To enable private IPv6 communication among Elastic Compute Service (ECS) instances in a virtual private cloud (VPC), you can create ECS instances with IPv6 addresses in the VPC. Make sure that IPv6 is enabled for the VPC.
Regions that support IPv6 gateways
Area | Region |
China | China (Qingdao), China (Beijing), China (Zhangjiakou), China (Hohhot), China (Ulanqab), China (Hangzhou), China (Shanghai), China (Fuzhou - Local Region), China (Shenzhen), China (Heyuan), China (Guangzhou), China (Chengdu), and China (Hong Kong) |
Asia Pacific | Philippines (Manila), Singapore, Japan (Tokyo), South Korea (Seoul), Indonesia (Jakarta), Malaysia (Kuala Lumpur), and Thailand (Bangkok) |
Europe and Americas | US (Virginia), US (Silicon Valley), and Germany (Frankfurt) |
Middle East | SAU (Riyadh - Partner Region) Important The SAU (Riyadh) region is operated by a partner. |
Scenarios
The following scenario is used as an example. You want to enable IPv6 communication among ECS instances in Hangzhou Zone H.
You can create a VPC with an IPv6 CIDR block in China (Hangzhou) and create two ECS instances (ECS01 and ECS02) with IPv6 addresses. This way, ECS01 and ECS02 can communicate with each other through IPv6 addresses.
Prerequisites
Before you use cloud resources in a VPC, you must plan your networks. For more information, see Plan networks.
Procedure
The following section describes the general procedure.
Create a VPC with an IPv6 CIDR block and create a vSwitch
Before you assign an IPv6 address to an ECS instance, you must create a VPC with an IPv6 CIDR block and create a vSwitch.
Create and configure an ECS instance
You need to assign an IPv6 address to the ECS instance.
Configure security group rules
You can add security group rules to allow or deny ECS instances to access IPv6 addresses.
You can log on to one of the ECS instances to test whether the ECS instances can communicate with each other through IPv6 addresses.
(Optional) Delete the IPv6 gateway
Procedure
Resource Orchestration Service (ROS) console
Click Create Stack to go to the Resource Orchestration Service (ROS) console. You are automatically redirected to the Create Stack page.
Set the parameters based on the instructions and click Create.
On the Stacks page, if the status of the stack changes from Creating to Created, the VPC with IPv6 CIDR blocks is created.
Click the Output tab to view the created VPC, vSwitch, and ECS instances.
VPC console (manual creation)
Step 1: Create a VPC with an IPv6 CIDR block and create a vSwitch
Log on to the VPC console.
In the top navigation bar, select the region where you want to create the VPC. In this example, China (Hangzhou) is selected.
On the VPC page, click Create VPC.
On the Create VPC page, set the following parameters and click OK.
NoteIn this example, Assign (Alibaba Cloud) is selected for the IPv6 CIDR Block parameter. After the VPC is created, the system automatically assigns a /56 IPv6 CIDR block to the VPC and creates an IPv6 gateway. You can use the IPv6 gateway to control IPv6 traffic. For more information, see What is an IPv6 gateway?
Parameter
Description
VPC
Region
The region where you want to create the VPC is displayed. In this example, China (Hangzhou) is displayed.
Name
Enter a name for the VPC.
IPv4 CIDR Block
Enter a primary IPv4 CIDR block for the VPC. In this example, 192.168.0.0/16 is used.
NoteAfter you create the VPC, you cannot change its primary IPv4 CIDR block. However, you can add a secondary IPv4 CIDR block for the VPC. For more information, see the Add a secondary CIDR block section of the Create and manage a VPC topic.
IPv6 CIDR Block
Specify whether to assign an IPv6 CIDR block to the VPC. In this example, Assign (Alibaba Cloud) is selected.
If you select Assign (Alibaba Cloud), the system automatically assigns a /56 IPv6 CIDR block, for example, 2xx1:db8::/56, to the VPC and creates an IPv6 gateway. By default, IPv6 addresses are used only for communication within private networks.
NoteAfter you create the VPC, you cannot change the IPv6 CIDR block.
Description
Enter a description for the VPC.
Resource Group
Select the resource group to which the VPC belongs.
Tag Key
Select or enter a tag key. You can use tags to group VPCs.
Tag Value
Select or enter a tag value.
vSwitch
Name
Enter a name for the vSwitch.
Zone
Select a zone for the vSwitch from the drop-down list. In this example, Hangzhou Zone H is selected.
IPv4 CIDR Block
Enter an IPv4 CIDR block for the vSwitch. In this example, 192.168.24.0/24 is entered.
When you specify an IPv4 CIDR block for the vSwitch, take note of the following limits:
The CIDR block of a vSwitch must be a subset of the CIDR block of the VPC to which the vSwitch belongs.
For example, if the CIDR block of a VPC is 192.168.0.0/16, the CIDR block of a vSwitch in the VPC can range from 192.168.0.0/17 to 192.168.0.0/29.
The first IP address and the last three IP addresses of a vSwitch CIDR block are reserved.
For example, if a vSwitch CIDR block is 192.168.1.0/24, the IP addresses 192.168.1.0, 192.168.1.253, 192.168.1.254, and 192.168.1.255 are reserved.
If a vSwitch is required to communicate with vSwitches in other VPCs or with data centers, make sure that the CIDR block of the vSwitch does not overlap with the destination CIDR blocks.
NoteAfter you create the vSwitch, you cannot change its CIDR block.
IPv6 CIDR Block
Enter an IPv6 CIDR block for the vSwitch.
By default, the subnet mask of the IPv6 CIDR block for the vSwitch is /64. You can enter a decimal number from 0 to 255 to define the last 8 bits of the IPv6 CIDR block.
(Optional): If you need to add more vSwitches for the VPC, click Add below the vSwitch list and set the parameters.
You can create at most 10 vSwitches in each VPC.
Click OK.
Step 2: Create ECS instances
After you create a VPC and a vSwitch with IPv6 CIDR blocks, create ECS instances with IPv6 IP addresses. In this example, the ECS instances are named ECS01 and ECS02. After you create the ECS instances, assign IPv6 IP addresses to the ECS instances.
Log on to the VPC console.
In the left-side navigation pane, click vSwitch.
Select the region where the vSwitch resides. In this example, China (Hangzhou) is selected.
On the vSwitch page, find the vSwitch that you want to manage, and choose in the Actions column.
On the Custom Launch tab of the ECS instance buy page, set the parameters and complete the payment. For more information, see Create an instance by using the wizard.
Set the Quantity and IPv6 parameters based on the following information:
Quantity: Specify 2 Units.
IPv6: Select Assign IPv6 Address Free of Charge.
Go to the Instances page of the ECS console, click the instance IDs to view the assigned IPv6 addresses, and change the instance names to ECS01 and ECS02.
Configure the IPv6 addresses of ECS01 and ECS02.
For more information, see Configure an IPv6 address for an ECS instance that runs Windows and Configure an IPv6 address for an ECS instance that runs Linux.
Step 3: Configure security group rules
If the security group rules cannot meet your business requirements, you need to configure IPv6 security group rules for ECS01 and ECS02.
An inbound rule that allows Internet Control Message Protocol (ICMP) version 6 (ICMPv6) traffic to support operations such as running the
ping6
command on ECS instances.An inbound rule that allows traffic on SSH port 22 and Remote Desktop Protocol (RDP) port 3389 to access ECS instances, and that allows traffic on HTTP port 80 and HTTPS port 443 to access the web services provided by ECS instances.
Log on to the ECS console.
In the left-side navigation pane, choose
.In the top navigation bar, select a region from the drop-down list.
Find the security group and click Add Rules in the Actions column.
Configure security group rules.
Enter the IPv6 CIDR block that you want to authorize in the Authorization Object field. For example, enter ::/0 to authorize all IPv6 addresses.
For more information about the configurations and common use cases of security group rules, see Add a security group rule and Security groups for different use cases.
Test the network connectivity
After you complete the preceding operations, ECS01 and ECS02 in the VPC can communicate with each other through IPv6 addresses. You can perform the following operations to test the network connectivity between ECS01 and ECS02, and between ECS01 and IPv6 Internet.
In this example, ECS01 and ECS02 run the Alibaba Cloud Linux operating system. For more information about how to use the ping6 command in other operating systems, see the manual of the operating system that you use.
Test whether ECS01 and ECS02 can communicate with each other by using IPv6 addresses.
Log on to ECS01 and ECS02. For more information, see Connection method overview.
Run the
ping6
command on ECS01 tosend ICMP version 6 (ICMPv6) echo request packets
to the IPv6 address of ECS02.If ECS01 can receive ICMPv6 echo reply packets, the connection is established. The test result shows that ECS01 can access ECS02 by using the IPv6 address.
Run the
ping6
command on ECS02 to sendICMPv6 echo request packets
to the IPv6 address of ECS01.If ECS02 can receive ICMPv6 echo reply packets, the connection is established. The test result shows that ECS02 can access ECS01 by using the IPv6 address.
What to do next: Delete the IPv6 gateway
If you no longer need a VPC with an IPv6 CIDR block, you can delete the IPv6 gateway.
Log on to the VPC console.
In the left-side navigation pane, choose
.- In the top navigation bar, select the region where the IPv6 gateway is deployed.
- On the IPv6 Gateway page, find the IPv6 gateway that you want to delete and click Delete in the Actions column.
In the Delete IPv6 Gateway message, click OK.