Setting Up an IPv4/IPv6 Dual-Stack Network in a VPC
This topic describes how to create a VPC with an IPv4 and IPv6 CIDR block and create an ECS with both IPv4 and IPv6 addresses in the VPC. You can bind an EIP and add the IPv6 address of the ECS to a shared bandwidth to enable the ECS to communicate with the Internet over both IPv4 and IPv6 networks.
- To allow users to remotely log in to ECS-A01 from the local PC (IPv4 address: 10.1.0.7; IPv6 address: 2002:20::44) and perform operations on this ECS, you need to configure the following inbound rules:
- Rules A01 and A02: allow local PC to ping ECS-A01 in VPC-A over all ICMP ports to test network connectivity.
- Rules A03 and A04: allow the local PC to remotely log in to ECS-A01 over TCP port 22 if the ECS runs Linux.
- Rules A05 and A06: allow the local PC to remotely log in to ECS-A01 over TCP port 3389 if the ECS runs Windows.
- Rules A07 and A08: allow ECSs in Sg-A to communicate with each other.
- To allow ECS-A01 to access the Internet, you need to bind EIP EIP-A to it and add the IPv6 address of ECS-A01 to a shared bandwidth. Then add rules A09 and A10 to allow outbound traffic.
Precautions
- The IPv4/IPv6 dual-stack function is free for now, but will be billed at a later date (price yet to be determined).
- The IPv6 function is now available for open beta test in certain regions. You can use the IPv6 function only after obtaining the OBT permission.
- Only certain ECS flavors support IPv6 networks. You need to select such ECSs in supported regions.
- The network planning in this example is for your reference only. Once a VPC and subnet are created, the CIDR blocks cannot be changed. Before creating VPCs, determine how many VPCs, the number of subnets, and what CIDR blocks or connectivity options you will need.
For details, see VPC and Subnet Planning Suggestions.
Procedure
Procedure |
What to Do |
---|---|
Before using cloud services, sign up for a HUAWEI ID, enable Huawei Cloud services, complete real-name authentication, and top up your account. |
|
Create a VPC with an IPv4 CIDR block and create a subnet with IPv6 enabled in the VPC.
|
|
Buy an ECS in the subnet you have created and configure security group rules for the ECS. |
|
Buy an EIP and bind it to the ECS so that the ECS can communicate with the Internet using the IPv4 address. |
|
Step 4: Buy a Shared Bandwidth and Add the ECS IPv6 Address to It |
Buy a shared bandwidth and add the IPv6 address of the ECS to the shared bandwidth so that the ECS can communicate with Internet using the IPv6 address. |
To test ECS connectivity, you can:
|
Preparations
Before creating resources such as VPCs and ECSs, you need to sign up for a HUAWEI ID, enable Huawei Cloud services, complete real-name authentication, and top up your account. Ensure that your account has sufficient balance.
- You have created a HUAWEI ID, enabled Huawei Cloud services, and completed real-name authentication.
- You need to ensure that your account has sufficient balance. If it does not, top up your account.
Step 1: Create a VPC and Subnet
- Go to the Create VPC page.
- On the Create VPC page, set parameters as needed.
In this example, you need to create a VPC and subnet, and enable IPv6 for this subnet.
Figure 3 Creating a VPC
Figure 4 Setting a subnet
Table 1 VPC parameters Parameter
Example Value
Description
Region
CN-Hong Kong
The region where the VPC is created. Select the region nearest to you to ensure the lowest possible latency. The VPC, ECS, and EIP used in this example must be in the same region.
The region cannot be changed after the VPC is created.
Name
VPC-A
The VPC name. Set it to VPC-A.
The name can be modified after VPC-A is created.
IPv4 CIDR Block
192.168.0.0/16
The IPv4 CIDR block of VPC-A. You are advised to select from the following CIDR blocks:- 10.0.0.0/8-24: The IP address ranges from 10.0.0.0 to 10.255.255.255, and the netmask ranges from 8 to 24.
- 172.16.0.0/12-24: The IP address ranges from 172.16.0.0 to 172.31.255.255, and the netmask ranges from 12 to 24.
- 192.168.0.0/16-24: The IP address ranges from 192.168.0.0 to 192.168.255.255, and the netmask ranges from 16 to 24.
The IPv4 CIDR block cannot be changed after VPC-A is created.
Enterprise Project
default
The enterprise project by which VPCs are centrally managed. Select an existing enterprise project for VPC-A.
The enterprise project cannot be changed after VPC-A is created.
Advanced Settings (Optional) > Tag
Not required
The tag that is used to classify and identify resources. Add tags to VPC-A as required.
After VPC-A is created, you can edit tags added to VPC-A.
Advanced Settings (Optional) > Description
Not required
Supplementary information about VPC-A. Enter a description as required.
The description can be modified after VPC-A is created.
Table 2 Subnet parameters Parameter
Example Value
Description
AZ
AZ4
A geographic location with independent power supply and network facilities in a region. Each region contains multiple AZs. AZs are physically isolated but connected through an internal network. Subnets of a VPC can be located in different AZs without affecting communications. You can select any AZ in a region.
If Edge is displayed, select an edge AZ based on your service requirements. If Edge is not displayed, you do not need to set the subnet AZ, which does not affect your service running.
An ECS and its VPC can be in different AZs. For example, you can select AZ1 for the ECS and AZ3 for its VPC subnet.
The AZ cannot be changed after the VPC is created.
You can select an AZ for a subnet only in certain regions. See the available regions on the management console.
Subnet Name
Subnet-A01
The subnet name. Set it to Subnet-A01.
The name can be modified after Subnet-A01 is created.
IPv4 CIDR Block
192.168.0.0/24
The IPv4 CIDR block of Subnet-A01, which is a unique CIDR block with a range of IP addresses in VPC-A.
The CIDR block cannot be changed after Subnet-A01 is created.
IPv6 CIDR Block (Optional)
Enabled
Whether to assign IPv6 addresses. After this option is enabled, IPv6 addresses can be assigned to Subnet-A01 the ECS.
You can enable or disable this option after Subnet-A01 is created.
Associated Route Table
Default
The default route table that Subnet-A01 is associated with. Each VPC comes with a default route table. Subnets in the VPC are then automatically associated with the default route table.
The default route table has a preset system route that allows subnets in a VPC to communicate with each other.
After Subnet-A01 is created, you can create a custom route table and associate Subnet-A01 with it.
Advanced Settings (Optional) > Gateway
192.168.0.1
The gateway address of Subnet-A01. You are advised to retain the default address.
The gateway address cannot be changed after Subnet-A01 is created.
Advanced Settings (Optional)- DNS Server Address
- Domain Name
- NTP Server Address
- IPv4 DHCP Lease Time
Not required
The parameters are configured for the ECS-A01 in VPC-A. In this example, retain the default values or leave them blank.
You can change the values after Subnet-A01 is created.
Advanced Settings (Optional) > Tag
Not required
The tag that is used to classify and identify resources. Add tags to Subnet-A01 as required.
After Subnet-A01 is created, you can edit tags added to Subnet-A01.
Advanced Settings (Optional) > Description
Not required
Supplementary information about Subnet-A01. Enter a description as required.
The description can be modified after Subnet-A01 is created.
- Click Create Now.
You will be redirected to the VPC list, where you can find VPC-A you have created.
Step 2: Buy an ECS
- Go to the Buy ECS page.
- On the Buy ECS page, set parameters as required.
In this example, set the ECS name to ECS-A01 and configure other parameters as follows:
- Network: Select VPC-A and Subnet-A01 you have created.
Select Automatically assign address. An IPv4 address and an IPv6 address will be assigned to ECS-A01.
Figure 5 Network settings
- Security Group: Create security group Sg-A and add inbound and outbound rules to it. Each security group comes with system rules. You need to check and modify the rules as required to ensure that all rules in Table 3 are added.
Figure 6 Inbound rules of Sg-A
Figure 7 Outbound rules of Sg-A
Table 3 Sg-A rules Direction
Action
Type
Protocol & Port
Source/Destination
Description
Inbound
Allow
IPv4
TCP: 22
Source: 10.1.0.7/32
Allows the local PC (10.1.0.7/32) to remotely log in to Linux ECS-A01 over SSH port 22.
Inbound
Allow
IPv6
TCP: 22
Source: 2002:20::44/128
Allows the local PC (2002:20::44/128) to remotely log in to Linux ECS-A01 over SSH port 22.
Inbound
Allow
IPv4
TCP: 3389
Source: 10.1.0.7/32
Allows the local PC (10.1.0.7/32) to remotely log in to Windows ECS-A01 over RDP port 3389.
Inbound
Allow
IPv6
TCP: 3389
Source: 2002:20::44/128
Allows the local PC (2002:20::44/128) to remotely log in to Windows ECS-A01 over RDP port 3389.
Inbound
Allow
IPv4
ICMP: All
Source: 0.0.0.0/0
Allows IPv4 ping traffic to ECS-A01 in VPC-A over all ICMP ports to test network connectivity.
Inbound
Allow
IPv6
ICMPV6: All
Source: ::/0
Allows IPv6 ping traffic to ECS-A01 in VPC-A over all ICMP ports to test network connectivity.
Inbound
Allow
IPv4
All
Source: current security group (Sg-A)
Allows the ECSs in Sg-A to communicate with each other using IPv4 addresses.
Inbound
Allow
IPv6
All
Source: current security group (Sg-A)
Allows the ECSs in Sg-A to communicate with each other using IPv6 addresses.
Outbound
Allow
IPv4
All
Destination: 0.0.0.0/0
Allows ECS-A01 in Sg-A to access the Internet using the IPv4 address.
Outbound
Allow
IPv4
All
Destination: ::/0
Allows ECS-A01 in Sg-A to access the Internet using the IPv6 address.
- EIP: Select Not required.
Figure 8 Selecting Not required
Configure other ECS parameters s as required. For details, see Purchasing a Custom ECS.
- Network: Select VPC-A and Subnet-A01 you have created.
- Click Create.
Return to the ECS list to view ECS-A01 you have bought.
- Log in to ECS-A01 and check whether the ECS has obtained an IPv6 address.
- By default, dynamic IPv6 address assignment is enabled for Windows public images.
- Before enabling dynamic IPv6 address assignment for a Linux public image, check whether IPv6 is supported first.
Currently, all Linux public images support IPv6. By default, dynamic IPv6 address assignment is enabled for Ubuntu 16. For other Linux public images, you need to enable this function.
If an IPv6 address fails to be automatically assigned or the selected image cannot obtain an IPv6 address automatically, manually obtain the IPv6 address . Otherwise, ECSs cannot communicate using IPv6 addresses.
Step 3: Buy an EIP and Bind It to ECS-A01
Buy an EIP and bind it to ECS-A01 so that the ECS can communicate with the Internet using the IPv4 address.
- Go to the Buy EIP page.
- On the Buy EIP page, set the EIP name to EIP-A.
You can configure other EIP parameters as required. For details, see Buying an EIP.
- Click Next.
Return to the EIP list to view EIP-A you have assigned.
- In the EIP list, locate EIP-A and click Bind in the Operation column.
The Bind EIP dialog box is displayed.
- In the displayed dialog box, select ECS-A01 and click OK.
Return to the EIP list. You can see that ECS-A01 is displayed in the Associated Instance column in the EIP list.
Step 4: Buy a Shared Bandwidth and Add the ECS IPv6 Address to It
Buy a shared bandwidth and add the IPv6 address to the shared bandwidth so that ECS-A01 can communicate with Internet.
- Go to the Buy Shared Bandwidth page.
- On the displayed page, set the shared bandwidth name to bandwidth-A and configure other parameters as required.
For details, see Assigning a Shared Bandwidth.
- Click Next.
Return to the shared bandwidth list to view Bandwidth-A you have assigned.
- Click Add Public IP Address in the Operation column.
The Add Public IP Address dialog box is displayed.
- Configure the parameters and click OK.
- Public IP Address: Select IPv6 Address.
- VPC: Select VPC-A.
- Subnet: Select Subnet-A01.
- IPv6 Address: Select the IPv6 address assigned to ECS-A01.
Step 5: Test Network Connectivity
- Use the local PC to log in to ECS-A01 using the IPv4 EIP and IPv6 address.
Multiple methods are available for logging in to an ECS. For details, see Logging In to an ECS.
To remotely log in to ECS-A01 using PuTTY:- Enter the EIP of ECS-A01 under Host Name (or IP address), for example, 1.95.44.XX.
- Enter the IPv6 address of ECS-A01 under Host Name (or IP address), for example, 2407:XXX:e857.
Figure 9 PuTTY configurations
- Check whether ECS-A01 can communicate with the Internet over IPv4 and IPv6 networks.
- Run the following command to test the IPv4 public network connectivity:
Example command:
ping support.huaweicloud.com
If information similar to the following is displayed, ECS-A01 can communicate with the Internet over the IPv4 network.[root@ecs-a01 ~]# ping support.huaweicloud.com PING hcdnw.cbg-notzj.c.cdnhwc2.com (203.193.226.103) 56(84) bytes of data. 64 bytes from 203.193.226.103 (203.193.226.103): icmp_seq=1 ttl=51 time=2.17 ms 64 bytes from 203.193.226.103 (203.193.226.103): icmp_seq=2 ttl=51 time=2.13 ms 64 bytes from 203.193.226.103 (203.193.226.103): icmp_seq=3 ttl=51 time=2.10 ms 64 bytes from 203.193.226.103 (203.193.226.103): icmp_seq=4 ttl=51 time=2.09 ms ... --- hcdnw.cbg-notzj.c.cdnhwc2.com ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3004ms rtt min/avg/max/mdev = 2.092/2.119/2.165/0.063 ms
- Run the following command to test the IPv6 public network connectivity:
In this example, 2002:20::45 is used as a public IP address. An example command is as follows:
ping6 2002:20::45
If information similar to the following is displayed, ECS-A01 can communicate with the Internet over the IPv6 network.[root@ecs-a01 ~]# ping6 2002:20::45 PING 2002:20::45(2002:20::45) from 2002:20::45 : 56 data bytes 64 bytes from 2002:20::45: icmp_seq=1 ttl=64 time=0.770 ms 64 bytes from 2002:20::45: icmp_seq=2 ttl=64 time=0.295 ms 64 bytes from 2002:20::45: icmp_seq=3 ttl=64 time=0.245 ms ^C --- 2002:20::45 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2080ms rtt min/avg/max/mdev = 0.245/0.436/0.770/0.237 ms
- Run the following command to test the IPv4 public network connectivity:
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot