Scenario

The IPv6 function of the EIP service can map IPv4 addresses into IPv6 addresses. Enabling the IPv6 EIP function allows you to obtain both IPv4 and IPv6 EIPs.

If existing services in an on-premises data center (IDC) cannot be migrated to the cloud because they use IPv4 addresses and also the IPv4/IPv6 dual-stack reconstruction cannot be completed for these services in a short period, IPv6 EIPs can be used to connect to the on-premises IDC. Then, the on-premises IDC can provide Internet-accessible services using IPv6 EIPs without the need to reconstruct the existing IPv4 network.

Network Topology

In the following example, the IDC CIDR block is 192.168.1.0/24, and the VPC CIDR block is 192.168.0.0/24.

The deployment diagram is as follows:

1. A virtual private network (VPN) connects an IDC to a VPC.
2. A NAT gateway in the VPC uses an IPv6 EIP to provide Internet-accessible services.
   Figure 1 Networking
   

• The IPv6 EIP can only be used to provide Internet-accessible services and cannot access IPv6 addresses.
• The network CIDR block of the IDC does not overlap with the subnet CIDR block of the VPC on the cloud. Otherwise, the communication between the IDC and the VPC will fail.

Prerequisites

You need to add security group rules to allow inbound traffic from and outbound traffic to the network 198.19.0.0/16. The IPv6 EIP uses NAT64, which converts the source IP address in the inbound rule into an IPv4 address in the IP address range 198.19.0.0/16, converts the source port to a random port, and converts the destination IP address to a private IPv4 address of your local machine. The destination port remains the same.

Procedure

1. Buy an EIP.

   Buy an EIP with the required bandwidth and select IPv6 EIP option.

   For details, see Assigning an EIP.

2. Configure a VPN.

   A VPN consists of a VPN gateway and one or more VPN connections. A VPN gateway provides an Internet egress for a VPC and works together with the gateway in the local data center.

   

   1. Create a VPC.

      Create a VPC and set its CIDR block to 192.168.0.0/24. The IDC private network is 192.168.1.0/24.

      The network CIDR block of the IDC does not overlap with the subnet CIDR block of the VPC on the cloud. Otherwise, the communication between the IDC and the VPC will fail.

      For details, see Creating a VPC.

   2. Create a VPN gateway.

      VPC: Select the VPC created in 2.a.

      Bandwidth: Select the bandwidth based on your service requirements.

      For details, see Creating a VPN Gateway.

   3. Create a VPN connection.

      Local Subnet: Select a subnet or manually specify a CIDR block, for example, 192.168.0.0/24,192.19.0.0/16.

      Remote Gateway: Set it to public IP address of the gateway in the IDC.

      Remote Subnet: Set it to the CIDR block 192.168.1.0/24 of the IDC.

      For details, see Creating a VPN Connection.

      

      After the IPv6 function is enabled for the EIP, the source IP address will be translated into one in the IP address range 198.19.0.0/16. Therefore, you need to enter the VPC subnet and then the IP address range 198.19.0.0/16 in sequence in the Local Subnet area.

   4. Configure the VPN device in the IDC.

      After configuring the VPN on the cloud, you need to configure the VPN device in the IDC. For details, see Virtual Private Network Administrator Guide.

3. Configure a NAT gateway.

   After purchasing a NAT gateway, you can add DNAT rules to enable your servers in the VPC or servers in your IDC that are connected to the VPC to provide Internet-accessible services.

   1. Buy a NAT gateway.

      VPC: Select the VPC created in 2.a.

      Subnet: Select a subnet in the VPC created in 2.a.

      For details, see Buying a NAT Gateway.

   2. Add a DNAT rule.

      Select the EIP purchased in 1 and add a DNAT rule based on the private IP address and port number of the IDC. For example, you can set Port Type to Specific port, Protocol to TCP, Private IP Address to 192.168.1.22, and select an EIP to be associated.

      For details, see Adding a DNAT Rule.

      Figure 2 Add DNAT Rule
      

Verification

After the preceding operations are complete, the IPv6 EIPs can be used to provide Internet-accessible services.

You can query the IPv6 address on the EIPs page.