Enable multiple applications to share the bandwidth of an Internet Shared Bandwidth - NAT Gateway

This topic describes how to use an Internet NAT gateway to enable multiple applications to provide Internet-facing services by sharing the bandwidth of an Internet Shared Bandwidth. This reduces the costs of Internet data transfer.

Scenarios

The preceding scenario is used in this topic. An enterprise created a virtual private cloud (VPC) and a vSwitch in the China (Qingdao) region. Two Elastic Compute Service (ECS) instances are created in the vSwitch. Different applications are deployed on the ECS instances, and the applications are required to provide Internet-facing services. The amount of bandwidth required by the two applications varies within a day:

The peak hours of the application deployed on ECS 1 (Application 1) are from 12:00:00 to 16:00:00. During this period of time, the bandwidth that is required is 700 Mbit/s. During the remaining hours of the day, the bandwidth that is required is 300 Mbit/s.
The peak hours of the application deployed on ECS 2 (Application 2) are from 16:00:00 to 20:00:00. During this period of time, the bandwidth that is required is 700 Mbit/s. During the remaining hours of the day, the bandwidth that is required is 300 Mbit/s.

If you want to purchase a bandwidth plan for each ECS instance, you must purchase a bandwidth plan for each ECS instance that provides at least 700 Mbit/s of bandwidth. The two bandwidth plans provide 1,400 Mbit/s of bandwidth in total. However, the ECS instances cannot fully utilize the bandwidth during off-peak hours. This causes a waste of bandwidth resources.

To resolve this issue, you can associate an Internet Shared Bandwidth with an Internet NAT gateway and configure DNAT on the Internet NAT gateway.

DNAT maps elastic IP addresses (EIPs) on an Internet NAT gateway to ECS instances in a VPC. Then, the ECS instances can receive requests from the Internet.
An Internet Shared Bandwidth allows multiple applications to share bandwidth resources. In this example, the maximum bandwidth required by the applications is 1,000 Mbit/s. To meet business requirements, we recommend that you purchase a 1,100 Mbit/s Internet Shared Bandwidth. This reduces bandwidth costs.

Prerequisites

A VPC and a vSwitch are created in the China (Qingdao) region. For more information, see Create a VPC with an IPv4 CIDR block.
Two ECS instances named ECS 1 and ECS 2 are created in the vSwitch. Different applications are deployed on the ECS instances. For more information, see Create an instance by using the wizard.
In this example, an application that uses Apache is deployed on ECS 1, and an application that uses NGINX is deployed on ECS 2.
Make sure that the security group rules of the ECS instances allow the ECS instances to receive requests from the Internet. In this example, the inbound rules of the security groups of ECS 1 and ECS 2 must allow TCP access on port 80. For more information, see Add a security group rule.
Two EIPs (EIP 1 and EIP 2) are created. The EIPs are used to associate with the Internet NAT gateway. For more information, see Apply for an EIP. The EIPs must meet the following requirements:
- The EIPs are created in the same region as the Internet NAT gateway with which you want to associate the EIPs.
- The EIPs are billed on a pay-as-you-go basis.

Procedure

Step 1: Create an Internet NAT gateway

Log on to the NAT Gateway console.
On the Internet NAT Gateway page, click Create NAT Gateway.
When you create an Internet NAT gateway for the first time, click Create in the Notes on Creating Service-linked Roles section of the buy page to create a service-linked role. After the service-linked role is created, you can create Internet NAT gateways.
For more information, see Service-linked roles.

On the buy page, set the following parameters and click Buy Now.

Parameter	Description
Billing Method	By default, Pay-As-You-Go is selected. You can pay for resources after you use them. For more information, see Billing of Internet NAT gateways.
Resource Group	Select the resource group to which the virtual private cloud (VPC) belongs. For more information, see Resource group overview.
Tags	Tag Key: Select or enter a tag key. You can specify at most 20 tag keys. A tag key can be up to 128 characters in length. It cannot start with aliyun or acs:, and cannot contain http:// or https://. Tag Value: Select or enter a tag value. You can specify at most 20 tag values. A tag value can be up to 128 characters in length. It cannot start with aliyun or acs:, and cannot contain http:// or https://.
Region	Select the region where you want to create the Internet NAT gateway.
VPC	Select the VPC where you want to create the Internet NAT gateway. After the Internet NAT gateway is created, you cannot change the VPC to which the Internet NAT gateway belongs.
Associate vSwitch	Select the vSwitch to which the Internet NAT gateway belongs.
Metering Method	By default, Pay-By-CU is selected. You are charged based on the resources that you use. For more information, see Billing of Internet NAT gateways.
Billing Cycle	By default, By Hour is selected. Bills are generated on an hourly basis. If you use an Internet NAT gateway for less than 1 hour, the usage duration is rounded up to 1 hour.
Instance Name	Enter a name for the Internet NAT gateway. The name must be 2 to 128 characters in length and can contain digits, underscores (_), and hyphens (-). The name must start with a letter.
Access Mode	Select the mode in which you want to create the Internet NAT gateway. The following modes are supported: SNAT for All VPC Resources: If you select this value, the Internet NAT gateway is created in unified access mode. After the Internet NAT gateway is created, all resources in the VPC can access the Internet by using the SNAT feature of the NAT gateway. If you select SNAT for All VPC Resources, you must also specify an elastic IP address (EIP). Configure Later: If you select this option, you can configure the Internet NAT gateway in the console after you complete the payment. If you select Configure Later, only the Internet NAT gateway is created. No SNAT entry is created. In this example, Configure Later is selected.

On the Confirm page, confirm the information, select the Terms of Service check box, and then click Confirm.
When the Purchased message appears, the Internet NAT gateway is created.

After you create an Internet NAT gateway, you can find the Internet NAT gateway on the Internet NAT Gateway page.

Step 2: Associate EIPs with the Internet NAT gateway

An Internet NAT gateway can run as expected only when it is associated with an EIP. After you create an Internet NAT gateway, you can associate EIPs with the Internet NAT gateway to meet your business requirements.

On the Internet NAT Gateway page, find the Internet NAT gateway that you created in Step 1, and then choose > Bind Elastic IP Address in the Actions column.

In the Associate EIP dialog box, set the parameters to associate EIPs with the Internet NAT gateway based on the following information and click OK.

Parameter

Description

Resource Group

Select the resource group of the EIPs.

EIPs

Select the EIPs that you want to associate with the Internet NAT gateway.

In this example, Select Existing EIP is selected. Then, EIP 1 and EIP 2 that are created in Prerequisites are selected from the drop-down list.

After you associate the EIPs with the Internet NAT gateway, the EIPs are displayed in the Elastic IP Address column.

Step 3: Create DNAT entries

A DNAT entry maps an EIP of an Internet NAT gateway to an ECS instance. This allows the ECS instance to provide Internet-facing services.

On the Internet NAT Gateway page, find the Internet NAT gateway that you created in Step 1 and click Configure DNAT in the Actions column.
In the DNAT Entry List section, click Create DNAT Entry.

On the Create DNAT Entry page, set the following parameters to create a DNAT entry for ECS 1 and ECS 2 and click Confirm.

Parameter	Description	ECS 1	ECS 2
Select Public IP Address	Select an EIP. The EIP is used to communicate with the Internet. Note For Internet NAT gateways, you can specify the same EIP in an SNAT entry and a DNAT entry.	EIP 1	EIP 2
Select Private IP Address	Specify the IP address of the ECS instance that uses the DNAT entry to communicate with the Internet. In this example, Select by ECS or ENI is selected.	Private IP address of ECS 1	Private IP address of ECS 2
Port Settings	Select a DNAT mapping method. In this example, Specific Port is selected, which specifies the port mapping method.	Configure the parameters based on the following information: Public Port: `80`. Private Port: `80`. Protocol Type: `TCP`. Make sure that the inbound rules of the security group of ECS 1 allow `TCP` access on port `80`.	Configure the parameters based on the following information: Public Port: `80`. Private Port: `80`. Protocol Type: `TCP`. Make sure that the inbound rules of the security group of ECS 2 allow `TCP` access on port `80`.
Entry Name	Enter a name for the DNAT entry. The name must be 2 to 128 characters in length, and can contain digits, underscores (_), and hyphens (-). The name must start with a letter.	`DNAT Entry 1`	`DNAT Entry 2`

For more information about the parameters of DNAT entries, see Create a DNAT entry.

The following table describes the details about the DNAT entries that are created for ECS 1 and ECS 2.

Entry name	Public IP address	Public port	Protocol type	Private IP address	Private port
DNAT Entry 1	EIP1	80	TCP	Private IP address of ECS 1	80
DNAT Entry 2	EIP2	80	TCP	Private IP address of ECS 2	80

Step 4: Create an Internet Shared Bandwidth

Internet Shared Bandwidth instances support bandwidth sharing and multiplexing on a regional scale. You can associate multiple EIPs with an Internet Shared Bandwidth to reduce bandwidth resource costs.

Log on to the Internet Shared Bandwidth console.
On the Internet Shared Bandwidth page, click Buy Internet Shared Bandwidth.

On the buy page, set the following parameters, click Buy Now, and then complete the payment.

Parameter	Description
Region	Select the region where you want to create the Internet Shared Bandwidth. Make sure that the Internet Shared Bandwidth is created in the same region as the EIPs that you want to associate with the Internet Shared Bandwidth. In this example, China (Qingdao) is selected.
Line Type	Select the line type of the Internet Shared Bandwidth. BGP (Multi-ISP) is selected in this example.
Billing Method	Select the billing method of the Internet Shared Bandwidth. Only pay-by-data-transfer is supported. For more information, see Pay-by-data-transfer.
Security Protection	Select an edition of Anti-DDoS based on your business requirements. Default is selected in this example.
Bandwidth	Select the bandwidth value of the Internet Shared Bandwidth. In this example, 1100 Mbps is specified.
Name	Enter a name for the Internet Shared Bandwidth. The name must be 2 to 128 characters in length, and can contain digits, underscores (_), and hyphens (-). The name must start with a letter.
Purchase Quantity	Specify the number of Internet Shared Bandwidth instances that you want to purchase. One Internet Shared Bandwidth is purchased in this example.

For more information about the parameters, see Create an Internet Shared Bandwidth.

Step 5: Associate EIPs with the Internet Shared Bandwidth

You can associate EIP 1 and EIP 2 with the Internet Shared Bandwidth that you created. After the EIPs are associated with the Internet Shared Bandwidth:

ECS instances that use the Internet NAT gateway with which the EIPs are associated share the bandwidth of the Internet Shared Bandwidth.
The previous bandwidth limit of each EIP becomes invalid. The bandwidth limit of each EIP is equal to the bandwidth limit of the Internet Shared Bandwidth.
The previous billing method of each EIP becomes invalid. You are not charged an additional data transfer fee for each EIP.
You are charged a configuration fee for each EIP, regardless of whether the EIP is associated with an Internet Shared Bandwidth.
- You are not charged a configuration fee for an EIP if you associate the EIP with an ECS instance in a VPC.
- You are charged a configuration fee for an EIP if you associate the EIP with an Internet NAT gateway, Server Load Balancer (SLB) instance, secondary elastic network interface (ENI), or high-availability virtual IP address (HAVIP).

On the Internet Shared Bandwidth page, find the EIP bandwidth plan that is created in Step 4 and click AddIP in the Actions column.
In the Add IP panel, click Select from EIP List.Then, select the EIPs that you want to associate with the Internet Shared Bandwidth.
EIP 1 and EIP 2 are selected in this example.
Click OK.

Step 6: Check network connectivity

You can test the network connectivity by using a computer to access the applications that are deployed on ECS 1 and ECS 2.

Open a browser on a computer that can access the Internet.
Enter one of the EIPs that are associated with the Internet NAT gateway to access the application that runs on an ECS instance.
The results indicate that you can access the applications that are deployed on ECS 1 and ECS 2 over the Internet. In addition, the ECS instances share the bandwidth of the Internet Shared Bandwidth and can handle traffic spikes.
Figure 1. Access the application that runs on ECS 1
Figure 2. Access the application that runs on ECS 2