A virtual private cloud (VPC) is a private network in the cloud. You can manage your VPC based on your requirements. For example, you can specify CIDR blocks, and configure route tables and gateways for your VPC. You can also add secondary CIDR blocks to a VPC. This topic describes how to create and manage a VPC.

Operations

Create a VPC

Before you create a VPC, you must first plan networks. For more information, see Plan networks.

  1. Log on to the VPC console.
  2. In the top navigation bar, select the region where you want to create the VPC.
    Note The VPC and the cloud resources that you want to deploy in the VPC must belong to the same region.
  3. On the VPC page, click Create VPC.
  4. On the Create VPC page, set the following parameters and click OK.
    Parameter Description
    VPC
    Region Displays the region where you want to create the VPC.
    Name Enter a name for the VPC.

    The name must be 2 to 128 characters in length and can contain digits, underscores (_), and hyphens (-). It must start with a letter.

    IPv4 CIDR Block Enter the primary IPv4 CIDR block of the VPC.
    • You can specify one of the following CIDR blocks or their subsets as the primary IPv4 CIDR block of the VPC: 192.168.0.0/16, 172.16.0.0/12, and 10.0.0.0/8. These CIDR blocks are standard private CIDR blocks as defined by Request for Comments (RFC) documents. The subnet mask must be 8 to 28 bits in length. For example, enter 192.168.0.0/24.
    • You can also use a custom CIDR block other than 100.64.0.0/10, 224.0.0.0/4, 127.0.0.0/8, 169.254.0.0/16, and their subnets as the primary IPv4 CIDR block of the VPC.
    • In scenarios where multiple VPCs are used or in hybrid cloud scenarios where data centers and VPCs are used, we recommend that you use subsets of standard RFC CIDR blocks as VPC CIDR blocks with subnet masks no more than 16 bits in length. Make sure that the CIDR blocks of the VPCs do not overlap in both scenarios. In addition, the CIDR blocks of the VPCs cannot overlap with those of the data centers in hybrid cloud scenarios.
    Note After you create a VPC, you cannot change its primary IPv4 CIDR block. However, you can add a secondary IPv4 CIDR block to the VPC. For more information, see Add a secondary CIDR block.
    IPv6 CIDR Block Specify whether to assign an IPv6 CIDR block to the VPC. In this example, Assign (Default) is selected.

    If you set this parameter to Assign, the system automatically creates an IPv6 gateway of Free Edition for this VPC, and assigns an IPv6 CIDR block with the subnet mask /56, such as 2xx1: db8::/56. By default, IPv6 addresses are used only for communication within private networks. If you want to use an IPv6 address to access the Internet or provide services to IPv6 clients over the Internet, you must purchase Internet bandwidth for the IPv6 address. For more information, see Enable and manage IPv6 Internet bandwidth.

    Note
    • The following regions support IPv6 CIDR blocks: China (Qingdao), China (Beijing), China (Zhangjiakou), China (Hohhot), China (Ulanqab), China (Hangzhou), China (Shanghai), China (Shenzhen), China (Heyuan), China (Guangzhou), China (Chengdu), China (Hong Kong), Philippines (Manila), Singapore (Singapore), US (Virginia), and Germany (Frankfurt).
    • After you create a VPC, you cannot change its primary IPv6 CIDR block. However, you can add a secondary IPv6 CIDR block to the VPC. For more information, see Add a secondary CIDR block.
    Description Enter a description for the VPC.

    This parameter is optional. If you enter a description, it must be 2 to 256 characters in length and cannot start with http:// or https://.

    Resource Group Select the resource group to which the VPC belongs.
    vSwitch
    Name Enter a name for the vSwitch.

    The name must be 2 to 128 characters in length and can contain digits, underscores (_), and hyphens (-). It must start with a letter.

    Zone Select a zone for the vSwitch. In the same VPC, vSwitches in different zones can communicate with each other.
    Zone Resources Displays the cloud resources that can be created in the specified zone.

    The supported cloud resources vary based on the zone and the time when you create cloud resources. The instances provided in this topic are for reference only. The actual instances on the buy page shall prevail. Only Elastic Compute Service (ECS), ApsaraDB RDS, and Server Load Balancer (SLB) instances can be queried on the buy page.

    IPv4 CIDR Block Specify the IPv4 CIDR block of the vSwitch.
    When you specify an IPv4 CIDR block for the vSwitch, take note of the following limits:
    • The CIDR block of a vSwitch must be a proper subset of the CIDR block of the VPC to which the vSwitch belongs.

      For example, if the CIDR block of a VPC is 192.168.0.0/16, the CIDR block of a vSwitch in the VPC can range from 192.168.0.0/17 to 192.168.0.0/29.

    • The first IP address and last three IP addresses of a vSwitch CIDR block are reserved.

      For example, if a vSwitch CIDR block is 192.168.1.0/24, the IP addresses 192.168.1.0, 192.168.1.253, 192.168.1.254, and 192.168.1.255 are reserved.

    • If a vSwitch is required to communicate with vSwitches in other VPCs or with data centers, make sure that the CIDR block of the vSwitch does not overlap with the destination CIDR blocks.
    Note After you create a vSwitch, you cannot change its CIDR block.
    Available IP Addresses Displays the number of available IP addresses.
    IPv6 CIDR Block Specify whether to enable IPv6 for the vSwitch. If you enable IPv6, you must specify an IPv6 CIDR block for the vSwitch.
    Note
    • If your VPC is assigned an IPv6 CIDR block, you must configure the IPv6 CIDR block of the vSwitch.
    • If your VPC is not assigned an IPv6 CIDR block, you do not need to configure the IPv6 CIDR block of the vSwitch.

    In this example, Enable is selected.

    By default, the subnet mask of the IPv6 CIDR block of a vSwitch is /64. You can enter a decimal number from 0 to 255 to define the last 8 bits of the IPv6 CIDR block.

    For example, if the IPv6 CIDR block of the VPC is 2xx1:db8::/64, specify 255 to define the last 8 bits of the IPv6 CIDR block. In this case, the IPv6 CIDR block of the vSwitch is 2xx1:db8:ff::/64. ff is the hexadecimal value of 255.

    Description Enter a description for the vSwitch.

    This parameter is optional. If you enter a description, the description must be 2 to 256 characters in length. The description cannot start with http:// or https://.

View a VPC

  1. Log on to the VPC console.
  2. In the top navigation bar, select the region where the VPC is created.
  3. On the VPCs page, find the VPC that you want to view and click its ID. View a VPC
  4. You can view the information about VPC Details, vRouter Basic Information, Resources, and CIDRs.
    Click the Advanced Features tab to view the information about advanced features.

    You can view the advanced features that are supported by the VPC. For more information, see Advanced VPC features.

Modify the basic information about a VPC

You can modify the name and description of a VPC.

  1. Log on to the VPC console.
  2. In the top navigation bar, select the region where the VPC is created.
  3. On the VPCs page, find the VPC that you want to manage, and click the ID of the VPC.
  4. In the VPC Details section, click Edit next to Name. In the dialog box that appears, enter a new name for the VPC and click OK.
    The name must be 2 to 128 characters in length, and can contain digits, underscores (_), and hyphens (-). It must start with a letter.
  5. Click Edit next to Description. In the dialog box that appears, enter a new description and click OK.
    The description must be 2 to 256 characters in length. The description cannot start with http:// or https://.

Add a secondary CIDR block

Limits

  • When you create a VPC, the IPv4 CIDR block that you specified is the primary CIDR block. After the VPC is created, you cannot modify the primary IPv4 CIDR block of the VPC. However, you can add a secondary IPv4 CIDR block to the VPC. After you add a secondary IPv4 CIDR block to the VPC, both the primary and secondary IPv4 CIDR blocks are in effect. You can add at most one IPv4 CIDR block to a VPC and at most three IPv6 CIDR blocks to a VPC that has IPv6 enabled.
  • You can create a vSwitch with the primary or secondary IPv4 CIDR block of a VPC. However, the CIDR block of a vSwitch must belong to only one CIDR block of the VPC. If you create a vSwitch with the primary IPv4 CIDR block or a secondary CIDR block, the system automatically adds a route to a route table of the VPC. The destination CIDR block of the route is the CIDR block of the vSwitch. The CIDR block of a vSwitch cannot be the same as or larger than the destination CIDR block of a route in a route table of the VPC to which the vSwitch belongs.

    For example, 172.16.0.0/12 is added to a VPC as a secondary IPv4 CIDR block and a Cloud Enterprise Network (CEN) route exists in the VPC route table. Overlapping routing is enabled for CEN and the destination CIDR block of the CEN route is 172.16.0.0/24. In this case, you cannot create a vSwitch with 172.16.0.0/24 or a larger CIDR block. However, you can create a vSwitch with 172.16.0.0/25 or a smaller CIDR block.

Prerequisites

Before you add a secondary IPv4 CIDR block to a VPC, make sure that a VPC is created. If you want to add a secondary IPv6 CIDR block to a VPC, you must enable IPv6 for the VPC. If you want to create a vSwitch with a secondary IPv6 CIDR block, you must enable IPv6 for the vSwitch.

  1. Log on to the VPC console.
  2. In the top navigation bar, select the region where the VPC is created.
  3. On the VPC page, find the VPC that you want to manage and click its ID.
  4. On the VPC Details page, click the CIDRs tab and perform the following operations to add a secondary CIDR block to the VPC.
    • Add a secondary IPv4 CIDR block
      1. Click the ipv4 tab and click Add IPv4 CIDR.
      2. In the Add Secondary CIDR dialog box, set the following parameters and click OK.
        Parameter Description
        VPC Displays the VPC to which you want to add a secondary IPv4 CIDR block.
        Secondary CIDR Select a method to configure the secondary IPv4 CIDR block:
        • Default CIDR Block: You can specify one of the following standard IPv4 CIDR blocks as the secondary IPv4 CIDR block: 192.168.0.0/16, 172.16.0.0/12, and 10.0.0.0/8.
        • Custom CIDR Block: You can also use a custom CIDR block other than 100.64.0.0/10, 224.0.0.0/4, 127.0.0.0/8, 169.254.0.0/16, or their subnets as the secondary IPv4 CIDR block of the VPC.
        When you add a secondary IPv4 CIDR block, take note of the following limits:
        • The CIDR block cannot start with 0. The subnet mask must be 8 to 28 bits in length.
        • The secondary IPv4 CIDR block cannot overlap with the primary IPv4 CIDR block or an existing secondary IPv4 CIDR block.
          For example, if the primary IPv4 CIDR block of a VPC is 192.168.0.0/16, you cannot specify one of the following CIDR blocks as the secondary IPv4 CIDR block:
          • 192.168.0.0/16.
          • A CIDR block larger than 192.168.0.0/16, for example, 192.168.0.0/8.
          • A CIDR block smaller than 192.168.0.0/16, for example, 192.168.0.0/24.
    • Add a secondary IPv6 CIDR block
      1. Click the ipv6 tab and click Add IPv6 CIDR Block.
      2. In the Add IPv6 CIDR Block dialog box, set the following parameters and click OK.
        Parameter Description
        IPv6 CIDR Block Type Select the type of IPv6 CIDR block. You can select only Assign (Default), which specifies a secondary IPv6 CIDR block.
        IPv6 CIDR Block Displays the secondary IPv6 CIDR block.

Delete a secondary CIDR block

You can delete a secondary CIDR block. However, you cannot delete the primary IPv4 CIDR block of a VPC.

Before you delete a secondary CIDR block, make sure that the vSwitches created within the secondary CIDR block are deleted. For more information, see Delete a vSwitch.

  1. Log on to the VPC console.
  2. In the top navigation bar, select the region where the VPC is created.
  3. On the VPCs page, find the VPC that you want to manage and click its ID.
  4. On the VPC Details page, click the CIDRs tab.
  5. On the CIDRs tab, perform the following operations to delete a secondary CIDR block:
    • Delete a secondary IPv4 CIDR block
      1. On the ipv4 tab, find the secondary IPv4 CIDR block that you want to delete and click Delete in the Actions column.
      2. In the message that appears, click OK.
    • Delete a secondary IPv6 CIDR block
      1. On the ipv6 tab, find the secondary IPv6 CIDR block that you want to delete and click Delete in the Actions column.
      2. In the message that appears, click OK.

Delete a VPC

You can delete a VPC that you no longer need. After you delete a VPC, the vRouters and route tables associated with the VPC are also deleted. Before you delete a VPC, make sure that the following requirements are met:

  • No vSwitches exist in the VPC. Otherwise, delete the vSwitches first. For more information, see Delete a vSwitch.
  • No IPv6 gateways exist in the VPC. Otherwise, delete the IPv6 gateways first. For more information, see Delete an IPv6 gateway.
  • No security groups, custom route tables, network ACLs, or DHCP options sets exist in the VPC and the VPC is not attached to a CEN instance. Otherwise, delete the resources and detach the VPC from the CEN instance.
  1. Log on to the VPC console.
  2. In the top navigation bar, select the region where the VPC is created.
  3. On the VPCs page, find the VPC that you want to delete, and click Delete in the Actions column.
  4. In the Delete VPC dialog box, click OK.

References