Help Center/ Virtual Private Cloud/ User Guide/ VPC and Subnet/ VPC/ Adding a Secondary IPv4 CIDR Block to a VPC
Updated on 2024-11-08 GMT+08:00

Adding a Secondary IPv4 CIDR Block to a VPC

Scenarios

When you create a VPC, you specify a primary IPv4 CIDR block for the VPC, which cannot be changed. To extend the IP address range of your VPC, you can add a secondary CIDR block to the VPC.

If the secondary IPv4 CIDR block function is available in a region, the CIDR block of a VPC in this region cannot be modified through the console. You can call an API to modify VPC CIDR block. For details, see Updating VPC Information.

Notes and Constraints

  • You can allocate a subnet from either a primary or a secondary CIDR block of a VPC. A subnet cannot use both the primary and the secondary CIDR blocks.

    Subnets in the same VPC can communicate with each other by default, even if some subnets are allocated from the primary CIDR block and some are from the secondary CIDR block of a VPC.

  • If a subnet in a secondary CIDR block of your VPC is the same as or overlaps with the destination of an existing route in the VPC route table, the existing route does not take effect.

    If you create a subnet in a secondary CIDR block of your VPC, a route (the destination is the subnet CIDR block and the next hop is Local) is automatically added to your VPC route table. This route allows communications within the VPC and has a higher priority than any other routes in the VPC route table. For example, if a VPC route table has a route with the VPC peering connection as the next hop and 100.20.0.0/24 as the destination, and a route for the subnet in the secondary CIDR block has a destination of 100.20.0.0/16, 100.20.0.0/16 and 100.20.0.0/24 overlaps and traffic will be forwarded through the route of the subnet.

  • The allowed secondary CIDR block size is between a /28 netmask and /3 netmask.
  • Table 1 lists the secondary CIDR blocks that are not supported. If 192.168.0.0/16-192.168.255.255/32 is not supported, then all CIDR blocks in this range cannot be used as secondary CIDR blocks, such as 192.168.0.0/16, 192.168.31.0/24, 192.168.100.0/24, and 192.168.255.255/32.
    Table 1 Restricted secondary CIDR blocks

    Type

    CIDR Block (Not Supported)

    Reserved private CIDR blocks

    • 172.31.0.0/16~172.31.255.255/32
    • 192.168.0.0/16~192.168.255.255/32
    • In-use primary CIDR blocks

    Reserved system CIDR blocks

    • 100.64.0.0/10~100.127.255.255/32
    • 214.0.0.0/7~215.255.255.255/32
    • 198.18.0.0/15~198.19.255.255/32
    • 169.254.0.0/16~169.254.255.255/32

    Reserved public CIDR blocks

    • 0.0.0.0/8~0.255.255.255/32
    • 127.0.0.0/8~127.255.255.255/32
    • 240.0.0.0/4~255.255.255.255/32

Procedure

  1. Log in to the management console.
  2. Click in the upper left corner and choose Networking > Virtual Private Cloud.

    The Virtual Private Cloud page is displayed.

  3. In the VPC list, locate target VPC and click Edit CIDR Block in the Operation column.

    The Edit CIDR Block dialog box is displayed.

  4. Click Add Secondary IPv4 CIDR Block.
  5. Enter a secondary CIDR block and click OK.