All Products
Search

This Product

    Virtual Private Cloud:Create and manage an IPv4 gateway

    Document Center

    Virtual Private Cloud:Create and manage an IPv4 gateway

    Last Updated:Apr 23, 2024

    If you need to centrally manage Internet access for instances in a virtual private cloud (VPC), you can use IPv4 gateways and subnet routing. This topic describes how to create an IPv4 gateway and configure routes to complete the preceding task.

    Prerequisites

    A VPC and a vSwitch are created. For more information, see Create and manage a VPC and Create and manage a vSwitch.

    Limits

    • After you enable an IPv4 gateway for a VPC, you must configure the IPv4 gateway. Resources in the VPC cannot access the Internet until the configuration of the IPv4 gateway is complete.

    • Instances in a VPC can access the Internet only when an IPv4 gateway in the VPC is activated and routes that point to the IPv4 gateway are added to a route table of the VPC.

    • A VPC that uses an IPv4 gateway cannot contain elastic IP addresses (EIPs) in cut-through mode.

    • After you enable the IPv4 gateway feature for a VPC, you cannot disable the feature. For more information, see IPv4 gateway overview.

    Create an IPv4 gateway and associate it with a VPC

    Note

    For more information about the regions that support IPv4 gateways, see Feature release and supported regions.

    The IPv4 gateway can be created if it is compatible with the Internet NAT gateway in the VPC. Otherwise, the IPv4 gateway fails to be created. You can change the mode of the Internet NAT gateway to make it compatible with IPv4 gateways before you create an IPv4 gateway. For more information about how to change the mode of an Internet NAT gateway, see Change the mode of an Internet NAT gateway.

    1. Log on to the VPC console.

    2. In the top navigation bar, select the region where you want to create an IPv4 gateway.

    3. In the left-side navigation pane, click IPv4 Gateway.

    4. On the IPv4 Gateway page, click Create IPv4 Gateway.

    5. In the Create IPv4 Gateway dialog box, set the following parameters and click Create.

      Parameter

      Description

      Region

      Displays the region where you want to create the IPv4 gateway.

      VPC

      Select the VPC with which you want to associate the IPv4 gateway.

      Note

      The IPv4 gateway feature is an advanced VPC feature. If the VPC does not support the IPv4 gateway feature, contact Alibaba Cloud engineers.

      Name

      Enter a name for the IPv4 gateway.

      Description

      Enter a description for the IPv4 gateway.

    6. On the IPv4 Gateway page, view the created IPv4 gateway.

      After you create an IPv4 gateway, it is in the Available state.

    Activate the IPv4 gateway

    You need to activate the IPv4 gateway before it can forward traffic. You can use the IPv4 gateway to centrally manage Internet access for instances in the VPC only after the IPv4 gateway is activated.

    1. Log on to the VPC console.

    2. In the top navigation bar, select a region.

    3. In the left-side navigation pane, click IPv4 Gateway.

    4. On the IPv4 Gateway page, find the IPv4 gateway that you want to activate and click Activate in the Actions column.

    Add routes that point to the IPv4 gateway to a route table of the VPC

    You need to configure routes that point to the IPv4 gateway in the VPC route table so that instances in the VPC can access the Internet.

    1. Log on to the VPC console.

    2. In the left-side navigation pane, click Route Tables.

    3. On the Route Table page, find the VPC route table and click its ID.

      The route table is the one that is associated with the instances that require access to the Internet through the IPv4 gateway.

    4. On the details page of the route table, choose Route Entry List > Custom Route and click Add Route Entry.

    5. In the Add Route Entry panel, set the following parameters and click OK.

      Parameter

      Description

      Name

      Enter a name for the custom route.

      Destination CIDR Block

      Enter 0.0.0.0/0.

      Next Hop Type

      Select IPv4 Gateway.

      IPv4 Gateway

      Select an IPv4 gateway from the drop-down list.

    Optional operations

    Create a gateway route table and modify routes

    A route table associated with an IPv4 gateway is referred to as a gateway route table. You can modify routes to control traffic from the IPv4 gateway to the VPC. You can create only one gateway route table in a VPC.

    1. Log on to the VPC console.

    2. In the top navigation bar, select the region where you want to create a route table.

    3. In the left-side navigation pane, click Route Tables.

    4. On the Route Tables page, click Create Route Table.

    5. On the Create Route Table page, set the following parameters and click OK.

      Parameter

      Description

      Resource Group

      Select the resource group to which the route table belongs.

      VPC

      Select the VPC to which the route table belongs.

      In this example, the VPC to which the IPv4 gateway belongs is selected.

      Associated Resource Type

      Select the type of the resource with which you want to associate the route table.

      • vSwitch: The route table is associated with a vSwitch. In this case, the route table serves as a custom route table and is used to manage traffic within the vSwitch.

      • Border Gateway: The route table is associated with an IPv4 gateway. In this case, the route table serves as a gateway route table and is used to control traffic from the IPv4 gateway to the VPC.

      In this example, Border Gateway is selected.

      Name

      Enter a name for the route table.

      Description

      Enter a description for the route table.

      After the gateway route table is created, view it on the Route Tables page.

    6. On the Route Tables page, find the gateway route table and click its ID.

    7. On the Route Entry List > System Route tab, find the system route that you want to modify and click Edit in the Actions column.

    8. In the Edit Route Entry dialog box, set the following parameters and click OK.

      Parameter

      Description

      Destination CIDR Block

      Displays the destination CIDR block of traffic. You cannot modify Destination CIDR Block.

      Next Hop Type

      Select the next hop type. Valid values:

      • Local: Traffic destined for the destination CIDR block is routed to the VPC.

      • ECS Instance: Traffic destined for the destination CIDR block is routed to the specified ECS instance.

      • ENI: Traffic destined for the destination CIDR block is routed to the specified elastic network interface (ENI).

      Important

      If the next hop type is set to ENI or ECS Instance, you must first change the next hop type to Local, change the next hop type to ENI or ECS Instance, and then change the next hop. You cannot directly change the next hop when the next hop type is set to ENI or ECS Instance.

      Resource Group

      Select the resource group to which the next hop belongs.

      If Next Hop Type is set to ECS Instance or ENI, this parameter is required.

      ECS Instance or ENI

      Select an instance as the next hop.

      If Next Hop Type is set to ECS Instance or ENI, you must select an instance as the next hop.

      Name

      Enter a new name for the route.

      Description

      Enter a new description for the route table.

    Associate the gateway route table with the IPv4 gateway

    After the gateway route table is created, associate it with the IPv4 gateway. Then, you can configure routes to manage traffic from the IPv4 gateway to the VPC.

    1. Log on to the VPC console.

    2. In the top navigation bar, select the region where the IPv4 gateway is deployed.

    3. In the left-side navigation pane, click IPv4 Gateway.

    4. On the IPv4 Gateway page, find the IPv4 gateway that you want to manage and click its ID.

    5. On the details page of the IPv4 gateway, click Bind in the Gateway Route Entries tab.

    6. In the Associate Route Table dialog box, select the gateway route table that you want to associate and click OK.

      In the Associated with Route Table section of the Gateway Route Entries tab, you can view the gateway route table associated with the IPv4 gateway.

    Disassociate the gateway route table from the associated IPv4 gateway

    1. Log on to the VPC console.

    2. In the top navigation bar, select the region where the IPv4 gateway is deployed.

    3. In the left-side navigation pane, click IPv4 Gateway.

    4. On the IPv4 Gateway page, find the IPv4 gateway that you want to manage and click its ID.

    5. On the IPv4 gateway details page, click Replace Associated Route Table in the Gateway Route Entries tab.

    6. In the Associate Route Table dialog box, select Disassociate Route Table and click OK.

    Delete an IPv4 gateway

    Before you delete an IPv4 gateway from a VPC, you must disassociate the gateway route table associated with the IPv4 gateway and delete the routes that point to the IPv4 gateway from the route tables of the VPC. For more information about how to delete custom routes, see Create and manage route tables.

    Important

    After you delete the IPv4 gateway, cloud resources in the VPC cannot communicate with the Internet. Proceed with caution.

    1. Log on to the VPC console.

    2. In the top navigation bar, select the region where the IPv4 gateway is deployed.

    3. In the left-side navigation pane, click IPv4 Gateway.

    4. On the IPv4 Gateway page, find the IPv4 gateway that you want to delete and click Delete in the Actions column.

    5. In the Delete message, click OK.

    Related operations

    Operation

    Procedure

    Modify an IPv4 gateway

    1. On the IPv4 Gateway page, find the IPv4 gateway that you want to modify and click its ID.

    2. On the details page of the IPv4 gateway, click Edit next to IPv4 Gateway Name in the Basic Information section.

    3. In the dialog box that appears, enter a new name and click OK.

    4. On the details page of the IPv4 gateway, click Edit next to Description in the Basic Information section.

    5. In the dialog box that appears, enter a new description and click OK.

    Replace the gateway route table that is associated with an IPv4 gateway

    1. On the IPv4 Gateway page, find the IPv4 gateway that you want to manage and click its ID.

    2. In the Gateway Route Entries section, click Replace Associated Route Table.

    3. In the dialog box that appears, select Replace Custom Route Table, select a new route table from the drop-down list, and then click OK.

    Modify a gateway route table

    1. On the Route Tables page, find the gateway route table that you want to manage and click its ID.

    2. On the details page of the gateway route table, click Edit next to Name.

    3. In the dialog box that appears, enter a new name and click OK.

    4. On the details page of the gateway route table, click Edit next to Description.

    5. In the dialog box that appears, enter a new description and click OK.

    6. On the Route Entry List tab, find the route that you want to modify and click Edit in the Actions column.

    7. In the dialog box, modify the information about the route and click OK.

    References