Virtual Private Cloud:Create a VPC with an IPv6 CIDR block

Step 1: Create a VPC and vSwitch

1. Log on to the VPC console.

2. In the top menu bar, select the region of the VPC. In this topic, China (Hangzhou) is used.

3. On the VPC page, click Create VPC. Configure the VPC and vSwitch as follows, and click OK:

   Only parameters that are closely related to this topic are listed here. Use default values for other parameters. For more information, see Create and manage a VPC.

   • VPC:

     • IPv4 CIDR Block: Select Manually enter an IPv4 CIDR block.

     • Enter IPv4 CIDR Block: Enter the primary IPv4 CIDR block of the VPC according to the configuration recommendations. This CIDR block cannot be modified after the VPC is created, but you can add a secondary IPv4 CIDR block.

       Note

       In scenarios where multiple VPCs are used or in a hybrid cloud with data centers and VPCs, we recommend that you use subsets of standard private CIDR blocks as defined by Request for Comments (RFC) documents with masks no more than 16 bits in length. Make sure that the CIDR blocks of multiple VPCs do not overlap with each other, and that those of VPCs do not overlap with those of data centers.

     • IPv6 CIDR Block: Select Assign BGP (Multi-ISP) in this example to quickly set up a VPC. The system automatically creates an IPv6 gateway for the VPC and assigns an IPv6 CIDR block with a mask of /56. By default, IPv6 addresses only have private network communication capabilities. After the VPC is created, you cannot modify the IPv6 CIDR block, but you can add one.

       Note

       • If you no longer need the IPv6 gateway, click Access to Internet > IPv6 Gateway in the left-side navigation pane, and click Delete in the Actions column of the target IPv6 gateway.

       • If you no longer need to communicate through IPv6 addresses, click Disable IPv6 in the IPv6 CIDR Block column of the target VPC.

   • vSwitch:

     • Zone: The availability of cloud resources in each zone varies with the time of creation. The inventory of instances is subject to the sales page.

     • IPv4 CIDR Block: Configure the IPv4 CIDR block of the vSwitch based on the configuration recommendations. After the vSwitch is created, you cannot change the CIDR block.

     • IPv6 CIDR Block: Configure the IPv6 CIDR block of the vSwitch, which has a mask of /64 by default. You can enter a decimal number from 0 to 255 to define the last 8 bits of the CIDR block.

       Note

       • If the vSwitch needs to communicate with vSwitches in other VPCs or with data centers, make sure that the CIDR block of the vSwitch does not overlap with the destination CIDR blocks.

       • If you need to create multiple vSwitches for the VPC, click Add under vSwitch, and configure parameters.

Step 2: Create and configure ECS instances

After creating a VPC and vSwitch with IPv6 CIDR blocks, you must create ECS01 and ECS02 instances with IPv6 addresses.

1. In the left-side navigation pane, click vSwitch and select the region. In this topic, China (Hangzhou) is chosen.

2. On the vSwitch page, find the target switch, and select Add Cloud Service > ECS Instance in the Actions column.

3. On the Elastic Compute Service purchase page, click the Custom Launch tab, configure the ECS instance and complete the creation.

   • Change the Quantity to 2.

   • Select Assign IPv6 Address Free of Charge at IPv6.

4. Click Create Order and complete the payment. View the created ECS instances on the Instances page on the Console.

5. Configure the IPv6 addresses for network interface cards (NICs) of ECS instances for the operating system to identify and activate IPv6 addresses.

Step 3: Configure security group rules

If the security group rules cannot meet your business requirements, configure IPv6 security group rules for ECS01 and ECS02 instances separately.

• An inbound rule that allows Internet Control Message Protocol (ICMP) version 6 (ICMPv6) traffic to support operations such as running the ping6 command on ECS instances.

• An inbound rule that allows traffic on SSH port 22 and Remote Desktop Protocol (RDP) port 3389 to access ECS instances, and that allows traffic on HTTP port 80 and HTTPS port 443 to access the web services provided by ECS instances.

1. Log on to the ECS console.

2. In the left-side navigation pane, select Network & Security > Security Groups.

3. In the upper left corner of the top menu bar, select the region. In this topic, China (Hangzhou) is selected.

4. Find the target security group, and click Manage Rules in the Actions column.

5. Configure security group rules according to the following table, allow ICMP protocol, and authorize all IPv4 and IPv6 addresses. For more information, see Guidelines for using security groups and use cases.

   Action	Priority	Protocol	Port range	Authorization object
   Allow	1	All ICMP(IPv6)	Source: -1/-1 Destination: -1/-1	Source: All IPv6 (::/0)
   Allow	1	All ICMP(IPv4)	Source: -1/-1 Destination: -1/-1	Source: All IPv4 (0.0.0.0/0)