Enable multiple applications to share bandwidth (console)
Last Updated: Oct 30, 2020
This topic describes how to use a NAT gateway to enable multiple applications to share
the bandwidth provided by an EIP bandwidth plan. This reduces the costs of Internet
data transfer.
Scenario
A company creates two Elastic Compute Service (ECS) instances and deploys an application
on each ECS instance. The ECS instances need to receive requests from the Internet.
The service port is port 80. The amount of bandwidth required by the two ECS instances
varies within a day:
The peak hours of ECS 1 range from 13:00:00 to 18:00:00. During this period of time,
the bandwidth required is 1,000 Mbit/s. During the remaining hours of the day, the
bandwidth required is 500 Mbit/s.
The peak hours of ECS 2 range from 19:00:00 to 23:00:00. During this period of time,
the bandwidth required is 1,000 Mbit/s. During the remaining hours of the day, the
bandwidth required is 500 Mbit/s.
If you want to purchase bandwidth for the ECS instances separately, you must purchase
two bandwidth plans with a total bandwidth of 2,000 Mbit/s. However, the ECS instances
cannot make full use of the bandwidth during off-peak hours. This causes bandwidth
resource wastes.
To resolve this problem, you can configure Destination Network Address Translation
(DNAT) for your NAT gateway and purchase EIP bandwidth plans.
DNAT maps elastic IP addresses (EIPs) to ECS instances in a virtual private cloud
(VPC). Then, the ECS instances can receive requests from the Internet.
An EIP bandwidth plan can be shared among multiple applications to reduce the costs
of Internet data transfer.
A VPC and a VSwitch are created. For more information, see Create a VPC.
ECS instances are created and attached to the VSwitch. Applications are deployed on
the ECS instances. For more information, see Create an instance by using the wizard.
Two EIPs are created for the NAT gateway. The EIPs must meet the following requirements:
The EIPs and the NAT gateway to be associated with the EIPs must be in the same region.
NAT gateways are enterprise-class gateways that provide network address translation
services for Internet access. You must create a NAT gateway before you can create
DNAT entries.
Perform the following steps to create a NAT gateway:
On the NAT Gateway page, click Create NAT Gateway.
On the NAT Gateway page, set the following parameters, click Buy Now, and complete the payment.
Region and Zone: Select the region where you want to deploy the NAT gateway.
Note Enhanced NAT gateways are available in all regions except Australia (Sydney).
VPC ID: Select the VPC where you want to deploy the NAT gateway. After the NAT gateway is
created, you cannot change the VPC where the NAT gateway is deployed.
Note If you cannot find the VPC where you want to deploy the NAT gateway from the drop-down
list, perform the following operations:
Check whether the VPC is associated with a NAT gateway. Each VPC can be associated
with only one standard NAT gateway.
Check whether the VPC has a custom route entry whose destination CIDR block is 0.0.0.0/0.
If such custom route entry exists, delete it.
If your account is a Resource Access Management (RAM) user, check whether the RAM
user is authorized to access the VPC. If the RAM user is unauthorized, contact the
Alibaba Cloud account owner that creates the RAM user to grant permissions.
Zone: Select the zone where you want to deploy the NAT gateway.
VSwitch ID: Select the VSwitch to which the NAT gateway is attached.
Note This parameter is available only when you create an enhanced NAT gateway.
Nat Type: Select the type of the NAT gateway. Valid values:
Standard
Enhanced
Enhanced NAT gateways are upgraded from the technical architecture of standard NAT
gateways. Enhanced NAT gateways offer higher elasticity and stability, and allow you
to better manage data transfer over the Internet. Enhanced is selected in this example.
Specification: Select the size of the NAT gateway. Valid values:
Small
Medium
Large
Super Large-1
The size of a NAT gateway determines its SNAT performance, including the maximum number
of concurrent connections and the number of new connections per second. However, the
gateway size does not affect the DNAT performance. For more information, see Sizes of NAT gateways.
Small is selected in this example.
Billing Method: Select a billing method for the NAT gateway.
Only pay-by-specification is supported. For more information, see Pay-by-specification.
Billing Cycle:displays the billing cycle of the NAT gateway.
After you create the NAT gateway, you can go to the NAT Gateway page to view the NAT gateway.
Step 2: Associate EIPs with the NAT gateway
A NAT gateway functions as expected only after it is associated with one or more EIPs.
After you create a NAT gateway, you can associate EIPs with the NAT gateway.
Perform the following steps to associate EIPs with the NAT gateway:
On the NAT Gateway page, find the NAT gateway created in Step 1 and choose > Bind Elastic IP Address in the Actions column.
In the Bind Elastic IP Address panel, set the following parameters:
Select from EIP List: Select the EIPs that you want to associate with the NAT gateway.
In this example, select the two EIPs described in the Prerequisites section. For more
information, see Prerequisites.
VSwitch: Select the VSwitch for which you want to add SNAT entries.
The system automatically adds SNAT entries for a VSwitch so that Alibaba Cloud resources
connected to the VSwitch can access the Internet.
No VSwitch is selected in this example.
Note This parameter is available only when the NAT gateway is not associated with EIPs.
Click OK.
Step 3: Create DNAT entries
A DNAT entry maps the EIP of a NAT gateway to an ECS instance so that the ECS instance
can receive requests from the Internet.
Perform the following steps to create DNAT entries for ECS 1 and ECS 2.
On the NAT Gateway page, find the NAT gateway created in Step 1 and click Configure DNAT in the Actions column.
In the DNAT Entry List section, click Create DNAT Entry.
In the Create DNAT Entry panel, set the following parameters to create a DNAT entry for ECS 1:
Public IP Address: Select an EIP. The EIP is used to access the Internet.
EIP 1 is selected in this example.
Private IP Address: Specify the private IP address of the ECS instance that needs to receive requests
from the Internet through DNAT.
You can specify the private IP address in one of the following ways:
Auto Fill: Select the ECS instance from the drop-down list.
Manually Input: Enter the private IP address of the ECS instance.
Note The private IP address that you enter must be within the CIDR block of the VPC. You
can also enter the private IP address of the ECS instance.
ECS 1 is selected in this example.
Port Settings: Select a DNAT mapping method.
All: This method uses IP mapping. All requests destined for the EIP are forwarded to
the selected ECS instance.
Specific Port: This method uses port mapping. The NAT gateway forwards requests from the specified
port over the specified protocol to the specified port of the selected ECS instance.
After you specify a port, set the following parameters based on your business requirements:
Public Port: the external port where requests from the Internet are received.
Private Port: the internal port to which the requests received on the external port are forwarded.
IP Protocol: the protocol used by the ports.
Select Specific Port in this example. Then, set Public Port to 80, Private Port to 80, and IP Protocol to TCP.
Entry Name: Enter a name for the DNAT entry.
The name must be 2 to 128 characters in length, and can contain digits, underscores
(_), and hyphens (-). It must start with a letter.
DNAT 1 is entered in this example.
Click OK.
In the DNAT Entry List section, click Create DNAT Entry again.
In the Create DNAT Entry panel, set the following parameters to create a DNAT entry for ECS 2:
Public IP Address: Select an EIP. The EIP is used to access the Internet.
EIP 2 is selected in this example.
Private IP Address: Specify the private IP address of the ECS instance that needs to receive requests
from the Internet through DNAT.
ECS 2 is selected in this example.
Port Settings: Select a DNAT mapping method.
Select Specific Port in this example. Then, set Public Port to 80, Private Port to 80, and IP Protocol to TCP.
Entry Name: Enter a name for the DNAT entry.
The name must be 2 to 128 characters in length, and can contain digits, underscores
(_), and hyphens (-). It must start with a letter.
DNAT 2 is entered in this example.
Click OK.
The following figure shows the details about the DNAT entries for ECS 1 and ECS 2.
Entry name
EIP
External port
Protocol
Private IP address
Internal port
DNAT1
EIP1
80
TCP
ECS1
80
DNAT2
EIP2
80
TCP
ECS2
80
Step 4: Create an EIP bandwidth plan
EIP bandwidth plans support regional bandwidth sharing and transfer. You can use EIP
bandwidth plans to reduce bandwidth usage costs.
Perform the following steps to create an EIP bandwidth plan:
On the Internet Shared Bandwidth page, click Buy Internet Shared Bandwidth.
On the buy page, set the following parameters, click Buy Now, and complete the payment.
Region and Zone: Select the region where you want to create the EIP bandwidth plan.
Make sure that the EIPs to be associated with and the EIP bandwidth plan are in the
same region.
Internet Connection Type: Select an Internet connection type for the EIP bandwidth plan.
BGP (Multi-ISP): If you select this option, you can associate only EIPs of BGP (Multi-ISP) with the
EIP bandwidth plan.
BGP (Multi-ISP) Pro: If you select this option, you can associate only EIPs of BGP (Multi-ISP) Pro with
the EIP bandwidth plan.
Note Only the China (Hong Kong) region supports BGP (Multi-ISP) Pro.
BGP (Multi-ISP) is selected in this example.
Billing Method: Select a billing method for the EIP bandwidth plan.
Only pay-by-data-transfer is supported. For more information, see Billing.
Bandwidth: Specify the maximum bandwidth of the EIP bandwidth plan.
1500Mbps is selected in this example.
Name: Enter a name for the EIP bandwidth plan.
The name must be 2 to 128 characters in length, and can contain digits, underscores
(_), and hyphens (-). It must start with a letter.
Resource Group: Select the resource group to which the EIP bandwidth plan belongs.
Purchase Quantity: Specify the number of EIP bandwidth plans that you want to create.
One EIP bandwidth plan is created in this example.
Step 5: Associate EIPs with the EIP bandwidth plan
You can associate EIP 1 and EIP 2 with the created EIP bandwidth plan. After the EIPs
are associated with the EIP bandwidth plan:
Services connected to the NAT gateway that is associated with the EIPs share the bandwidth
of the EIP bandwidth plan.
The predefined maximum bandwidths of the EIPs become invalid. The maximum bandwidths
of the EIPs equal the maximum bandwidth of the associated EIP bandwidth plan.
The predefined billing methods of the EIPs become invalid. The EIPs function as public
IP addresses. Data transfer and bandwidth usage are not charged for the EIPs.
Perform the following steps to associate EIP 1 and EIP 2 with the EIP bandwidth plan:
On the Internet Shared Bandwidth page, find the EIP bandwidth plan created in Step 4 and click Add IP in the Actions column.
In the Add IP panel, click Select from EIP Listand select the EIPs that you want to associate with the EIP bandwidth plan.
EIP 1 and EIP 2 are selected in this example.
Click OK.
Step 6: Test network connectivity
You can verify the network connectivity by using a computer to access the applications
deployed on ECS 1 and ECS 2.
Note Make sure that the security group rules of the ECS instances allow the ECS instances
to receive requests from the Internet.
Open a browser.
Enter one of the EIPs that are associated with the NAT gateway to access the application
running on an ECS instance.
The test results indicate that you can access the applications deployed on ECS 1 and
ECS 2 over the Internet. It also shows that the ECS instances share the bandwidth
of the EIP bandwidth plan and can handle traffic spikes.
Figure 1. Access the application running on ECS 1
Figure 2. Access the application running on ECS 2