This topic describes how to create a virtual private cloud (VPC) with an IPv6 CIDR block and then create an Elastic Compute Service (ECS) instance with an IPv6 address in the VPC. This way, the ECS instance can access other ECS instances with IPv6 addresses over private connections.

Regions that support IPv6 gateways

The following regions support IPv6 gateways:
Area Region
China China (Qingdao), China (Beijing), China (Zhangjiakou), China (Hohhot), China (Ulanqab), China (Hangzhou), China (Shanghai), China (Fuzhou-Local Region), China (Shenzhen), China (Heyuan), China (Guangzhou), China (Chengdu), and China (Hong Kong)
Asia Pacific Philippines (Manila) and Singapore
Europe and Americas US (Virginia) and Germany (Frankfurt)

Scenarios

Due to business development, a company wants to create a VPC with an IPv6 CIDR block in Hangzhou Zone H and assign IPv6 addresses to ECS instances in the VPC. This way, the ECS instances can communicate with each other over IPv6. The following scenario is used as an example. In this example, a VPC and a vSwitch with IPv6 CIDR blocks are created. Two ECS instances named ECS01 and ECS02 are created. The ECS instances are assigned IPv6 IP addresses. This way, the ECS instances can communicate with each other over IPv6.

liuchengtu

Prerequisites

Before you deploy cloud resources in a VPC, you must plan your networks. For more information, see Plan networks.

Procedure

peizhiliucheng

Step 1: Create a VPC and a vSwitch

  1. Log on to the VPC console.
  2. In the top navigation bar, select the region where you want to create the VPC. China (Hangzhou) is selected in this example.
  3. On the VPCs page, click Create VPC.
  4. On the Create VPC page, set the following parameters.
    Note In this example, Assign (Default) is selected for the IPv6 CIDR Block parameter. After you create the VPC, the system automatically assigns an IPv6 CIDR block whose subnet mask is /56 to the VPC and creates a free IPv6 gateway. You can use the IPv6 gateway to process IPv6 traffic.
    Parameter Description
    VPC
    Region Displays the region where you want to create the VPC. In this example, China (Hangzhou) is displayed.
    Name Enter a name for the VPC.
    IPv4 CIDR Block Enter a primary IPv4 CIDR block for the VPC. In this example, 192.168.0.0/16 is used.
    Note After you create a VPC, you cannot change its primary IPv4 CIDR block. However, you can add a secondary IPv4 CIDR block to the VPC. For more information, see Add a secondary CIDR block.
    IPv6 CIDR Block Specify whether to assign an IPv6 CIDR block to the VPC. In this example, Assign (Default) is selected.

    If you set this parameter to Assign, the system automatically creates an IPv6 gateway of Free Edition for this VPC, and assigns an IPv6 CIDR block with the subnet mask /56, such as 2xx1: db8::/56. By default, IPv6 addresses are used only for communication within private networks. If you want to use an IPv6 address to access the Internet or provide services for IPv6 clients over the Internet, you must purchase Internet bandwidth for the IPv6 address. For more information, see Enable and manage IPv6 Internet bandwidth.

    Note After you create a VPC, you cannot change the IPv6 CIDR block.
    Description Enter a description for the VPC.
    Resource Group Select the resource group to which the VPC belongs.
    vSwitch
    Name Enter a name for the vSwitch.
    Zone In the drop-down list, select a zone for the vSwitch. In this example, Hangzhou Zone H is selected.
    IPv4 CIDR Block Enter an IPv4 CIDR block for the vSwitch. In this example, 192.168.24.0/24 is entered.
    When you specify an IPv4 CIDR block for the vSwitch, take note of the following limits:
    • The CIDR block of a vSwitch must be a subset of the CIDR block of the VPC to which the vSwitch belongs.

      For example, if the CIDR block of a VPC is 192.168.0.0/16, the CIDR block of a vSwitch in the VPC can range from 192.168.0.0/17 to 192.168.0.0/29.

    • The first IP address and the last three IP addresses of a vSwitch CIDR block are reserved.

      For example, if a vSwitch CIDR block is 192.168.1.0/24, the IP addresses 192.168.1.0, 192.168.1.253, 192.168.1.254, and 192.168.1.255 are reserved.

    • If a vSwitch is required to communicate with vSwitches in other VPCs or with data centers, make sure that the CIDR block of the vSwitch does not overlap with the destination CIDR blocks.
    Note After you create a vSwitch, you cannot change its CIDR block.
    IPv6 CIDR Block Select whether to enable IPv6 for the vSwitch. If you enable IPv6, you must configure the IPv6 CIDR block of the vSwitch. In this example, Enable is selected.

    By default, the subnet mask of the IPv6 CIDR block of a vSwitch is /64. You can enter a decimal number from 0 to 255 to define the last 8 bits of the IPv6 CIDR block.

  5. Optional:To create more vSwitches, click Add below the vSwitch section and repeat the preceding step to set the parameters.
    You can create at most 10 vSwitches in each VPC.
  6. Click OK.

Step 2: Create ECS instances

After you create a VPC and a vSwitch with IPv6 CIDR blocks, create ECS instances with IPv6 IP addresses. In this example, the ECS instances are named ECS01 and ECS02. After you create the ECS instances, configure the IPv6 IP addresses of the ECS instances.

  1. Log on to the VPC console.
  2. In the left-side navigation pane, click vSwitch.
  3. Select the region of the vSwitch. In this example, China (Hangzhou) is used.
  4. On the vSwitch page, find the vSwitch that you want to manage, and choose Create > ECS Instance in the Actions column.
  5. On the Custom Launch tab of the Elastic Compute Service (ECS) page, configure the parameters and complete the payment. For more information, see Create an instance by using the wizard.
    Configure the Quantity and IPv6 parameters based on the following information:
    • Quantity: Specify 2 Units.
    • IPv6: Select Assign IPv6 Address Free of Charge.
  6. Return to the Instances page, click an instance ID to view the IPv6 address, and change the instance names to ECS01 and ECS02.
  7. Configure the static IPv6 addresses of ECS01 and ECS02.

Step 3: Configure the security group rules

Services that are assigned IPv4 addresses and services that are assigned IPv6 addresses cannot communicate with each other. If the current security group rules do not support your IPv6 services, you must configure IPv6 security group rules for ECS01 and ECS02.

  1. Log on to the ECS console.
  2. In the left-side navigation pane, choose Network & Security > Security Groups.
  3. In the top navigation bar, select a region.
  4. Find the security group and click Add Rules in the Actions column.
  5. Click Add Rule.
  6. Configure security group rules.

    Enter the authorized IPv6 CIDR block in the Authorization Object field. For example, enter ::/0 to authorize all IPv6 addresses.

    For more information about configuration operations and common scenarios of security group rules, see Add a security group rule and Security groups for different use cases Configuration guide for ECS security groups .

Step 4: Test network connectivity

After you complete the preceding operations, ECS01 and ECS02 can communicate with each other over IPv6. You can perform the following operations to test the network connectivity between ECS01 and ECS02.
Note In this example, ECS01 and ECS02 run the Alibaba Cloud Linux operating system. For more information about how to use the ping command in other operating systems, see the user guide of the operating system that you use.
Test whether ECS01 and ECS02 can communicate with each other over IPv6.
  1. Log on to ECS01 and ECS02. For more information, see Guidelines on instance connection.
  2. Run the ping command on ECS01 to ping the IPv6 address of ECS02.
    If ECS01 can receive echo reply packets, it indicates the connection is established. The test result shows that ECS01 can access ECS02 over IPv6. ecs02
  3. Run the ping command on ECS02 to ping the IPv6 address of ECS01.

    If ECS02 can receive echo reply packets, it indicates the connection is established. The test result shows that ECS02 can access ECS01 over IPv6.

    ecs01

What to do next: Delete an IPv6 gateway

If you no longer need a VPC with an IPv6 CIDR block, you can delete the IPv6 gateway.

  1. Log on to the IPv6 Gateway console.
  2. In the top navigation bar, select the region where the IPv6 gateway is deployed.
  3. On the IPv6 Gateway page, find the IPv6 gateway that you want to delete and click Delete in the Actions column.
  4. In the message that appears, click OK.