This topic describes how to create a virtual private cloud (VPC) with an IPv4 CIDR block. After you create the VPC, you can associate elastic IP addresses (EIPs) with the Elastic Compute Service (ECS) instances in the VPC. This allows the ECS instances to access the Internet.

Prerequisites

Before you deploy cloud resources in a VPC, you must plan your CIDR blocks in the VPC. For more information, see Plan networks.

Step 1: Create a VPC and a vSwitch

To create a VPC and a vSwitch, perform the following operations:

  1. Log on to the VPC console.
  2. In the top navigation bar, select the region where you want to deploy the VPC.

    The VPC and the cloud resources that you want to deploy must belong to the same region. China (Qingdao) is selected in this example.

  3. On the VPCs page, click Create VPC.
  4. On the Create VPC page, set the following parameters and click OK.
    Parameter Description
    VPC
    Region Displays the region where you want to deploy the VPC.
    Name Enter a name for the VPC that you want to create.

    The name must be 2 to 128 characters in length, and can contain digits, underscores (_), and hyphens (-). It must start with a letter.

    IPv4 CIDR Block Enter an IPv4 CIDR block for the VPC.
    • You can specify one of the following CIDR blocks or their subsets as the primary IPv4 CIDR block of the VPC: 192.168.0.0/16, 172.16.0.0/12 and 10.0.0.0/8. These three CIDR blocks are standard private CIDR blocks as defined by Request for Comments (RFC) documents. The subnet mask must be 8 to 28 bits in length. For example, enter 192.168.0.0/24.
    • You can also use a custom CIDR block other than 100.64.0.0/10, 224.0.0.0/4, 127.0.0.0/8, 169.254.0.0/16, or their subnets as the primary IPv4 CIDR block of the VPC.
    • In scenarios where multiple VPCs are used or in hybrid cloud scenarios where data centers and VPCs are used, we recommend that you use standard RFC CIDR blocks as VPC CIDR blocks with subnet masks no more than 16 bits in length. Make sure that the CIDR blocks of the VPCs and data centers do not overlap.
    Note After you create a VPC, you cannot change its primary IPv4 CIDR block. However, you can add a secondary IPv4 CIDR block to the VPC. For more information, see Add a secondary IPv4 CIDR block.
    IPv6 CIDR Block Specify whether to assign an IPv6 CIDR block to the VPC. By default, no IPv6 CIDR block is allocated.

    If you set this parameter to Assign, the system automatically creates a free IPv6 gateway for this VPC, and assigns an IPv6 CIDR block with the subnet mask /56, such as 2xx1:db8::/56. By default, IPv6 addresses can only be used to communicate within private networks. If you want to use the IPv6 address to access the Internet or to be accessed by IPv6 clients over the Internet, you must purchase an Internet bandwidth plan for the IPv6 address. For more information, see Purchase a public bandwidth plan for an IPv6 address.

    Note
    • The following regions support IPv6 CIDR blocks: China (Qingdao), China (Beijing), China (Zhangjiakou), China (Hohhot), China (Ulanqab), China (Hangzhou), China (Shanghai), China (Shenzhen), China (Heyuan), China (Guangzhou), China (Chengdu), China (Hong Kong), Philippines (Manila), Singapore (Singapore), US (Virginia), and Germany (Frankfurt).
    • After you create a VPC, you cannot change its IPv6 CIDR block.
    Description Enter a description for the VPC.

    The description must be 2 to 256 characters in length and cannot start with http:// or https://.

    Resource Group Select the resource group to which the VPC belongs.
    vSwitch
    Name Enter a name for the vSwitch.

    The name must be 2 to 128 characters in length, and can contain digits, underscores (_), and hyphens (-). It must start with a letter.

    Zone Select a zone for the vSwitch. In the same VPC, vSwitches in different zones can communicate with each other.
    Zone Resources Displays the cloud resources that can be created in the specified zone.

    The supported cloud resources vary based on the zone and the time when you create cloud resources. The instances provided in this topic are for reference only. The actual instances on the buy page shall prevail. Only Elastic Compute Service (ECS), RDS, and Server Load Balancer (SLB) instances can be queried on the buy page.

    IPv4 CIDR Block Specify an IPv4 CIDR block for the vSwitch.
    When you specify an IPv4 CIDR block for the vSwitch, take note of the following limits:
    • The CIDR block of a vSwitch must be a subset of the CIDR block of the VPC to which the vSwitch belongs.

      For example, if the CIDR block of a VPC is 192.168.0.0/16, the CIDR block of a vSwitch in the VPC must be a subset of 192.168.0.0/16. In this example, the CIDR block of the vSwitch can range from 192.168.0.0/17 to 192.168.0.0/29.

    • The first IP address and last three IP addresses of a vSwitch CIDR block are reserved.

      For example, if a vSwitch CIDR block is 192.168.1.0/24, the IP addresses 192.168.1.0, 192.168.1.253, 192.168.1.254, and 192.168.1.255 are reserved.

    • If a vSwitch is required to communicate with vSwitches in other VPCs or with data centers, make sure that the CIDR block of the vSwitch does not overlap with the destination CIDR blocks.
    Note After you create a vSwitch, you cannot modify its CIDR block.
    Available IP Addresses Displays the number of available IP addresses.
    IPv6 CIDR Block Enter an IPv6 CIDR block for the vSwitch.

    By default, the subnet mask for the IPv6 CIDR block of a vSwitch is /64. You can enter a decimal number from 0 to 255 to define the last 8 bits of the IPv6 CIDR block.

    For example, if the IPv6 CIDR block of the VPC is 2xx8:4004:c0:b900::/56, you can specify 255 to define the last 8 bits of the IPv6 CIDR block. In this case, the IPv6 CIDR block of the vSwitch is 2xx8:4004:c0:b9ff::/64. ff is the hexadecimal value of 255.

    Description Enter a description for the vSwitch.

    The description must be 2 to 256 characters in length and cannot start with http:// or https://.

Step 2: Create an ECS instance

To create an ECS instance in the VPC, perform the following operations:

  1. Log on to the VPC console.
  2. In the left-side navigation pane, click vSwitch.
  3. In the top navigation bar, select the region where the vSwitch is deployed. China (Qingdao) is selected in this example.
  4. On the vSwitch page, find the vSwitch that you want to manage, and choose Create > ECS Instance in the Actions column.
  5. On the Custom Launch tab, set the following parameters:
    For more information about how to configure an ECS instance, see Create an instance by using the wizard.
    • Network Type: Select the VPC and the vSwitch that you created.
    • Public IP Address: Clear the check box.
    • Security Group: Use the default security group.
  6. Click Create Order and complete the payment.
  7. Log on to the ECS console. In the left-side navigation pane, click Instances. On the Instances page, view details of the ECS instance.
    View details of the ECS instance

Step 3: Create an EIP and associate the EIP with the ECS instance

An EIP is a public IP address that you can purchase and own as an independent resource. You can associate EIPs with ECS instances in a VPC to enable the ECS instances to access the Internet.

To create an EIP and associate the EIP with the ECS instance, perform the following operations:

  1. Log on to the Elastic IP Address console .
  2. On the Elastic IP Addresses page, click Create EIP.
  3. On the Elastic IP page, set the parameters, click Buy Now, and then complete the payment.
    For more information, see Apply for an EIP.
  4. On the Elastic IP Addresses page, find the EIP that you created and click Bind Resource in the Actions column.
  5. In the Bind Elastic IP Address to Resources dialog box, set the following parameters and click OK.
    • Instance Type: Select ECS Instance from the drop-down list.
    • Binding mode: Select the mode in which the EIP is associated with the ECS instance.

      Only the Normal mode is supported.

    • Select an instance to bind: Select the ECS instance in Step 2: Create an ECS instance.

Step 4: Test Internet connectivity

To test the connectivity between the ECS instance and the Internet, perform the following operations:

  1. Log on to the ECS instance with which the EIP is associated.
  2. Run the ping command to test the connectivity between the ECS instance and the Internet.
    The test result shows that the ECS instance can access the Internet. Test connectivity