By default, Enterprise Edition transit routers can forward IPv6 traffic, learn IPv6 routes, and advertise IPv6 routes. This topic describes how to use Enterprise Edition transit routers to establish IPv6 communication among VPCs in different regions.
Sample scenario
In this example, a company created an IPv4 VPC (VPC1) in the Germany (Frankfurt) region and an IPv4 VPC (VPC2) in the Philippines (Manila) region. Both VPCs contain Elastic Compute Service (ECS) instances on which applications are deployed. To support business development, the company wants to establish IPv6 communication between the VPCs.
Prerequisites
An IPv4 VPC is created in each of the Germany (Frankfurt) and Philippines (Manila) regions. Applications are deployed on the ECS instances in the VPCs. For more information, see Create a VPC with an IPv4 CIDR block.
A Cloud Enterprise Network (CEN) instance is created. For more information, see Create a CEN instance.
Procedure
Step 1: Enable IPv6 for the VPCs
To establish IPv6 communication for a VPC, you must enable the IPv6 feature for the VPC. Perform the following steps to enable IPv6 for VPC1 and VPC2.
Log on to the VPC console.
In the top navigation bar, select the region of the VPC.
On the VPC page, find the VPC that you want to manage and click Enable IPv6 in the IPv6 CIDR Block column.
In the Enable IPv6 dialog box, set IPv6 CIDR Block Type to Assign BGP (Multi-ISP), select Automatically Enable IPv6 for All vSwitches, and then click OK.
If you do not select Automatically Enable IPv6 for All vSwitches, you must assign an IPv6 CIDR block to each vSwitch. For more information, see Enable IPv6 for a vSwitch.
After you enable IPv6 for the VPC and the vSwitches, the system assigns IPv6 CIDR blocks to the VPC and vSwitches. You can view the IPv6 CIDR blocks in the IPv6 CIDR Block column on the VPC or vSwitch page. The following figure shows how to view the IPv6 CIDR block of a VPC. The procedure for viewing the IPv6 CIDR block of a vSwitch is similar.
Step 2: Assign IPv6 addresses to the ECS instances
Before you establish IPv6 communication between resources, make sure that the resources are assigned an IPv6 address. In this example, an IPv6 address is assigned to ECS1 and ECS3. ECS1 and ECS3 use the 64-bit Alibaba Cloud Linux 3.2104 LTS operating system.
Assign an IPv6 address to each ECS instance. For more information, see Assign an IPv6 address to an ECS instance.
NoteIf an IPv6 address is already assigned when you create the ECS instance, skip this step.
Configure the IPv6 addresses for the ECS instances. For more information, see Configure an IPv6 address.
The following figure shows the IPv6 addresses of ECS1 and ECS3.
IPv6 address of ECS1
IPv6 address of ECS3
Step 3: Create transit routers
Create a transit router in each of the Germany (Frankfurt) and Philippines (Manila) regions on the CEN instance. The transit routers are used to establish inter-region communication between the VPCs.
Log on to the CEN console.
On the Instances page, click the ID of the CEN instance that you want to manage.
Choose and click Create Transit Router.
In the Create Transit Router dialog box, configure the parameters and click OK.
Configure the Region parameter and retain the default values of the other parameters. For more information, see Create a route router.
Step 4: Create VPC connections
Before you can establish communication between VPCs in different regions, you must connect the VPCs to the transit routers.
Log on to the CEN console.
On the Instances page, click the ID of the CEN instance that you want to manage.
On the tab, find the transit router created in Step 3 and click Create Connection in the Actions column.
On the Connection with Peer Network Instance page, configure the parameters and click OK.
Connect VPC1 to the transit router in the Germany (Frankfurt) region and VPC2 to the transit router in the Philippines (Manila) region. The following table describes only some of the parameters. Other parameters use the default values. For more information, see Create a VPC connection.
Parameter
Description
VPC1
VPC2
Network Type
Select VPC.
Region
Select the region of the network instance.
Select Germany (Frankfurt).
Select Philippines (Manila).
IPv6
Specify whether to enable IPv6. IPv6 is disabled by default.
If you want to establish IPv6 communication for the VPC by using the Enterprise Edition transit router, enable IPv6.
NoteYou can enable IPv6 for existing VPC connections. For more information, see Enable IPv6 for an existing VPC connection.
Enable IPv6.
Enable IPv6.
Transit Router
The transit router in the selected region is automatically displayed.
Resource Owner ID
Select the Alibaba Cloud account to which the instance belongs.
Select Current Account.
Select Current Account.
Network Instance
Select the VPC that you want to connect to the transit router.
Select VPC1.
Select VPC2.
vSwitch
Select the vSwitches that are deployed in the zones of the transit router.
If the Enterprise Edition transit router is deployed in a region that supports only one zone, select one vSwitch in the zone.
If the Enterprise Edition transit router is deployed in a region that supports multiple zones, select at least two vSwitches. The two vSwitches must be in different zones. The two vSwitches support zone-disaster recovery to ensure uninterrupted data transmission between the VPC and the transit router.
We recommend that you select a vSwitch in each zone to reduce the network latency and improve network performance because data can be transmitted over a shorter distance.
If no vSwitches exist in the zones, create vSwitches. For more information, see Create a vSwitch.
Advanced Settings
By default, the advanced features are enabled. In this example, the default settings are retained.
Step 5: Create an inter-region connection
After you connect the VPCs to the transit routers, create an inter-region connection to allow the VPCs to communicate with each other across regions.
Log on to the CEN console.
On the Instances page, click the ID of the CEN instance that you want to manage.
On the tab, find the transit router created in Step 3 and click Create Connection in the Actions column.
On the Connection with Peer Network Instance page, configure the parameters and click OK.
The following table describes only some of the parameters. Other parameters use the default values. For more information, see Use an Enterprise Edition transit router to create an inter-region connection.
Parameter
Description
Network Type
Select Inter-region Connection.
Region
Select one of the regions to be connected.
In this example, Germany (Frankfurt) is selected.
Peer Region
Select the other region to be connected.
In this example, Philippines (Manila) is selected.
Bandwidth Allocation Mode
Select the method that is used to allocate bandwidth to the inter-region connection.
In this example, Pay-By-Data-Transfer is selected. You are charged based on the amount of data transfer over the inter-region connection.
Bandwidth
Specify a maximum bandwidth value for the inter-region connection. Unit: Mbit/s.
If you select Pay-By-Data-Transfer, the Bandwidth parameter specifies the maximum bandwidth of the inter-region connection.
Default Line Type
Select a line type for the inter-region connection.
In this example, the default value is used. For more information about line types, see Line types.
Advanced Settings
By default, the advanced features are enabled. In this example, the default settings are retained.
Step 6: Enable route synchronization
By default, Enterprise Edition transit routers do not advertise IPv6 routes to VPCs. To allow the Enterprise Edition transit router to advertise IPv6 routes to VPC1 and VPC2, enable the route synchronization feature.
Log on to the CEN console.
On the Instances page, click the ID of the CEN instance that you want to manage.
On the tab, click the ID of the transit router in the Germany (Frankfurt) region.
On the Intra-region Connections tab, find the VPC1 connection and enable route synchronization in the Route Synchronization column.
Repeat this step to enable route synchronization for VPC2 on the transit router in the Philippines (Manila) region.
After you enable route synchronization, the Enterprise Edition transit router automatically synchronizes routes to network instances. You can click Details in the Route Synchronization column to view route synchronization details on the Network Instance Route Table tab.
Routes of VPC1
Routes of VPC2
Step 7: Test network connectivity
After you complete the preceding steps, VPC1 and VPC2 can communicate with each other over IPv6. This step tests the IPv6 network connectivity between the VPCs.
By default, the security group rules do not allow IPv6 communication. Before you perform this step, make sure that the security group rules of ECS1 and ECS3 allow IPv6 communication. For more information, see View security group rules and Add a security group rule.
For example, configure an allow rule in the inbound direction and set the protocol to ICMP (IPv6) and the authorization object to ::/0. Then, you can use this rule to test IPv6 network connectivity.
Log on to ECS1 in VPC1. For more information, see Connection method overview.
Run the following command to test whether the IPv6 address of ECS1 can access ECS3 in VPC2:
ping6 <IPv6 address of ECS3>If ECS1 receives the following echo reply packet, the VPCs can communicate with each other over IPv6.
