In the VPC network, you can use EIP, NAT Gateway, Internet SLB instance and the public IP of an ECS instance to access the Internet.
Public IP address
In Alibaba Cloud, there are various types of public IP addresses, such as the public IP of an ECS instance of the VPC network, the public IP of a NAT bandwidth package, the public IP of an Internet SLB instance, and the public IP of a VPN Gateway. To facilitate the unified management of the public IP addresses, ECS instances of the VPC network, NAT Gateways, and intranet SLB instances have supported binding EIP.
The following table lists available Internet-facing products and the corresponding features.
Besides, to reduce the cost of Internet bandwidth and traffic, Alibaba Cloud provides Internet Shared Bandwidth and Data Transfer Plan for VPCs. You can choose different products based on your service model to reduce cost.
|The public IP of an ECS instance of the VPC network||
The public IP allocated by Alibaba Cloud when creating an ECS instance of the VPC network. With this public IP, the ECS instance can access the Internet (SNAT) and also can be accessed from the Internet (DNAT).
You can use Data Transfer Plan.
After changing a public IP to an EIP, you can also use Internet Shared Bandwidth.
|Elastic IP Address (EIP)||With an EIP, the ECS instance can access the Internet (SNAT) and also can be accessed from the Internet (DNAT).||
You can bind and unbind an EIP from an ECS instance at any time.
|NAT Gateway||NAT Gateway is an enterprise-class Internet gateway, supporting multiple ECS instances accessing the Internet with one EIP (SNAT) and being accessed from the Internet (DNAT).
Note Compared to Server Load Balancer, NAT Gateway itself does not provide the traffic balancing function.
The core difference between NAT Gateway and EIP is that NAT Gateway supports Internet access of multiple ECS instances but EIP can only be used by an ECS instance.
|Server Load Balancer||
Port-based load balancing, Server Load Balancer provides Layer-4 (TCP and UDP protocols) and Layer-7 (HTTP and HTTPS protocols) load balancing. Server Load Balancer can forward the client requests from the Internet to the backend ECS instances.
Note The ECS instance without a public IP cannot access the Internet (SNAT) through Server Load Balancer.
In DNAT, Server Load Balancer supports forwarding an Internet request to multiple ECS instances.
Server Load Balancer is a traffic distribution control service that distributes the incoming traffic among multiple ECS instances according to the configured forwarding rules. It expands application service capabilities and enhances application availability.
Scenario 1: Provide external services
Provide external services with a single ECS instance
If you have only one application and the business is not large, a single ECS instance can meet your requirements. You can deploy applications, databases, and files on this ECS instance. Then, bind an EIP to the ECS instance. Therefore, users can access the deployed application through the Internet.
Provide external services with Layer-4
When the traffic is large, one ECS cannot support all access traffic. You must configure multiple ECS instances. In this case, you can configure an Internet SLB instance with a Layer-4 listener and add these ECS instances as the backend servers.
Provide external services with Layer-7 load balancing
In addition to the basic traffic distribution, if you want to distribute different requests to different backend servers, you can add URL forwarding rules to a Layer-7 listener. In this case, you can configure an Internet SLB instance with a Layer-7 listener and add these ECS instances as the backend servers.
Scenario 2: Internet access of an ECS instance without a public IP
Bind an EIP
When you have fewer ECS instances, you can bind an EIP to each ECS instance. The ECS instance then can access the Internet using the EIP. Unbind the EIP from the ECS instance whenever the Internet access is not needed.
Configure SNAT entries using NAT Gateway
If you bind an EIP to each ECS instance respectively, the management cost is high when you have many ECS instances. Additionally, users can access the ECS instance from the Internet through the EIP. In this case, you can configure an SNAT entry for the ECS instances in a VSwitch to access the Internet, but do not configure any DNAT entries. Therefore, the ECS instances can access the Internet, but users cannot access these ECS instances from the Internet, as shown in the following figure.