Create and manage vSwitches

Background

Create a vSwitch

All vSwitches in a VPC interconnect. To deploy cloud resources, you must place them in vSwitches. For high availability, span applications across zones. Multicasting and broadcasting are not supported.

1. Log on to the VPC console.

2. In the navigation pane on the left, click vSwitch. In the top navigation bar, select the region where you want to create a vSwitch. On the vSwitch page, click Create vSwitch, and configure it as follows:

   Parameter	Description

   Parameter	Description
   VPC	Select the VPC for which you want to create the vSwitch.
   IPv4 CIDR Block	The IPv4 CIDR block of the selected VPC is displayed. If the VPC has a secondary IPv4 CIDR block, specify the primary or secondary IPv4 CIDR block as the CIDR block of the vSwitch.
   IPv6 CIDR Block	Select the IPv6 CIDR block of the VPC from the drop-down list. If you select Do Not Assign, IPv6 is disabled for the vSwitch. Note For regions that support IPv6 CIDR blocks, see Regions that support IPv4/IPv6 dual-stack. After a VPC is created, you cannot modify its IPv6 CIDR block, but you can add secondary CIDR blocks.
   vSwitch
   Zone	In the drop-down list, select a zone for the vSwitch. In the same VPC, vSwitches in different zones can communicate with each other. The drop-down list shows whether the following instance types are supported in each zone: Elastic Compute Service (ECS), ApsaraDB RDS, internal-facing Classic Load Balancer (CLB), internal-facing Application Load Balancer (ALB). The supported cloud resources vary based on the zone and the creation time of the cloud resources. Instances provided in this topic are for reference only. The actual instances on the buy page shall prevail.
   IPv4 CIDR Block	Enter an IPv4 CIDR block for the vSwitch. Take note of the following limits: The CIDR block of a vSwitch must be a subset of the CIDR block of the VPC with a maximum mask of /29. For example, if the VPC has a CIDR block of 192.168.0.0/16, that of a vSwitch can range from 192.168.0.0/17 to 192.168.0.0/29. 100.64.0.0/10 is reserved by Alibaba Cloud. Therefore, 100.64.0.0/10 and its subnets cannot be used as the IPv4 CIDR block of the vSwitch. The first IP address and last three IP addresses of a vSwitch CIDR block are reserved. For example, if a vSwitch CIDR block is 192.168.1.0/24, the IP addresses 192.168.1.0, 192.168.1.253, 192.168.1.254, and 192.168.1.255 are reserved. If a vSwitch needs to communicate with vSwitches in other VPCs or with data centers, make sure that its CIDR block does not overlap with the destination ones. Note After the vSwitch is created, you cannot modify its CIDR block.
   IPv6 CIDR Block	Enable IPv6 and configure an IPv6 CIDR block for the vSwitch. Note If the VPC is assigned an IPv6 CIDR block, you must configure the IPv6 CIDR block of the vSwitch. By default, the subnet mask of the IPv6 CIDR block for the vSwitch is /64. You can enter a decimal number from 0 to 255 to define the last 8 bits of the IPv6 CIDR block. For example, if the IPv6 CIDR block of the VPC is 2408:XXXX:XXXX:6e00::/56, you can enter 255 (ff in hexadecimal format) for the IPv6 CIDR block of the vSwitch. In this case, the IPv6 CIDR block of the vSwitch is 2408:XXXX:XXXX:6eff::/64. The first IPv6 address and last nine IPv6 addresses are reserved by the system. For example, if the IPv6 CIDR block of a vSwitch is 2408:XXXX:XXXX:6eff::/64, the first IPv6 address 2408:XXXX:XXXX:6eff:: and the last nine IPv6 addresses are reserved by the system: 2408:XXXX:XXXX:6eff:ffff:ffff:ffff:fff7, 2408:XXXX:XXXX:6eff:ffff:ffff:ffff:fff8, 2408:XXXX:XXXX:6eff:ffff:ffff:ffff:fff9, 2408:XXXX:XXXX:6eff:ffff:ffff:ffff:fffa, 2408:XXXX:XXXX:6eff:ffff:ffff:ffff:fffb, 2408:XXXX:XXXX:6eff:ffff:ffff:ffff:fffc, 2408:XXXX:XXXX:6eff:ffff:ffff:ffff:fffd, 2408:XXXX:XXXX:6eff:ffff:ffff:ffff:fffe, and 2408:XXXX:XXXX:6eff:ffff:ffff:ffff:ffff.

3. Optional: To create multiple vSwitches, click Add under the vSwitch section and enter the parameters.

   Note

   By default, you can create up to 150 vSwitches in a VPC. To increase the quota, go to the Quota Management page or Quota Center.

Create a cloud resource

Create cloud resources in a vSwitch as needed.

1. On the vSwitch page, click the ID of the vSwitch.

2. Under the Resources tab, choose the basic and network resources to be created.

3. On the page that appears, create a cloud resource.

Associate a vSwitch with a custom route table

After creating a custom route table, perform the following steps to associate, replace, or disassociate a custom route table to change the vSwitch routing policies:

1. On the vSwitch page, find the one that you want to manage and click its ID.

2. Click the Route tab, find the Associated Route Table section, and perform one of the following actions:

   Note

   A vSwitch can be associated with only one system or custom route table.

   • When the vSwitch is associated with a system route table:

     • Bind Custom Route Table: Select a custom route table from the Route Table list. The system route table is automatically disassociated upon completion.

   • When the vSwitch is associated with a custom route table:

     • Replace Custom Route Table: The traffic path of resources in the vSwitch will match the routing policy in the new route table.

     • Disassociate Route Table: After disassociation, the vSwitch is automatically associated with the system route table of the VPC.

Associate a vSwitch with a network ACL

After creating a network ACL, perform the following steps to associate, replace, or disassociate a network ACL to manage the traffic flows of ECS instances in the vSwitch.

1. On the vSwitch page, find the one that you want to manage and click its ID.

2. In the vSwitch section, find Network ACL and perform one of the following actions:

   • Bind: Associate a network ACL to control traffic to ECS instances in the vSwitch.

   • Replace: After replacing the associated network ACL, the new one immediately takes effect and filters the ECS traffic.

   • Unbind: After disassociation, ECS traffic is no longer filtered.

Delete a vSwitch

On the vSwitch page, find the target vSwitch and click Actions > Delete. Alternatively, click the vSwitch ID to go to its details page, and delete it there.

• Before deleting a vSwitch, make sure that it is not shared or associated with a custom route table. Delete a resource share or unbind the custom route table if the prerequisites are not met.

• After you click Actions > Delete or Delete on the details page, the system will check for resources in or resources associated with the vSwitch that have not been deleted.

  • When there are no resources, click Delete vSwitch.

  • When the vSwitch still has dependent resources, release them before proceeding.

    • When deleting resources, follow the instructions. If there are many resources under the vSwitch, go to the vSwitch details page to perform the operations.

    • After the resources are deleted, give the data about one to two minutes to update. Then, click Recheck to refresh the resource list.

References

Call the following APIs to manage vSwitches using SDK, Terraform, or ROS:

• CreateVSwitch: creates a vSwitch.

• CreateDefaultVSwitch: creates a default vSwitch.

• DeleteVSwitch: deletes a vSwitch.

• ModifyVSwitchAttribute: modifies the basic information about a vSwitch.

• CheckCanAllocateVpcPrivateIpAddress: checks the availability of private IP addresses in a vSwitch.

• DescribeVSwitchAttributes: queries the attributes of a vSwitch.

• AssociateRouteTable: associates a custom route table with a vSwitch.

• UnassociateRouteTable: disassociates a custom route table from a vSwitch.

• AssociateNetworkAcl: associates a network ACL with a vSwitch.

• UnassociateNetworkAcl: disassociates a network ACL from a vSwitch.