vSwitches are a basic component of virtual private clouds (VPCs). vSwitches can be used to establish network communication between cloud resources. After you create a vSwitch, you can create resources in the vSwitch and associate the vSwitch with a custom route table or a network access control list (ACL). This topic describes how to create and manage a vSwitch.

Go to the section that you are interested in:

Create a vSwitch

After you create a VPC, you can create one or more vSwitches to create one or more subnets in the VPC. vSwitches within the same VPC can communicate with each other. Cloud resources must be deployed in vSwitches. You can deploy applications in vSwitches that belong to different zones to ensure service availability. vSwitches do not support multicast or broadcast.

  1. Log on to the VPC console.
  2. In the left-side navigation pane, click vSwitch.
  3. Select the region of the VPC for which you want to create a vSwitch.
  4. On the vSwitch page, click Create vSwitch.
  5. On the Create vSwitch page, set the following parameters.
    Parameter Description
    VPC Select the VPC for which you want to create the vSwitch.
    IPv4 CIDR Block The IPv4 CIDR block of the selected VPC is displayed.

    If the VPC has a secondary IPv4 CIDR block, you can specify the primary or secondary IPv4 CIDR block as the CIDR block of the vSwitch based on your business requirements.

    IPv6 CIDR Block Select the IPv6 CIDR block of the VPC from the drop-down list.

    If you select Default, IPv6 is disabled for the vSwitch.

    Note
    • Regions that support IPv6 CIDR blocks are: China (Qingdao), China (Beijing), China (Zhangjiakou), China (Hohhot), China (Ulanqab), China (Hangzhou), China (Shanghai), China (Shenzhen), China (Heyuan), China (Guangzhou), China (Chengdu), China (Hong Kong), Philippines (Manila), Singapore (Singapore), US (Virginia), and Germany (Frankfurt).
    • If IPv6 is disabled for the VPC, click Enable IPv6 CIDR Block. After IPv6 is enabled, the system automatically creates an IPv6 gateway free of charge.
    Resource Group Select the resource group to which the VPC belongs.
    vSwitch
    Name

    Enter a name for the vSwitch.

    Zone

    In the drop-down list, select a zone for the vSwitch. In the same VPC, vSwitches in different zones can communicate with each other.

    The drop-down list shows whether Elastic Compute Service (ECS) instances, ApsaraDB RDS instances, internal-facing Classic Load Balancer (CLB) instances, and internal-facing Application Load Balancer (ALB) instances are supported in each zone. The supported cloud resources vary based on the zone and the time when you create cloud resources. The instances provided in this topic are for reference only. The actual instances on the buy page shall prevail.

    IPv4 CIDR Block
    Enter an IPv4 CIDR block for the vSwitch. When you specify a CIDR block for the vSwitch, take note of the following limits:
    • The CIDR block of a vSwitch must be a proper subset of the CIDR block of the VPC to which the vSwitch belongs.

      For example, if the CIDR block of a VPC is 192.168.0.0/16, the CIDR block of a vSwitch in the VPC can range from 192.168.0.0/17 to 192.168.0.0/29.

    • The first IP address and last three IP addresses of a vSwitch CIDR block are reserved.

      For example, if a vSwitch CIDR block is 192.168.1.0/24, the IP addresses 192.168.1.0, 192.168.1.253, 192.168.1.254, and 192.168.1.255 are reserved.

    • If a vSwitch is required to communicate with vSwitches in other VPCs or with data centers, make sure that the CIDR block of the vSwitch does not overlap with the destination CIDR blocks.
    Note After you create a vSwitch, you cannot change its CIDR block.
    IPv6 CIDR Block
    Specify whether to enable IPv6 for the vSwitch. If you enable IPv6, you must specify an IPv6 CIDR block for the vSwitch.
    Note
    • If your VPC is assigned an IPv6 CIDR block, you must configure the IPv6 CIDR block of the vSwitch.
    • If your VPC is not assigned an IPv6 CIDR block, you do not need to configure the IPv6 CIDR block of the vSwitch.

    In this example, Enable is selected.

    By default, the subnet mask of the IPv6 CIDR block of a vSwitch is /64. You can enter a decimal number from 0 to 255 to define the last 8 bits of the IPv6 CIDR block.

    For example, if the IPv6 CIDR block of the VPC is 2408:4005:3c5:6e00::/56, you can enter 255 (ff in hexadecimal format) for the IPv6 CIDR block of the vSwitch. In this case, the IPv6 CIDR block of the vSwitch is 2408:4005:3c5:6eff::/64.

  6. Optional:If you want to create more vSwitches, click Add below the vSwitch list, and set the parameters.
    You can create at most 10 vSwitches in a VPC.
  7. Click OK.

Modify the basic information about a vSwitch

After you create a vSwitch, you can modify its name and description.

  1. Log on to the VPC console.
  2. In the left-side navigation pane, click vSwitch.
  3. Select the region of the vSwitch that you want to manage.
  4. On the vSwitch page, find the vSwitch that you want to manage and click its ID.
  5. In the vSwitch Basic Information section, click Edit next to Name. In the dialog box that appears, enter a new name for the vSwitch and click OK.
  6. Click Edit next to Description. In the dialog box that appears, enter a new description and click OK.

Deploy cloud resources in a vSwitch

You cannot directly deploy cloud resources in a VPC. You must deploy cloud resources in a vSwitch that belongs to the VPC.

  1. Log on to the VPC console.
  2. In the left-side navigation pane, click vSwitch.
  3. In the top navigation bar, select the region of the VPC to which the vSwitch belongs.
  4. On the vSwitch page, find the vSwitch that you want to manage, click Create in the Actions column, and then select the cloud resource that you want to create.
    You can create Elastic Compute Service (ECS) instances, ApsaraDB RDS instances, and Classic Load Balancer (CLB) instances in a vSwitch. CLB is formerly known as Server Load Balancer (SLB).
  5. On the page that appears, create a cloud resource.

Associate with a custom route table

After you create a custom route table, you can perform the following operations in a vSwitch. For more information about how to create a custom route table, see Create a custom route table.
  • Associate a custom route table: If a vSwitch is associated with the system route table, you can associate the vSwitch with a custom route table to manage routes of the vSwitch. Each vSwitch can be associated with only one custom route table or one system route table. After a vSwitch is associated with a custom route table, the system route table is automatically disassociated from the vSwitch.
  • Replace a custom route table: You can replace the custom route table associated with a vSwitch with another one as needed.
  • Disassociate a custom route table: You can disassociate a custom route table from a vSwitch. After the custom route table is disassociated, the vSwitch is automatically associated with the system route table.
  1. Log on to the VPC console.
  2. In the left-side navigation pane, click vSwitch.
  3. In the top navigation bar, select the region of the VPC to which the vSwitch belongs.
    For more information about the regions that support custom route tables, see Regions that support custom route tables.
  4. On the vSwitch page, find the vSwitch that you want to manage and click its ID.
  5. In the vSwitch Basic Information section, click the Route tab. You can associate, replace, or disassociate a custom route table on the Route tab.
    • Replace the system route table with a custom route table
      1. In the Associated with Route Table dialog box, click Bind next to the system route table.
      2. In the Associate RouteTable dialog box, select a custom route table from the Replace Custom Route Table drop-down list, and then click OK.
    • Replace a custom route table with another one
      1. In the Associated with Route Table section, click Bind next to the custom route table.
      2. In the Associate RouteTable dialog box, select a custom route table from the Replace Custom Route Table drop-down list, and then click OK.
    • Disassociate a custom route table
      1. In the Associated with Route Table section, click Replace Associated Route Table next to the custom route table.
      2. In the Associate RouteTable dialog box, select Unbind Route Table and click OK.
      3. In the Unbind Route Table message, click OK.

Associate with a network ACL

You can use a network ACL to regulate access control for a VPC. You can create a custom network ACL and associate it with a vSwitch. This way, you can control traffic of the elastic network interface (ENI) on the vSwitch. The network ACL and the vSwitch that you want to associate must belong to the same VPC. Each vSwitch can be associated with only one network ACL.

After you create a network ACL, you can perform the following operations on a vSwitch. For more information about how to create a network ACL, see Work with network ACLs.

  • Associate with a network ACL: You can associate the vSwitch with a network ACL to control traffic of the ENIs on the vSwitch.
  • Replace the associated network ACL: You can replace the network ACL that is associated with the vSwitch with another network ACL. After the network ACL is replaced, the new network ACL takes effect immediately and controls traffic of the ECS instances in the vSwitch.
  • Disassociate from a network ACL: You can disassociate the vSwitch from a network ACL. Then, the network ACL no longer controls traffic of the ECS instances in the vSwitch.
  1. Log on to the VPC console.
  2. In the left-side navigation pane, click vSwitch.
  3. In the top navigation bar, select the region of the VPC to which the vSwitch belongs.
  4. On the vSwitch page, find the vSwitch that you want to manage and click its ID.
  5. In the vSwitch Basic Information section, you can perform the following operations:
    • Associate with a network ACL
      1. Click Bind next to Network ACL.
      2. In the Bind Network ACL panel, select the network ACL that you want to use and click OK.
    • Replace the associated network ACL
      1. Click Change next to Network ACL.
      2. In the Bind Network ACL panel, select the network ACL that you want to use and click OK.
    • Disassociate from a network ACL
      1. Click Unbind next to Network ACL.
      2. In the Unbind Network ACL message, click OK.

Delete a vSwitch

You can delete a vSwitch that you no longer use. After you delete a vSwitch, you cannot deploy cloud resources in it.

Before you delete a vSwitch, make sure that the following requirements are met:

  • The following types of resource are deleted from the vSwitch: ECS, CLB, ApsaraDB RDS, ApsaraDB for MongoDB, PolarDB, Elasticsearch, Time Series Database (TSDB), ApsaraDB for HBase, ApsaraDB for ClickHouse, Tablestore, Container Registry, Elastic High Performance Computing (E-HPC), Data Lake Analytics (DLA), Database Backup (DBS), and Apsara File Storage NAS (NAS).
  • If the vSwitch that you want to delete is associated with SNAT entries, high-availability virtual IP addresses (HAVIPs), custom route tables, or network ACLs, disassociate the vSwitch from them.
  1. Log on to the VPC console.
  2. In the left-side navigation pane, click vSwitch.
  3. Select the region where the vSwitch that you want to delete is deployed.
  4. On the vSwitch page, find the vSwitch that you want to delete and click Delete in the Actions column.
  5. In the Delete vSwitch message, click OK.

References