This topic describes how to create a virtual private cloud (VPC) with an IPv6 CIDR block and then create an Elastic Compute Service (ECS) instance with an IPv6 address in the VPC. This way, the ECS instance can access other ECS instances with IPv6 addresses over private connections.

Regions that support IPv6 gateways

The following regions support IPv6 gateways: China (Qingdao), China (Beijing), China (Zhangjiakou), China (Hohhot), China (Ulanqab), China (Hangzhou), China (Shanghai), China (Shenzhen), China (Heyuan), China (Guangzhou), China (Chengdu), China (Hong Kong), Philippines (Manila), Singapore (Singapore), US (Virginia), and Germany (Frankfurt).

Scenarios

Due to business development, a company wants to create a VPC with an IPv6 CIDR block in Hangzhou Zone H and assign IPv6 addresses to ECS instances in the VPC. This way, the ECS instances can communicate with each other over IPv6. The following scenario is used as an example. In this example, a VPC and a vSwitch with IPv6 CIDR blocks are created. Two ECS instances named ECS01 and ECS02 are created. The ECS instances are assigned IPv6 IP addresses. This way, the ECS instances can communicate with each other over IPv6.

liuchengtu

Prerequisites

Before you deploy cloud resources in a VPC, you must plan your networks. For more information, see Plan networks.

Procedure

peizhiliucheng

Step 1: Create a VPC and a vSwitch

  1. Log on to the VPC console.
  2. In the top navigation bar, select the region where you want to create the VPC. In this example, China (Hangzhou) is selected.
  3. On the VPCs page, click Create VPC.
  4. On the Create VPC page, set the following parameters and click OK.
    Note In this example, Assign (Default) is selected for the IPv6 CIDR Block parameter. After you create the VPC, the system automatically assigns an IPv6 CIDR block whose subnet mask is /56 to the VPC and creates a free IPv6 gateway. You can use the IPv6 gateway to process IPv6 traffic.
    Parameter Description
    VPC
    Region Displays the region where you want to create the VPC. In this example, China (Hangzhou) is displayed.
    Name Enter a name for the VPC.

    The name must be 2 to 128 characters in length and can contain digits, underscores (_), and hyphens (-). The name must start with a letter.

    IPv4 CIDR Block Enter an IPv4 CIDR block for the VPC. In this example, 192.168.0.0/16 is entered.
    Note After you create a VPC, you cannot change its primary IPv4 CIDR block. However, you can add a secondary IPv4 CIDR block to the VPC.
    IPv6 CIDR Block Specify whether to assign an IPv6 CIDR block to the VPC. In this example, Assign (Default) is selected.

    If you set this parameter to Assign (Default), the system automatically creates a free IPv6 gateway for the VPC, and assigns an IPv6 CIDR block with the subnet mask /56, for example, 2xx1:db8::/56. By default, IPv6 addresses are used only for communication within private networks. If you want to use an IPv6 address to access the Internet or provide services for IPv6 clients over the Internet, you must purchase Internet bandwidth for the IPv6 address. For more information, see Enable and manage IPv6 Internet bandwidth.

    Note After you create a VPC, you cannot change its IPv6 CIDR block.
    Description Enter a description for the VPC.

    The description must be 2 to 256 characters in length, and cannot start with http:// or https://.

    Resource Group Select the resource group to which the VPC belongs.
    vSwitch
    Name Enter a name for the vSwitch.

    The name must be 2 to 128 characters in length and can contain digits, underscores (_), and hyphens (-). The name must start with a letter.

    Zone Select a zone for the vSwitch. In this example, Hangzhou Zone H is selected.
    Zone Resources Displays the cloud resources that can be created in the specified zone.

    The supported cloud resources vary based on the zone and the time when you create cloud resources. The instances provided in this topic are for reference only. The actual instances on the buy page shall prevail. Only ECS, ApsaraDB RDS, and Server Load Balancer (SLB) instances can be queried on the buy page.

    IPv4 CIDR Block Enter an IPv4 CIDR block for the vSwitch. In this example, 192.168.24.0/24 is entered.
    When you specify an IPv4 CIDR block for the vSwitch, take note of the following limits:
    • The CIDR block of a vSwitch must be a subset of the CIDR block of the VPC to which the vSwitch belongs.

      For example, if the CIDR block of a VPC is 192.168.0.0/16, the CIDR block of a vSwitch in the VPC must be a subset of 192.168.0.0/16. In this example, the CIDR block of the vSwitch can range from 192.168.0.0/17 to 192.168.0.0/29.

    • The first IP address and last three IP addresses of a vSwitch CIDR block are reserved.

      For example, if a vSwitch CIDR block is 192.168.1.0/24, the IP addresses 192.168.1.0, 192.168.1.253, 192.168.1.254, and 192.168.1.255 are reserved.

    • If a vSwitch is required to communicate with vSwitches in other VPCs or with data centers, make sure that the CIDR block of the vSwitch does not overlap with the destination CIDR blocks.
    Note After you create a vSwitch, you cannot change its CIDR block.
    Available IP Addresses Displays the number of available IP addresses.
    IPv6 CIDR Block Select whether to enable IPv6 for the vSwitch. If you enable IPv6, you must configure the IPv6 CIDR block of the vSwitch. In this example, Enable is selected.

    By default, the subnet mask of the IPv6 CIDR block of a vSwitch is /64. You can enter a decimal number from 0 to 255 to define the last 8 bits of the IPv6 CIDR block.

    Description Enter a description for the vSwitch.

    The description must be 2 to 256 characters in length, and cannot start with http:// or https://.

Step 2: Create ECS instances

After you create a VPC and a vSwitch with IPv6 CIDR blocks, create ECS instances with IPv6 IP addresses. In this example, the ECS instances are named ECS01 and ECS02. After you create the ECS instances, configure the IPv6 IP addresses of the ECS instances.

  1. Log on to the VPC console.
  2. In the left-side navigation pane, click vSwitch.
  3. The region where the instance resides. In this example, China (Hangzhou) is used.
  4. On the vSwitch page, find the vSwitch that you want to manage, and choose Create > ECS Instance in the Actions column.
  5. On the Custom Launch tab of the Elastic Compute Service (ECS) page, configure the parameters and complete the payment. For more information, see Create an instance by using the wizard.
    Configure the Quantity and IPv6 parameters based on the following information:
    • Quantity: Specify 2 Units.
    • IPv6: Select Assign IPv6 Address Free of Charge.
  6. Return to the Instances page, click an instance ID to view the IPv6 address, and change the instance names to ECS01 and ECS02.
  7. Configure the static IPv6 addresses of ECS01 and ECS02.

Step 3: Configure the security group rules

Services that are assigned IPv4 addresses and services that are assigned IPv6 addresses cannot communicate with each other. If the current security group rules do not support your IPv6 services, you must configure IPv6 security group rules for ECS01 and ECS02.

  1. Log on to the ECS console.
  2. In the left-side navigation pane, choose Network & Security > Security Groups.
  3. In the top navigation bar, select a region.
  4. Find the security group and click Add Rules in the Actions column.
  5. Click Add Rule.
  6. Configure security group rules.

    Enter the authorized IPv6 CIDR block in the Authorization Object field. For example, enter ::/0 to authorize all IPv6 addresses.

    For more information about configuration operations and common scenarios of security group rules, see Add a security group rule and Security groups for different use casesConfiguration guide for ECS security groups.

Step 4: Test network connectivity

After you complete the preceding operations, ECS01 and ECS02 can communicate with each other over IPv6. You can perform the following operations to test the network connectivity between ECS01 and ECS02.
Note In this example, ECS01 and ECS02 run the Alibaba Cloud Linux operating system. For more information about how to use the ping command in other operating systems, see the user guide of the operating system that you use.
Test whether ECS01 and ECS02 can communicate with each other over IPv6.
  1. Log on to ECS01 and ECS02. For more information, see Connect to an ECS instance.
  2. Run the ping command on ECS01 to ping the IPv6 address of ECS02. If ECS01 can receive echo reply packets, it indicates the connection is established. The test result shows that ECS01 can access ECS02 over IPv6. ecs02
  3. Run the ping command on ECS02 to ping the IPv6 address of ECS01. If ECS02 can receive echo reply packets, it indicates the connection is established. The test result shows that ECS02 can access ECS01 over IPv6. ecs01

What to do next: Delete an IPv6 gateway

If you no longer need to use an IPv6 VPC, you can delete the IPv6 gateway of the VPC.

  1. Log on to the IPv6 Gateway console.
  2. In the top navigation bar, select the region where the IPv6 gateway is deployed.
  3. On the IPv6 Gateway page, find the IPv6 gateway that you want to delete and click Delete in the Actions column.
  4. In the message that appears, click OK.