Help Center/ Virtual Private Cloud/ User Guide/ VPC and Subnet/ Subnet/ Creating a Subnet for an Existing VPC
Updated on 2025-08-27 GMT+08:00

Creating a Subnet for an Existing VPC

Scenarios

A subnet is a unique CIDR block with a range of IP addresses in a VPC. All resources in a VPC must be deployed on subnets.

When creating a VPC, you need to create at least one subnet. If one subnet cannot meet your requirements, you can create more subnets for the VPC.

Notes and Constraints

After a subnet is created, some reserved IP addresses cannot be used. For example, in a subnet with CIDR block 192.168.0.0/24, the following IP addresses are reserved by default:

  • 192.168.0.0: Network ID. This address is the beginning of the private IP address range and will not be assigned to any instance.
  • 192.168.0.1: The gateway address of the subnet.
  • 192.168.0.253: Reserved for the system interface. This IP address is used by the VPC for external communication.
  • 192.168.0.254: DHCP service address.
  • 192.168.0.255: Network broadcast address.

The preceding default IP addresses are only examples. The system will assign reserved IP addresses based on how you specify your subnet.

Procedure

  1. Go to the subnet list page.
  2. Click Create Subnet.

    The Create Subnet page is displayed.

  3. Set the subnet parameters as needed.
    You can click to create more subnets. A maximum of three subnets can be created at a time.
    Table 1 Subnet parameter descriptions

    Parameter

    Description

    Example Value

    Region

    The region where the VPC is located.

    CN-Hong Kong

    VPC

    The VPC for which you want to create a subnet.

    vpc-test

    Subnet Name

    The subnet name. The name:
    • Can contain 1 to 64 characters.
    • Can contain letters, digits, underscores (_), hyphens (-), and periods (.).

    subnet-01

    CIDR Block

    This parameter is displayed only in regions where IPv4/IPv6 dual stack is not supported.

    Set the IPv4 CIDR block of the subnet. For details, see section "IPv4 CIDR Block".

    10.0.0.0/24

    IPv4 CIDR Block

    This parameter is displayed only in regions where IPv4/IPv6 dual stack is supported.

    The IPv4 CIDR block of the subnet. A subnet is a unique CIDR block with a range of IP addresses in a VPC. Comply with the following principles when planning subnets:

    • Planning CIDR block size: After a subnet is created, the CIDR block cannot be changed. You need to plan the CIDR block in advance based on the number of IP addresses required by your service.
      • The subnet CIDR block cannot be too small. Ensure that the number of available IP addresses in the subnet meets service requirements. The first and last three addresses in a subnet are reserved for system use. For example, in subnet 10.0.0.0/24, 10.0.0.1 is the gateway address, 10.0.0.253 is the system interface address, 10.0.0.254 is used by DHCP, and 10.0.0.255 is the broadcast address.
      • The subnet CIDR block cannot be too large, either. If you use a CIDR block that is too large, you may not have enough CIDR blocks from the VPC available for new subnets, which can be a problem when you want to scale out services.
    • Avoiding subnet CIDR block conflicts: Avoid CIDR block conflicts if you need to connect two VPCs or connect a VPC to an on-premises data center.

      If the subnet CIDR blocks at both ends of a network conflict, create a subnet.

    A subnet mask can be between the netmask of its VPC CIDR block and /28 netmask. If a VPC CIDR block is 10.0.0.0/16, its subnet mask can between 16 to 28.

    If the VPC has a secondary CIDR block, you can select the primary or the secondary CIDR block that the subnet will belong to based on service requirements.

    10.0.0.0/24

    IPv6 CIDR Block (Optional)

    This parameter is displayed only in regions where IPv4/IPv6 dual stack is supported.

    If you select this option, the system automatically assigns an IPv6 CIDR block to the created subnet. Currently, the IPv6 CIDR block cannot be customized. IPv6 CIDR block cannot be disabled after the subnet is created.

    For details, see IPv4 and IPv6 Dual-Stack Network.

    N/A

    Associated Route Table

    A route table contains a set of routes that are used to control the traffic routing for your subnets in a VPC. A default route table automatically comes with a VPC. Subnets in the VPC are automatically associated with the default route table. The default route table ensures that subnets in a VPC can communicate with each other.

    If the default route table cannot meet your requirements, you can create a custom route table and associate subnets with it. Then, the default route table controls inbound traffic to the subnets, while the custom route table controls outbound traffic from the subnets. For details, see Creating a Custom Route Table.

    N/A

    Advanced Settings (Optional) > Gateway

    Click to expand the configuration area and set this parameter.

    The gateway address of the subnet. Retain the default value unless there are special requirements.

    10.0.0.1

    Advanced Settings (Optional) > DNS Server Address

    Click to expand the configuration area and set this parameter.

    • Huawei Cloud DNS server addresses are entered by default. The DNS servers can resolve both public and private domain names.

      You can configure private zones to enable ECSs in a VPC to access each other using private domain names. Additionally, you can use the private DNS servers to directly access the private IP addresses of cloud services, such as OBS and SMN. This access offers higher performance and lower latency than Internet-based access.

    • If you want to use other public DNS servers for resolution, you can change the default DNS server addresses. If you use other public DNS servers, private domain name resolution is unavailable.

      You can also click Reset on the right to restore the DNS server addresses to the default value.

      Learn more about how changing VPC subnet DNS server addresses affects ECS configurations and takes effect.

    100.125.x.x

    Advanced Settings (Optional) > Domain Name

    Click to expand the configuration area and set this parameter.

    Enter domain names separated by spaces, up to 254 characters total. Each label in a domain name can contain a maximum of 63 characters. (For example, test and com are two labels in test.com.)

    To access a domain name, you only need to enter the domain name prefix. ECSs in the subnet automatically match the configured domain name suffix.

    If the domain names are changed, ECSs newly added to this subnet will use the new domain names.

    If an existing ECS in this subnet needs to use the new domain names, restart the ECS or run a command to restart the DHCP Client service or network service.

    NOTE:
    The command for updating the DHCP configuration depends on the ECS OS. The following commands are for your reference.
    • Restart the DHCP Client service: service dhcpd restart
    • Restart the network service: service network restart

    test.com

    Advanced Settings (Optional) > NTP Server Address

    Click to expand the configuration area and set this parameter.

    If you want to add NTP server addresses for a subnet, you can specify NTP Server Address. The IP addresses here are added in addition to the default NTP server addresses.
    • If you add or change the NTP server addresses of a subnet, you need to renew the DHCP lease for or restart all the ECSs in the subnet to make the change take effect immediately.
    • If the NTP server addresses have been cleared out, restarting the ECSs will not help. You must renew the DHCP lease for all ECSs to make the change take effect immediately.

    192.168.2.1

    Advanced Settings (Optional) > IPv4 DHCP Lease Time

    Click to expand the configuration area and set this parameter.

    This parameter is displayed only in regions where IPv4/IPv6 dual stack is not supported.

    The period during which a client can use an IP address automatically assigned by the DHCP server. After the lease time expires, a new IP address will be assigned to the client.
    • Limited: Set the DHCP lease time. The unit can be day or hour.
    • Unlimited: The DHCP lease time does not expire.

    If the time period is changed, the new lease time takes effect when the instance (such as an ECS) in the subnet is renewed next time. You can wait for the instance to be renewed automatically or manually modify the lease time. If you want the new lease time to take effect immediately, manually renew the lease or restart the ECS.

    For details, see How Do I Make the Changed DHCP Lease Time of a Subnet Take Effect Immediately?

    N/A

    Advanced Settings > IPv4 DHCP Lease Time

    Click to expand the configuration area and set this parameter.

    This parameter is displayed only in regions where IPv4/IPv6 dual stack is supported.

    You can set the DHCP lease time of an IPv4 address.

    The period during which a client can use an IP address automatically assigned by the DHCP server. After the lease time expires, a new IP address will be assigned to the client.
    • Limited: Set the DHCP lease time. The unit can be day or hour.
    • Unlimited: The DHCP lease time does not expire.

    If the time period is changed, the new lease time takes effect when the instance (such as an ECS) in the subnet is renewed next time. You can wait for the instance to be renewed automatically or manually modify the lease time. If you want the new lease time to take effect immediately, manually renew the lease or restart the ECS.

    For details, see How Do I Make the Changed DHCP Lease Time of a Subnet Take Effect Immediately?

    N/A

    Advanced Settings > IPv6 DHCP Lease Time

    Click to expand the configuration area and set this parameter.

    This parameter is displayed in the region where the IPv4/IPv6 dual stack is supported and when IPv6 is enabled.

    The period during which a client can use an IPv6 address automatically assigned by the DHCP server. You can set the DHCP lease time of an IPv6 address in the same way as how you do with an IPv4 address.

    N/A

    Advanced Settings (Optional) > Tag

    Click to expand the configuration area and set this parameter.

    Add tags to help you quickly identify, classify, and search for your subnets.

    For details, see Managing Subnet Tags.

    NOTE:

    If you have configured tag policies for subnets, you need to add tags to your subnets based on the tag policies. If you add a tag that does not comply with the tag policies, subnets may fail to be created. Contact the administrator to learn more about tag policies.

    • Key: subnet_key1
    • Value: subnet-01

    Advanced Settings > Description

    Click to expand the configuration area and set this parameter.

    Enter the description about the subnet in the text box as required.

    The subnet description can contain a maximum of 255 characters and cannot contain angle brackets (< or >).

    N/A

  4. Click Create Now.

    Return to the subnet list and view the new subnet.