Virtual Private Cloud:Create and manage a vSwitch

Create a vSwitch

After you create a VPC, you can create one or more vSwitches to create one or more subnets in the VPC. vSwitches within the same VPC can communicate with each other. Cloud resources must be deployed in vSwitches. You can deploy applications in vSwitches that belong to different zones to ensure service availability. vSwitches do not support multicast or broadcast.

1. Log on to the VPC console.
2. In the left-side navigation pane, click vSwitch.
3. Select the region of the VPC for which you want to create a vSwitch.
4. On the vSwitch page, click Create vSwitch.
5. On the Create vSwitch page, set the following parameters.

   Parameter	Description
   VPC	Select the VPC for which you want to create the vSwitch.
   IPv4 CIDR Block	The IPv4 CIDR block of the selected VPC is displayed. If the VPC has a secondary IPv4 CIDR block, you can specify the primary or secondary IPv4 CIDR block as the CIDR block of the vSwitch based on your business requirements.
   IPv6 CIDR Block	Select the IPv6 CIDR block of the VPC from the drop-down list. If you select Default, IPv6 is disabled for the vSwitch. Note Regions that support IPv6 CIDR blocks are: China (Qingdao), China (Beijing), China (Zhangjiakou), China (Hohhot), China (Ulanqab), China (Hangzhou), China (Shanghai), China (Fuzhou-Local Region), China (Shenzhen), China (Heyuan), China (Guangzhou), China (Chengdu), China (Hong Kong), Philippines (Manila), Singapore, US (Virginia), and Germany (Frankfurt). If IPv6 is disabled for the VPC, click Enable IPv6 CIDR Block. After IPv6 is enabled, the system automatically creates an IPv6 gateway free of charge.
   Resource Group	Select the resource group to which the VPC belongs.
   VSwitch
   Name	Enter a name for the vSwitch.
   Zone	In the drop-down list, select a zone for the vSwitch. In the same VPC, vSwitches in different zones can communicate with each other. The drop-down list shows whether Elastic Compute Service (ECS) instances, ApsaraDB RDS instances, internal-facing Classic Load Balancer (CLB) instances, and internal-facing Application Load Balancer (ALB) instances are supported in each zone. The supported cloud resources vary based on the zone and the creation time of the cloud resources. The instances provided in this topic are for reference only. The actual instances on the buy page shall prevail.
   IPv4 CIDR Block	Enter an IPv4 CIDR block for the vSwitch. When you specify a CIDR block for the vSwitch, take note of the following limits: The CIDR block of a vSwitch must be a subset of the CIDR block of the VPC to which the vSwitch belongs. For example, if the CIDR block of a VPC is 192.168.0.0/16, the CIDR block of a vSwitch in the VPC can range from 192.168.0.0/17 to 192.168.0.0/29. The first IP address and the last three IP addresses of a vSwitch CIDR block are reserved. For example, if a vSwitch CIDR block is 192.168.1.0/24, the IP addresses 192.168.1.0, 192.168.1.253, 192.168.1.254, and 192.168.1.255 are reserved. If a vSwitch is required to communicate with vSwitches in other VPCs or with data centers, make sure that the CIDR block of the vSwitch does not overlap with the destination CIDR blocks. Note After you create a vSwitch, you cannot change its CIDR block.
   IPv6 CIDR Block	Specify whether to enable IPv6 for the vSwitch. If you enable IPv6, you must specify an IPv6 CIDR block for the vSwitch. Note If your VPC is assigned an IPv6 CIDR block, you must configure the IPv6 CIDR block of the vSwitch. If your VPC is not assigned an IPv6 CIDR block, you do not need to configure the IPv6 CIDR block of the vSwitch. In this example, Enable is selected. By default, the subnet mask of the IPv6 CIDR block of a vSwitch is /64. You can enter a decimal number from 0 to 255 to define the last 8 bits of the IPv6 CIDR block. For example, if the IPv6 CIDR block of the VPC is 2408:4005:3c5:6e00::/56, you can enter 255 (ff in hexadecimal format) for the IPv6 CIDR block of the vSwitch. In this case, the IPv6 CIDR block of the vSwitch is 2408:4005:3c5:6eff::/64.

6. Optional:If you want to create more vSwitches, click Add below the vSwitch list, and set the parameters.
   You can create at most 10 vSwitches in a VPC.
7. Click OK.

Modify the basic information about a vSwitch

After you create a vSwitch, you can modify its name and description.

1. Log on to the VPC console.
2. In the left-side navigation pane, click vSwitch.
3. Select the region of the vSwitch that you want to manage.
4. On the vSwitch page, find the vSwitch that you want to manage and click its ID.
5. In the vSwitch Basic Information section, click Edit next to Name. In the dialog box that appears, enter a new name for the vSwitch and click OK.
6. Click Edit next to Description. In the dialog box that appears, enter a new description and click OK.

Deploy cloud resources in a vSwitch

You cannot directly deploy cloud resources in a VPC. You must deploy cloud resources in a vSwitch that belongs to the VPC.

1. Log on to the VPC console.
2. In the left-side navigation pane, click vSwitch.
3. In the top navigation bar, select the region of the VPC to which the vSwitch belongs.
4. On the vSwitch page, click the ID of the vSwitch.
5. On the Resource tab of the details page, you can create resources based on your requirements.
6. On the page that appears, create a cloud resource.

Associate with a custom route table

• Associate a custom route table: If a vSwitch is associated with the system route table, you can associate the vSwitch with a custom route table to manage routes of the vSwitch. Each vSwitch can be associated with only one custom route table or one system route table. After a vSwitch is associated with a custom route table, the system route table is automatically disassociated from the vSwitch.
• Replace a custom route table: You can replace the custom route table associated with a vSwitch with another one as needed.
• Disassociate a custom route table: You can disassociate a custom route table from a vSwitch. After the custom route table is disassociated, the vSwitch is automatically associated with the system route table.

1. Log on to the VPC console.
2. In the left-side navigation pane, click vSwitch.
3. In the top navigation bar, select the region of the VPC to which the vSwitch belongs.
   For more information about the regions that support custom route tables, see Regions that support custom route tables.
4. On the vSwitch page, find the vSwitch that you want to manage and click its ID.
5. In the vSwitch Basic Information section, click the Route tab. You can associate, replace, or disassociate a custom route table on the Route tab.
   • Replace the system route table with a custom route table
     1. In the Associated with Route Table dialog box, click Bind next to the system route table.
     2. In the Associate RouteTable dialog box, select a custom route table from the Replace Custom Route Table drop-down list, and then click OK.
   • Replace a custom route table with another one
     1. In the Associated with Route Table section, click Bind next to the custom route table.
     2. In the Associate RouteTable dialog box, select a custom route table from the Replace Custom Route Table drop-down list, and then click OK.
   • Disassociate a custom route table
     1. In the Associated with Route Table section, click Bind next to the custom route table.
     2. In the Associate RouteTable dialog box, select Unbind Route Table and click OK.
     3. In the Unbind Route Table message, click OK.

Add a reserved CIDR Block

• After you add a reserved CIDR block for a vSwitch, when the VPC to which the vSwitch belongs allocates private IP addresses to resources in the VPC, the reserved CIDR block is not used.
• After you add a reserved CIDR block for a vSwitch, the CIDR block cannot contain the IP address of the subnet gateway of the VPC to which the vSwitch belongs.
• You can create at most 10 reserved IPv4 CIDR blocks and 10 reserved IPv6 CIDR blocks for each vSwitch in a VPC.
• After you add a reserved CIDR block, when the system automatically allocates a CIDR block to an elastic network interface (ENI), the CIDR block must be allocated from the reserved CIDR block. If the reserved CIDR block is exhausted, the system returns an error.

1. Log on to the VPC console.
2. In the left-side navigation pane, click vSwitch.
3. In the top navigation bar, select the region of the VPC to which the vSwitch belongs.
4. On the vSwitch page, find the vSwitch that you want to manage and click its ID.
5. In the vSwitch Basic Information section, click the Reserved CIDR Block tab to add a reserved IPv4 or IPv6 CIDR block.
   • Add a reserved IPv4 CIDR block
     1. On the IPv4 tab, click Add Reserved CIDR Block.
     2. In the Add Reserved CIDR Block dialog box, set the following parameters and click OK.

        Parameter	Description
        Name	Enter a name.
        Method	Select a method to add the reserved CIDR block. You can use one of the following methods: Specify CIDR Block Specify Mask Length Note The reserved IPv4 CIDR block must be a proper subset of the IPv4 CIDR block of the vSwitch. The subnet mask length of the reserved CIDR block must be greater than the IPv4 subnet mask length of the vSwitch and cannot be greater than 28.
        CIDR Block	Enter the reserved IPv4 CIDR block. To add multiple IPv4 CIDR blocks, click . To delete an IPv4 CIDR block, click . Note If you set Method to Specify CIDR Block, this parameter is required.
        Mask Length	Enter the mask length of the reserved CIDR block. To specify multiple mask lengths, click . To delete a mask length, click . Note If you set Method to Mask Length, this parameter is required.

   • Add a reserved IPv6 CIDR block
     1. Click the IPv6 tab and click Add Reserved CIDR Block.
     2. In the Add Reserved CIDR Block dialog box, set the following parameters and click OK.

        Parameter	Description
        Name	Enter a name.
        Method	Select a method to add the reserved CIDR block. You can use one of the following methods: Specify CIDR Block Specify Mask Length Note The reserved IPv6 CIDR block must be a proper subset of the IPv6 CIDR block of the vSwitch. The subnet mask length of the reserved CIDR block must be greater than the IPv6 subnet mask length of the vSwitch and cannot be greater than 80.
        CIDR Block	Enter the reserved IPv6 CIDR block. To add multiple IPv6 CIDR blocks, click . To delete an IPv6 CIDR block, click . Note If you set Method to Specify CIDR Block, this parameter is required.
        Mask Length	Enter the mask length of the reserved CIDR block. To specify multiple mask lengths, click . To delete a mask length, click . Note If you set Method to Mask Length, this parameter is required.

View an allocated CIDR block and delete a reserved CIDR block

Before you delete a reserved CIDR block, make sure that no CIDR block is allocated to an ENI from the reserved CIDR block. Otherwise, release the CIDR block allocated to the ENI first. Fore more information, see Unassign secondary private IP addresses.

1. Log on to the VPC console.
2. In the left-side navigation pane, click vSwitch.
3. In the top navigation bar, select the region of the VPC to which the vSwitch belongs.
4. On the vSwitch page, find the vSwitch that you want to manage and click its ID.
5. In the vSwitch Basic Information section, click the Reserved CIDR Block tab to view an allocated CIDR block or delete a reserved CIDR block.
   • View an allocated CIDR block

     Action	Details
     View an allocated IPv4 CIDR block	Click the IPv4 tab or IPv6 tab, find the reserved IPv4 CIDR block, and then lick View Used IP in the Actions column. In the Used CIDR Blocks dialog box, you can view the IPv4 CIDR block allocated to an ENI from the reserved CIDR block.
     View an allocated IPv6 CIDR block	Click the IPv4 tab or IPv6 tab, find the reserved IPv6 CIDR block, and then lick View Used IP in the Actions column. In the Used CIDR Blocks dialog box, you can view the IPv6 CIDR block allocated to an ENI from the reserved CIDR block.

   • Delete a reserved CIDR block

     Action	Details
     Delete a reserved IPv4 CIDR block	Click the IPv4 tab or IPv6 tab, find the reserved IPv4 CIDR block, and then lick Delete in the Actions column. In the Delete Reserved CIDR Block message, click OK.
     Delete a reserved IPv6 CIDR block	Click the IPv4 tab or IPv6 tab, find the reserved IPv6 CIDR block, and then lick Delete in the Actions column. In the Delete Reserved CIDR Block message, click OK.

Associate with a network ACL

After you create a network ACL, you can perform the following operations on a vSwitch. For more information about how to create a network ACL, see Work with network ACLs.

• Associate with a network ACL: You can associate the vSwitch with a network ACL to control traffic of the ENIs on the vSwitch.
• Replace the associated network ACL: You can replace the network ACL that is associated with the vSwitch with another network ACL. After the network ACL is replaced, the new network ACL takes effect immediately and controls traffic of the ECS instances in the vSwitch.
• Disassociate from a network ACL: You can disassociate the vSwitch from a network ACL. Then, the network ACL no longer controls traffic of the ECS instances in the vSwitch.

1. Log on to the VPC console.
2. In the left-side navigation pane, click vSwitch.
3. In the top navigation bar, select the region of the VPC to which the vSwitch belongs.
4. On the vSwitch page, find the vSwitch that you want to manage and click its ID.
5. In the vSwitch Basic Information section, you can perform the following operations:
   • Associate with a network ACL
     1. Click Bind next to Network ACL.
     2. In the Bind Network ACL panel, select the network ACL that you want to use and click OK.
   • Replace the associated network ACL
     1. Click Change next to Network ACL.
     2. In the Bind Network ACL panel, select the network ACL that you want to use and click OK.
   • Disassociate from a network ACL
     1. Click Unbind next to Network ACL.
     2. In the Unbind Network ACL message, click OK.

Delete a vSwitch

You can delete a vSwitch that you no longer use. After you delete a vSwitch, you cannot deploy cloud resources in it.

Before you delete a vSwitch, make sure that the following requirements are met:

• The following types of resource are deleted from the vSwitch: ECS, CLB, ApsaraDB RDS, ApsaraDB for MongoDB, PolarDB, Elasticsearch, Time Series Database (TSDB), ApsaraDB for HBase, ApsaraDB for ClickHouse, Tablestore, Container Registry, Elastic High Performance Computing (E-HPC), Data Lake Analytics (DLA), Database Backup (DBS), and Apsara File Storage NAS (NAS).
• If the vSwitch that you want to delete is associated with SNAT entries, high-availability virtual IP addresses (HAVIPs), custom route tables, or network ACLs, disassociate the vSwitch from them.

1. Log on to the VPC console.
2. In the left-side navigation pane, click vSwitch.
3. Select the region where the vSwitch that you want to delete is deployed.
4. On the vSwitch page, find the vSwitch that you want to delete and click Delete in the Actions column.
5. In the Delete vSwitch message, click OK.

References

• CreateVSwitch: creates a vSwitch.
• ModifyVSwitchAttribute: modifies the basic information about a vSwitch.
• AssociateRouteTable: associates a vSwitch with a custom route table.
• UnassociateRouteTable: disassociates a vSwitch from a custom route table.
• AssociateNetworkAcl: associates a vSwitch with a network ACL.
• UnassociateNetworkAcl: disassociates a vSwitch from a network ACL.
• DeleteVSwitch: deletes a vSwitch.