A vSwitch is a basic network component that connects different cloud resources in a virtual private cloud (VPC). After you create a vSwitch, you can create resources in the vSwitch and associate the vSwitch with a custom route table or a network access control list (ACL). This topic describes how to work with vSwitches.

Operations

Create a vSwitch

After you create a VPC, you can create vSwitches to divide the VPC into one or more subnets. vSwitches in the same VPC can communicate with each other. Cloud resources must be deployed in vSwitches. You can deploy applications in vSwitches that belong to different zones to improve service availability. vSwitches do not support multicasting or broadcasting.

  1. Log on to the VPC console.
  2. In the left-side navigation pane, click vSwitch.
  3. Select the region of the VPC for which you want to create a vSwitch.
  4. On the vSwitch page, click Create vSwitch.
  5. On the Create vSwitch page, set the following parameters and click OK.
    Parameter Description
    VPC Select the VPC to which the vSwitch belongs.
    IPv4 CIDR Block Displays the IPv4 CIDR block of the VPC.

    If the VPC has a secondary IPv4 CIDR block, you can specify the primary or secondary IPv4 CIDR block as the CIDR block of the vSwitch based on your business requirements.

    IPv6 CIDR Block Displays the IPv6 CIDR block of the VPC.
    Note
    • Only the China (Qingdao), China (Beijing), China (Zhangjiakou), China (Hohhot), China (Ulanqab), China (Hangzhou), China (Shanghai), China (Shenzhen), China (Heyuan), China (Guangzhou), China (Chengdu), China (Hong Kong), Philippines (Manila), Singapore (Singapore), US (Virginia), and Germany (Frankfurt) regions support IPv6 CIDR blocks.
    • If IPv6 is disabled for the VPC, click Enable IPv6 CIDR Block. After IPv6 is enabled, the system automatically creates an IPv6 gateway free of charge.
    Name Enter a name for the vSwitch.

    The name must be 2 to 128 characters in length and can contain digits, underscores (_), and hyphens (-). The name must start with a letter.

    Zone Select a zone for the vSwitch. In the same VPC, vSwitches in different zones can communicate with each other.
    IPv4 CIDR Block Specify the IPv4 CIDR block of the vSwitch. When you specify a CIDR block for the vSwitch, take note of the following limits:
    • The CIDR block of a vSwitch must be a subset of the CIDR block of the VPC to which the vSwitch belongs.

      For example, if the CIDR block of the VPC is 192.168.0.0/16, you can specify a CIDR block from 192.168.0.0/17 to 192.168.0.0/29 for the vSwitch.

    • The first IP address and last three IP addresses of a vSwitch CIDR block are reserved.

      For example, if the CIDR block of a vSwitch is 192.168.1.0/24, the IP addresses 192.168.1.0, 192.168.1.253, 192.168.1.254, and 192.168.1.255 are reserved.

    • If a vSwitch is required to communicate with vSwitches in other VPCs or with data centers, make sure that the CIDR block of the vSwitch does not overlap with the destination CIDR blocks.
    • The CIDR block of a vSwitch cannot be the same as or larger than the destination CIDR block of a route in the route table of the VPC to which the vSwitch belongs.

      For example, if the VPC route table contains a Cloud Enterprise Network (CEN) route whose destination CIDR block is 172.16.0.0/24 and overlapping routing is enabled for the CEN instance, you cannot specify 172.16.0.0/24 or a larger CIDR block as the CIDR block of the vSwitch. However, you can specify 172.16.0.0/25 or a smaller CIDR block as the CIDR block of the vSwitch.

    • CIDR blocks of vSwitches in the same VPC cannot overlap with each other. If a CIDR block overlaps with another one, you must modify the CIDR block.
    Notice After you create a vSwitch, you cannot change its CIDR block.
    Available IP Addresses Displays the number of available IPv4 addresses of the vSwitch.
    IPv6 CIDR Block Select whether to enable IPv6 for the vSwitch. If you enable IPv6, you must configure the IPv6 CIDR block of the vSwitch.
    Note
    • If your VPC is assigned an IPv6 CIDR block, you must configure the IPv6 CIDR block of the vSwitch.
    • If your VPC is not assigned an IPv6 CIDR block, you do not need to configure the IPv6 CIDR block of the vSwitch.

    In this example, Enable is selected.

    By default, the subnet mask of the IPv6 CIDR block of a vSwitch is /64. You can enter a decimal number from 0 to 255 to define the last 8 bits of the IPv6 CIDR block.

    For example, if the IPv6 CIDR block of the VPC is 2xx1:db8::/64, specify 255 to define the last 8 bits of the IPv6 CIDR block. In this case, the IPv6 CIDR block of the vSwitch is 2xx1:db8:ff::/64. ff is the hexadecimal value of 255.

    Description Enter a description for the vSwitch.

    The description must be 2 to 256 characters in length, and cannot start with http:// or https://.

    Resource Group Select the resource group to which the vSwitch belongs.

Modify the basic information about a vSwitch

After you create a vSwitch, you can modify its name and description.

  1. Log on to the VPC console.
  2. In the left-side navigation pane, click vSwitch.
  3. Select the region of the vSwitch that you want to manage.
  4. On the vSwitch page, find the vSwitch that you want to manage and click its ID.
  5. In the vSwitch Basic Information section, click Edit next to Name to modify the name of the vSwitch.
    The name must be 2 to 128 characters in length, and can contain digits, underscores (_), and hyphens (-). The name must start with a letter.
  6. Click Edit next to Description to modify the description of the vSwitch.
    The description must be 2 to 256 characters in length. The description cannot start with http:// or https://.

Create cloud resources in a vSwitch

You cannot directly deploy cloud resources in a VPC. You must deploy cloud resources in a vSwitch that belongs to the VPC.

  1. Log on to the VPC console.
  2. In the left-side navigation pane, click vSwitch.
  3. In the top navigation bar, select the region of the VPC to which the vSwitch belongs.
  4. On the vSwitch page, find the vSwitch that you want to manage, click Create in the Actions column, and then select the cloud resource that you want to create.
    You can create Elastic Compute Service (ECS), Classic Load Balancer (CLB), and ApsaraDB RDS instances in a vSwitch.
  5. On the page that appears, create a cloud resource.

Associate a vSwitch with a custom route table

After you create a custom route table, you can perform the following operations in a vSwitch. For more information about how to create a custom route table, see Create a custom route table.
  • Associate a custom route table: If a vSwitch is associated with the system route table, you can associate the vSwitch with a custom route table to manage routes of the vSwitch. Each vSwitch can be associated with only one custom route table or one system route table. After a vSwitch is associated with a custom route table, the system route table is automatically disassociated from the vSwitch.
  • Replace a custom route table: You can replace an associated custom route table with another one as needed.
  • Disassociate a custom route table: You can disassociate a custom route table from a vSwitch. After the custom route table is disassociated, the vSwitch is automatically associated with the system route table.
  1. Log on to the VPC console.
  2. In the left-side navigation pane, click vSwitch.
  3. In the top navigation bar, select the region of the VPC to which the vSwitch belongs.
    For more information about the regions that support custom route tables, see Route tables overview.
  4. On the vSwitch page, find the vSwitch that you want to manage and click its ID.
  5. In the vSwitch Basic Information section, click the Route tab. You can associate, replace, or disassociate a custom route table on the Route tab.
    • Replace the system route table with a custom route table
      1. In the Associated with Route Table section, click Bind next to the system route table.
      2. In the Associate RouteTable dialog box, select a custom route table from the Replace Custom Route Table drop-down list, and then click OK.
    • Replace an associated custom route table with another one
      1. In the Associated with Route Table section, click Bind next to the custom route table.
      2. In the Associate RouteTable dialog box, select a custom route table from the Replace Custom Route Table drop-down list, and then click OK.
    • Disassociate a custom route table
      1. In the Associated with Route Table section, click Bind next to the custom route table.
      2. In the Associate RouteTable dialog box, select Unbind Route Table and click OK.
      3. In the Unbind Route Table message, click OK.

Associate a network ACL with a vSwitch

You can use a network ACL to regulate access control for a VPC. You can create a custom network ACL and associate it with a vSwitch. This way, you can control traffic of the elastic network interface (ENI) of the vSwitch. When you associate a network ACL with a vSwitch, they must belong to the same VPC. Each vSwitch can be associated with only one network ACL.

After you create a network ACL, you can perform the following operations in a vSwitch. For more information about how to create a network ACL, see Work with network ACLs.

  • Associate a network ACL: You can associate a network ACL with a vSwitch to control traffic of the vSwitch ENI.
  • Replace an associated network ACL: You can replace the network ACL that is associated with a vSwitch with another network ACL. After the network ACL is replaced, the new network ACL takes effect immediately and controls traffic of ECS instances that belong to the vSwitch.
  • Disassociate a network ACL: You can disassociate a network ACL from a vSwitch. Then, the network ACL no longer controls traffic of the ECS instances that belong to the vSwitch.
  1. Log on to the VPC console.
  2. In the left-side navigation pane, click vSwitch.
  3. In the top navigation bar, select the region of the VPC to which the vSwitch belongs.
  4. On the vSwitch page, find the vSwitch that you want to manage and click its ID.
  5. In the vSwitch Basic Information section, you can perform the following operations:
    • Associate a network ACL
      1. Click Bind next to Network ACL.
      2. In the Bind Network ACL dialog box, select the network ACL that you want to associate and click OK.
    • Replace an associated network ACL
      1. Click Change next to Network ACL.
      2. In the Bind Network ACL dialog box, select the network ACL that you want to associate and click OK.
    • Disassociate a network ACL
      1. Click Unbind next to Network ACL.
      2. In the Unbind Network ACL message, click OK.

Delete a vSwitch

You can delete a vSwitch that you no longer need. After you delete a vSwitch, you cannot deploy cloud resources in it.

Before you delete a vSwitch, make sure that the following requirements are met:

  • Resources of the following services are deleted from the vSwitch: ECS, CLB, ApsaraDB RDS, ApsaraDB for MongoDB, PolarDB, Elasticsearch, Time Series Database (TSDB), ApsaraDB for HBase, ApsaraDB for ClickHouse, Tablestore, Container Registry, Elastic High Performance Computing (E-HPC), Data Lake Analytics (DLA), Database Backup (DBS), and Apsara File Storage NAS (NAS).
  • If the vSwitch that you want to delete is associated with SNAT entries, high-availability virtual IP addresses (HAVIPs), custom route tables, or network ACLs, delete them.
  1. Log on to the VPC console.
  2. In the left-side navigation pane, click vSwitch.
  3. Select the region where the vSwitch that you want to delete is deployed.
  4. On the vSwitch page, find the vSwitch that you want to delete and click Delete in the Actions column.
  5. In the Delete vSwitch message, click OK.