This topic describes how to enable multiple applications to share bandwidth through the DNAT and bandwidth sharing functions of a NAT Gateway to lower costs associated with Internet traffic.
Scenario
Assume that four Internet-facing applications are deployed and three public IP addresses are required. Furthermore, a backup public IP address is also required. The network plan for the preceding scenario is as follows:
- Bandwidth: 150Mbps
- Number of public IP addresses: 5, of which one is the backup IP address.
- Total number of ECS instances required: 5
- Mappings between the public IP addresses and ECS instances:
- IP1->ECS1
- IP2->ECS2
- IP3->ECS3/ECS4 (Port 80 is mapped to port 80 of ECS 3; port 443 is mapped to port 443 of ECS 4)
- IP4->ECS5 (O&M jump server). Only port 22 is opened.
- IP5: The DNAT rule is not added for this IP address temporarily.
In addition, a VPC (ID: vpc-11af8lxxx) and multiple ECS instances are created. Note
that the private IP addresses of the ECS instances are as follows:Note You do not need to configure public IP addresses for the ECS instances.
| Instance name | Private IP address |
|---|---|
| ECS1 | 192.168.1.1 |
| ECS2 | 192.168.1.2 |
| ECS3 | 192.168.1.3 |
| ECS4 | 192.168.1.4 |
Prerequisites
- For convenient API calling, this document provides a Python-based Command Line tool.
Click Here to download the CLI tool.
The tool can be directly downloaded by running the wget command in Linux.
wget http://docs-aliyun.cn-hangzhou.oss.aliyun-inc.com/assets/attach/42691/cn_zh/1468947102311/api.py - Create an AccessKey.
You need to create an AccessKey for the account that calls the API action.
- Configure the AccessKey for the CLI tool.
Step 1: Create a NAT Gateway
- Call CreateNatGateway to create a NAT Gateway.
[admin@tester:xxx]$ python api.py CreateNatGateway RegionId=cn-shanghai VpcId=vpc-11af8lxxx BandwidthPackage. 1.IpCount=4 BandwidthPackage. 1.Bandwidth=150 BandwidthPackage. 1.Zone=cn-shanghai-a Name=MyNatGW Description="My first NAT Gateway" =====Request URL====== https://ecs.aliyuncs.com/?SignatureVersion=1.0&VpcId=vpc-11af8lxxx&Name=MyNatGW&Format=json&TimeStamp=2016-05-23T03%3A26%3A21Z&BandwidthPackage. 1.IpCount=5&RegionId=cn-shanghai&AccessKeyId=jZgi0oyrQXXXXXXX&SignatureMethod=HMAC-SHA1&Version=2014-05-26&Signature=I4KKhWgjJdImTqk4rCifAB3LbLw%3D&action=CreateNatGateway&SignatureNonce=1ebae49c-2096-11e6-b781-2cf0ee28adf2&BandwidthPackage. 1.Bandwidth=150&BandwidthPackage. 1.Zone=cn-shanghai-a&Description=My+first+NAT+Gateway =====Request URL end====== ====== Got Response ====== { "BandwidthPackageIds": { "BandwidthPackageId": [ "bwp-11odxu2k7" ] }, "ForwardTableIds": { "ForwardTableId": [ "ftb-11tc6xgmv" ] }, "NatGatewayId": "ngw-112za33e4", "RequestId": "2315DEB7-5E92-423A-91F7-4C1EC9AD97C3" - Call DescribeNatGateways to view the detailed information of a NAT Gateway.
[admin@tester:xxx]$ python api.py DescribeNatGateways RegionId=cn-shanghai VpcId=vpc-11af8lxxx =====Request URL====== https://ecs.aliyuncs.com/?SignatureVersion=1.0&VpcId=vpc-11af8lxxx&Format=json&TimeStamp=2016-05-23T03%3A27%3A14Z&RegionId=cn-shanghai&AccessKeyId=jZgi0oyrQ6ihgKp9&SignatureMethod=HMAC-SHA1&Version=2014-05-26&Signature=JvXErso9g0fZdRTgBtNLepe%2F1e4%3D&action=DescribeNatGateways&SignatureNonce=3e1424eb-2096-11e6-bc31-2cf0ee28adf2 =====Request URL end====== ====== Got Response ====== { "NatGateways": { "NatGateway": [ { "BandwidthPackageIds": { "BandwidthPackageId": [ "bwp-11odxu2k7" ] }, "BusinessStatus": "Normal", "CreationTime": "2016-05-23T03:26:23Z", "Description": "My first NAT Gateway", "ForwardTableIds": { "ForwardTableId": [ "ftb-11tc6xgmv" ] }, "InstanceChargeType": "PostPaid", "Name": "MyNatGW", "NatGatewayId": "ngw-112za33e4", "RegionId": "cn-shanghai", "Spec": "Small", "Status": "Available", "VpcId": "vpc-11af8lxxx" } ] }, "PageNumber": 1, "PageSize": 10, "RequestId": "FE4C442C-9778-449A-BF7F-7F36C3AF5611", "TotalCount": 1 } - Call DescribeBandwidthPackages to view the detailed information of the created shared bandwidth packages.
[admin@tester:xxx]$ python api.py DescribeBandwidthPackages RegionId=cn-shanghai NatGatewayId=ngw-112za33e4 =====Request URL====== https://ecs.aliyuncs.com/?SignatureVersion=1.0&Format=json&TimeStamp=2016-05-23T03%3A33%3A30Z&RegionId=cn-shanghai&NatGatewayId=ngw-112za33e4&AccessKeyId=jZgi0oyrQ6ihgKp9&SignatureMethod=HMAC-SHA1&Version=2014-05-26&Signature=KN0C2Q4TUZtfECBn1c2lOdBzrb8%3D&action=DescribeBandwidthPackages&SignatureNonce=1e8941ae-2097-11e6-acbb-2cf0ee28adf2 =====Request URL end====== ====== Got Response ====== { "BandwidthPackages": { "BandwidthPackage": [ { "Bandwidth": "150", "BandwidthPackageId": "bwp-11odxu2k7", "BusinessStatus": "Normal", "CreationTime": "2016-05-23T03:26:24Z", "Description": "", "InstanceChargeType": "PostPaid", "InternetChargeType": "PayByBandwidth", "IpCount": "5", "Name": "", "NatGatewayId": "ngw-112za33e4", "PublicIpAddresses": { "PublicIpAddresse": [ { "AllocationId": "nateip-11iopy3sl", "IpAddress": "139.xxx.xx. 107" }, { "AllocationId": "nateip-11pt1f9ph", "IpAddress": "139.xxx.xx. 55" }, { "AllocationId": "nateip-111ul670c", "IpAddress": "139.xxx.xx. 79" }, { "AllocationId": "nateip-11ogfjj85", "IpAddress": "139.xxx.xx. 59" }, { "AllocationId": "nateip-11s2jempe", "IpAddress": "139.xxx.xx. 58" } ] }, "RegionId": "cn-shanghai", "Status": "Available", "ZoneId": "cn-shanghai-a" } ] }, "PageNumber": 1, "PageSize": 10, "RequestId": "14406B86-7CA1-4907-9755-86096F476A4F", "TotalCount": 1 }
Step 2: Configure DNAT entries
- Call CreateForwardEntry to add the following forwarding entries.
Public IP address Public port Private IP address Private port Protocol IP1 Any ecs-ip1 Any Any IP2 Any ecs-ip2 Any Any IP3 80 ecs-ip3 80 TCP IP3 443 ecs-ip4 443 TCP IP4 22 ecs-ip5 22 TCP [admin@tester:xxx]$ python api.py CreateForwardEntry RegionId=cn-shanghai ForwardTableId=ftb-11tc6xgmv ExternalIp=139.xxx.xx. 107 ExternalPort=Any InternalIp=192.168.1.1 InternalPort=Any IpProtocol=Any =====Request URL====== https://ecs.aliyuncs.com/?ExternalIp=139.xxx.xx. 107&SignatureVersion=1.0&Format=json&TimeStamp=2016-05-23T03%3A53%3A18Z&RegionId=cn-shanghai&ExternalPort=Any&InternalIp=192.168.1.1&Signature=iR4GSzhJQtowMJOj%2FRth3ABP4FA%3D&AccessKeyId=jZgi0oyrQ6ihgKp9&ForwardTableId=ftb-11tc6xgmv&SignatureMethod=HMAC-SHA1&Version=2014-05-26&IpProtocol=Any&action=CreateForwardEntry&SignatureNonce=e2ceae11-2099-11e6-b548-2cf0ee28adf2&InternalPort=Any =====Request URL end====== ====== Got Response ====== [admin@tester:xxx]$ python api.py CreateForwardEntry RegionId=cn-shanghai ForwardTableId=ftb-11tc6xgmv ExternalIp=139.xxx.xx. 107 ExternalPort=Any InternalIp=192.168.1.1 InternalPort=Any IpProtocol=Any =====Request URL====== https://ecs.aliyuncs.com/?ExternalIp=139.xxx.xx. 107&SignatureVersion=1.0&Format=json&TimeStamp=2016-05-23T03%3A53%3A18Z&RegionId=cn-shanghai&ExternalPort=Any&InternalIp=192.168.1.1&Signature=iR4GSzhJQtowMJOj%2FRth3ABP4FA%3D&AccessKeyId=jZgi0oyrQ6ihgKp9&ForwardTableId=ftb-11tc6xgmv&SignatureMethod=HMAC-SHA1&Version=2014-05-26&IpProtocol=Any&action=CreateForwardEntry&SignatureNonce=e2ceae11-2099-11e6-b548-2cf0ee28adf2&InternalPort=Any =====Request URL end====== ====== Got Response ====== { "ForwardEntryId": "fwd-119smw5tk", "RequestId": "A4AEE536-A97A-40EB-9EBE-53A6948A6928" } [admin@tester:xxx]$ [admin@tester:xxx]$ [admin@tester:xxx]$ [admin@tester:xxx]$ python api.py CreateForwardEntry RegionId=cn-shanghai ForwardTableId=ftb-11tc6xgmv ExternalIp=139.xxx.xx. 55 ExternalPort=Any InternalIp=192.168.1.2 InternalPort=Any IpProtocol=Any =====Request URL====== https://ecs.aliyuncs.com/?ExternalIp=139.xxx.xx. 55&SignatureVersion=1.0&Format=json&TimeStamp=2016-05-23T03%3A53%3A42Z&RegionId=cn-shanghai&ExternalPort=Any&InternalIp=192.168.1.2&Signature=mFBn%2BCd4LfHkKj53MwmWyMhzyfs%3D&AccessKeyId=jZgi0oyrQ6ihgKp9&ForwardTableId=ftb-11tc6xgmv&SignatureMethod=HMAC-SHA1&Version=2014-05-26&IpProtocol=Any&action=CreateForwardEntry&SignatureNonce=f09c1b38-2099-11e6-aa80-2cf0ee28adf2&InternalPort=Any =====Request URL end====== ====== Got Response ====== { "ForwardEntryId": "fwd-11dz3ly9l", "RequestId": "5DBC8F86-2D76-4BF4-B839-7FF31B61D516" } [admin@tester:xxx]$ [admin@tester:xxx]$ [admin@tester:xxx]$ [admin@tester:xxx]$ python api.py CreateForwardEntry RegionId=cn-shanghai ForwardTableId=ftb-11tc6xgmv ExternalIp=139.xxx.xx. 79 ExternalPort=80 InternalIp=192.168.1.3 InternalPort=80 IpProtocol=TCP =====Request URL====== https://ecs.aliyuncs.com/?ExternalIp=139.xxx.xx. 79&SignatureVersion=1.0&Format=json&TimeStamp=2016-05-23T03%3A54%3A10Z&RegionId=cn-shanghai&ExternalPort=80&InternalIp=192.168.1.3&Signature=OpTui3SKbAjKXy6gKRoJb%2B9Lazg%3D&AccessKeyId=jZgi0oyrQ6ihgKp9&ForwardTableId=ftb-11tc6xgmv&SignatureMethod=HMAC-SHA1&Version=2014-05-26&IpProtocol=TCP&action=CreateForwardEntry&SignatureNonce=01c41d5c-209a-11e6-905e-2cf0ee28adf2&InternalPort=80 =====Request URL end====== ====== Got Response ====== { "ForwardEntryId": "fwd-11r23r7p5", "RequestId": "67B7AAFD-E7AB-4EB8-AA5C-AA38CFFB4A95" } [admin@tester:xxx]$ [admin@tester:xxx]$ [admin@tester:xxx]$ [admin@tester:xxx]$ python api.py CreateForwardEntry RegionId=cn-shanghai ForwardTableId=ftb-11tc6xgmv ExternalIp=139.xxx.xx. 79 ExternalPort=443 InternalIp=192.168.1.4 InternalPort=443 IpProtocol=TCP =====Request URL====== Https://ecs.aliyuncs.com /? ExternalIp = 139. xxx. xx. 79&SignatureVersion=1.0&Format=json&TimeStamp=2016-05-23T03%3A55%3A22Z&RegionId=cn-shanghai&ExternalPort=443&InternalIp=192.168.1.4&Signature=X%2BZtHbTeKYf8xU%2FvWhPAmg%2B5scc%3D&AccessKeyId=jZgi0oyrQ6ihgKp9&ForwardTableId=ftb-11tc6xgmv&SignatureMethod=HMAC-SHA1&Version=2014-05-26&IpProtocol=TCP&action=CreateForwardEntry&SignatureNonce=2c3f2573-209a-11e6-be0f-2cf0ee28adf2&InternalPort=443 =====Request URL end====== ====== Got Response ====== { "ForwardEntryId": "fwd-11cdhpjlk", "RequestId": "260A9673-5522-4F66-844A-1F1AB47CD21C" } [admin@tester:xxx]$ [admin@tester:xxx]$ [admin@tester:xxx]$ [admin@tester:xxx]$ python api.py CreateForwardEntry RegionId=cn-shanghai ForwardTableId=ftb-11tc6xgmv ExternalIp=139.xxx.xx. 59 ExternalPort=22 InternalIp=192.168.1.5 InternalPort=22 IpProtocol=TCP =====Request URL====== https://ecs.aliyuncs.com/?ExternalIp=139.xxx.xx. 59&SignatureVersion=1.0&Format=json&TimeStamp=2016-05-23T03%3A55%3A44Z&RegionId=cn-shanghai&ExternalPort=22&InternalIp=192.168.1.5&Signature=%2FZWf5%2ForHr%2BUR446eEBLC4LNYe8%3D&AccessKeyId=jZgi0oyrQ6ihgKp9&ForwardTableId=ftb-11tc6xgmv&SignatureMethod=HMAC-SHA1&Version=2014-05-26&IpProtocol=TCP&action=CreateForwardEntry&SignatureNonce=39863cf3-209a-11e6-8f6d-2cf0ee28adf2&InternalPort=22 =====Request URL end====== ====== Got Response ====== { "ForwardEntryId": "fwd-11iv34uj7", "RequestId": "0884BC12-8EAD-4AAA-826E-30E5435D7C27" } - Call DescribeForwardTableEntries to view the added DNAT entries.
[admin@tester:xxx]$ python api.py DescribeForwardTableEntries RegionId=cn-shanghai ForwardTableId=ftb-11tc6xgmv =====Request URL====== https://ecs.aliyuncs.com/?SignatureVersion=1.0&Format=json&TimeStamp=2016-05-23T03%3A56%3A18Z&RegionId=cn-shanghai&AccessKeyId=jZgi0oyrQ6ihgKp9&ForwardTableId=ftb-11tc6xgmv&SignatureMethod=HMAC-SHA1&Version=2014-05-26&Signature=x4%2B6oNYxIRBmND8rcIbJM9EJ8ts%3D&action=DescribeForwardTableEntries&SignatureNonce=4db93223-209a-11e6-81eb-2cf0ee28adf2 =====Request URL end====== ====== Got Response ====== { "ForwardTableEntries": { "ForwardTableEntry": [ { "ExternalIp": "139.xxx.xx. 107", "ExternalPort": "any", "ForwardEntryId": "fwd-119smw5tk", "ForwardTableId": "ftb-11tc6xgmv", "InternalIp": "192.168.1.1", "InternalPort": "any", "IpProtocol": "any", "Status": "Available" }, { "ExternalIp": "139.xxx.xx. 79", "ExternalPort": "443", "ForwardEntryId": "fwd-11cdhpjlk", "ForwardTableId": "ftb-11tc6xgmv", "InternalIp": "192.168.1.4", "InternalPort": "443", "IpProtocol": "tcp", "Status": "Available" }, { "ExternalIp": "139.xxx.xx. 55", "ExternalPort": "any", "ForwardEntryId": "fwd-11dz3ly9l", "ForwardTableId": "ftb-11tc6xgmv", "InternalIp": "192.168.1.2", "InternalPort": "any", "IpProtocol": "any", "Status": "Available" }, { "ExternalIp": "139.xxx.xx. 59", "ExternalPort": "22", "ForwardEntryId": "fwd-11iv34uj7", "ForwardTableId": "ftb-11tc6xgmv", "InternalIp": "192.168.1.5", "InternalPort": "22", "IpProtocol": "tcp", "Status": "Available" }, { "ExternalIp": "139.xxx.xx. 79 ", "ExternalPort": "80", "ForwardEntryId": "fwd-11r23r7p5", "ForwardTableId": "ftb-11tc6xgmv", "InternalIp": "192.168.1.3", "InternalPort": "80", "IpProtocol": "tcp", "Status": "Available" } ] }, "PageNumber": 1, "PageSize": 10, "RequestId": "C84FDDCF-8550-4024-B89C-01E7459D7CF9", "TotalCount": 5 }