All Products
Search

This Product

    IPv6 Gateway:Enable internet access for resources in an IPv6 VPC

    Document Center

    IPv6 Gateway:Enable internet access for resources in an IPv6 VPC

    Last Updated:Jun 15, 2026

    After you enable IPv6 for a VPC, you can grant internet access to a resource by enabling internet bandwidth for its IPv6 address.

    Use case

    An ECS instance (ECS01) must access the internet over IPv6 and accept inbound IPv6 connections from the internet.

    Proper network planning helps prevent CIDR block conflicts and ensures network scalability. Improper planning can lead to high rebuilding costs. Therefore, we recommend that you plan your network before you create a VPC.
    image

    Procedure

    Step 1: Create an IPv6-enabled VPC and vSwitch

    1. Go to the Create VPC page in the VPC console.

    2. Configure the VPC:

      1. Region: Select the region where you want to create the cloud resources.

      2. IPv4 CIDR block: Select a recommended CIDR block or enter a custom one. In scenarios such as multi-VPC connections, we recommend that you configure non-overlapping CIDR blocks to prevent conflicts. To avoid conflicts and ensure network scalability, we recommend that you create a VPC with IPAM.

        1. We recommend that you use the private IPv4 addresses specified in RFC 1918 as the CIDR block of the VPC, with a subnet mask length of 16 to 28. Examples: 10.0.0.0/16, 172.16.0.0/16, and 192.168.0.0/16.
        2. Do not use 100.64.0.0/10, 224.0.0.0/4, 127.0.0.0/8, or 169.254.0.0/16 as the IPv4 CIDR block of the VPC.

      3. IPv6 CIDR block: Select Allocated by system, and then select Assign BGP (Multi-ISP). The system automatically creates an IPv6 Gateway and assigns an IPv6 CIDR block with a /56 prefix.

    3. Configure the vSwitch:

      1. Zone: Select a zone based on resource availability.

      2. IPv4 CIDR block: Use the default CIDR block provided by the console or adjust the range as needed.

      3. IPv6 CIDR block: The default prefix for the vSwitch's IPv6 CIDR block is /64. You can enter a decimal number from 0 to 255 to customize the last 8 bits of the vSwitch's IPv6 CIDR block.

    Step 2: Create an ECS instance

    1. Go to the vSwitch page in the VPC console. Find the target vSwitch and in the Actions column, click Add Cloud Service > ECS Instance.

    2. On the ECS purchase page, on the Custom Launch tab, configure the ECS instance and create the instance.

      Only the relevant parameters are described below.

      • IPv6: Select Assign IPv6 Address Free of Charge.

    Step 3: Enable IPv6 internet bandwidth

    Internet bandwidth can only be enabled for a specific IPv6 address assigned to an ECS instance, not for an entire IPv6 CIDR block.

    1. Log on to the IPv6 Gateway console.

    2. Click the ID of the target IPv6 Gateway instance, select the IPv6 Internet Bandwidth tab, find the target IPv6 address, and in the Actions column, click Activate Internet Bandwidth.

    3. On the IPv6 Internet Bandwidth (Pay-as-you-go) page, configure parameters such as Traffic, Bandwidth, and Billing Cycle, and then complete the purchase.

    Step 5: Configure security group rules

    Verify that your current security group rules allow IPv6 traffic. If not, add the following IPv6 security group rules for the ECS01 instance:

    • Allow inbound ICMPv6 traffic for operations such as pinging the ECS instance by using the ping -6 command.

    • Allow inbound traffic for essential services, such as SSH (port 22) and RDP (port 3389) for remote connections, and HTTP (port 80) and HTTPS (port 443) for web services.

    1. Log on to the ECS console. In the navigation pane on the left, choose Network & Security > Security Group. Find the target security group and in the Actions column, click Manage Rules.

    2. Allow ICMP traffic from all IPv4 and IPv6 addresses.

    Step 6: Test network connectivity

    1. Remotely log on to the ECS01 instance.

      This example uses an instance that runs the 64-bit Alibaba Cloud Linux 3.2104 operating system.

    2. From the ECS01 instance, run the ping -6 aliyun.com command to test IPv6 internet connectivity. Receiving reply packets indicates a successful connection.

      [root@xxx ~]# ping -6 aliyun.com
PING aliyun.com(2401:b180:xxx::5 (2401:xxx:xxx::5)) 56 data bytes
64 bytes from 2401:b180 xxx::5 (2401:xxx:xxx::5): icmp_seq=1 ttl=96 time=9.29 ms
64 bytes from 2401:b180 xxx::5 (2401:xxx:xxx::5): icmp_seq=2 ttl=96 time=9.30 ms
64 bytes from 2401:b180 xxx::5 (2401:xxx:xxx::5): icmp_seq=3 ttl=96 time=9.27 ms
64 bytes from 2401:b180 xxx::5 (2401:xxx:xxx::5): icmp_seq=4 ttl=96 time=9.29 ms
64 bytes from 2401:b180 xxx::5 (2401:xxx:xxx::5): icmp_seq=5 ttl=96 time=9.28 ms
64 bytes from 2401:b180:xxx::5 (2401:xxx:xxx::5): icmp_seq=6 ttl=96 time=9.28 ms

    Step 7: (Optional) Delete the IPv6 internet bandwidth

    Deleting the IPv6 internet bandwidth stops all related charges, and the instance can only communicate over the private network.

    Log on to the IPv6 Gateway console. Click the ID of the target IPv6 Gateway. On the IPv6 Internet Bandwidth tab, find the target IPv6 address and in the Actions column, click Delete Internet Bandwidth.

    Billing