to create an IPv6 gateway, see Create and manage an IPv6 gateway.

Background information

For more information about IPv6 gateways, see What is an IPv6 gateway?.


  • You cannot allocate IPv6 Internet bandwidth to pods in serverless Kubernetes (ASK) clusters, ACK edge clusters, or ASI clusters.
  • The bandwidth and the number of egress-only rules supported by an IPv6 gateway vary based on gateway specifications. For more information, see Limits.

Pod configurations

The following table describes the annotations that you can use to allocate IPv6 Internet bandwidth and configure egress-only rules.

Pod Annotations Value The Internet bandwidth of the IPv6 gateway. Unit: Mbit/s. Valid values: 1 to 5000.

For more information, see AllocateIpv6InternetBandwidth. The metering method of the Internet bandwidth of the IPv6 gateway. Valid values:
  • PayByTraffic: pay-by-data-transfer
  • PayByBandwidth (default): pay-by-bandwidth

For more information see AllocateIpv6InternetBandwidth. Create egress-only rules.

Use a custom resource object to track the Internet bandwidth plan and egress-only rules

After you create a pod, the ipv6gw controller automatically creates a PodIPv6GW object that is named after the pod name.

Use the following YAML template to create a Deployment. In this example, the IPv6 bandwidth allocated to the pod is 10 Mbit/s and egress-only rules are created.
apiVersion: apps/v1
kind: Deployment
  name: example
    app: example
  replicas: 1
      app: example
        app: example
      annotations: "10" ""
      - name: example
        image: nginx
After the pod is created, run the following command to query the object. This way, you can track the allocated bandwidth plan and the egress-only rules that are configured.
kubectl get  -oyaml example-75954794f-2****
Expected output:
kind: PodIPv6GW
  creationTimestamp: "2022-09-20T06:46:14Z"
  generation: 1
  name: example-75954794f-2****
  namespace: default
  - apiVersion: v1
    kind: Pod
    name: example-75954794f-2****
    uid: 2f2d7a97-9b63-4bbd-a050-5bcf0990****
  resourceVersion: "395890"
  uid: 95ade813-9f72-40ff-b3be-9d6fc1e7****
  bandwidth: 10
  egressOnlyRule: true
  ipv6Address: 2408:4005:39c:xxxx:xxxx:xxxx:xxxx:xxxx
  ipv6AddressID: ipv6-xxx
  ipv6EgressOnlyRuleID: ipv6py-xxx
  ipv6GatewayID: ipv6gw-xxx
  ipv6InternetBandwidthID: ipv6bw-xxx