In the VPC network, you can use an Elastic IP Address (EIP), a NAT Gateway, an Internet Server Load Balancer (SLB) instance, or the public IP address of an ECS instance to access the Internet.

Public IP address

In Alibaba Cloud, there are various types of public IP addresses, such as the public IP address of an ECS instance, the public IP address of a NAT bandwidth package, the public IP address of an Internet SLB instance, and the public IP address of a VPN Gateway. To facilitate the management of public IP addresses, ECS instances of the VPC network, NAT Gateways, and intranet SLB instances can all be associated with EIPs.

You can add EIPs to an Internet Shared Bandwidth instance or a Data Transfer Plan to flexibly cope with traffic and bandwidth fluctuations and reduce the Internet cost.

Products with access to the Internet

The following table lists the features of Alibaba Cloud products that have access to the Internet.

Apart from the following products, Alibaba Cloud provides Internet Shared Bandwidth and Data Transfer Plan for VPCs to help you reduce the cost of Internet bandwidth and traffic. You can select a suitable product based on your service needs to reduce costs.

Product Function Benefits
ECS public IP address A public IPv4 address that can be automatically assigned upon request when you create an ECS instance in a VPC network. An ECS public IP address enables the ECS instance access to or from the public network.

An ECS public IP address cannot be dynamically detached from the corresponding ECS instance in VPC network, but it can be converted to an EIP. For more information, see Convert an automatically assigned public IP address to an EIP for a VPC network-connected ECS instance.

After purchasing a Data Transfer Plan, the traffic generated by an ECS instance is automatically deducted from the Data Transfer Plan. You can add an ECS instance to Internet Shared Bandwidth after converting its public IP address to an EIP.

Elastic public IP address (EIP) Enables access to or from the public network for the associated ECS instances.

EIPs can be associated to or disassociated from ECS instances.

You can purchase Internet Shared Bandwidth and Data Transfer Plan and associate them with EIPs to reduce Internet costs.

NAT Gateway Allows multiple ECS instances to access the Internet (SNAT) and be accessed from the Internet (DNAT).
Note NAT gateways do not support traffic balancing, which is a supported feature of Server Load Balancer (SLB).
A NAT Gateway can be used for multiple ECS instances to access the Internet, while an EIP can be used for only one ECS instance of the VPC network type to access the Internet.
Server Load Balancer (SLB)
Provides layer-4 and layer-7 server load balancing, which makes ECS instances accessible from the public network.
Note ECS instances of the VPC network type cannot access the public network through SLB (SNAT not supported).
The DNAT function of SLBs allows them to forward an Internet request to multiple ECS instances.

SLB expands the external service capabilities by distributing traffic to multiple ECSs, and improves the availability of application systems by eliminating single points of failure.

After you associate an EIP with an SLB instance, you can use Internet Shared Bandwidth and Data Transfer Plan to reduce Internet costs.

Scenario 1: Provide external services

  • Provide external services by using a single ECS instance

    If you have only one application with relatively low traffic, a single ECS instance can meet your requirements. You can deploy applications, databases, and files on this ECS instance. Then, associate an EIP to the ECS instance. In this way, users can access your application through the Internet.

  • Provide external services by using the Layer-4 load balancing function

    If the traffic is high and one ECS instance cannot handle all access traffic, you can configure multiple ECS instances and a simple load balancing function. Specifically, you can create an Internet SLB instance with a Layer-4 listener and add the ECS instances as backend servers.

  • Provide external services by using the Layer-7 load balancing function

    If you want to distribute different requests to different backend servers, you can add domain name-based or URL-based forwarding rules to a Layer-7 listener. Specifically, you can create an Internet SLB instance with a Layer-7 listener and add the ECS instances as backend servers.

Scenario 2: Internet access of an ECS instance without a public IP address

  • Associate an EIP

    If the number of ECS instances is relatively small, you can associate an EIP with each ECS instance. The ECS instance then can access the Internet by using the EIP. You can also disassociate the EIP from the ECS instance when Internet access is no longer needed.

  • Use NAT Gateway and configure SNAT entries

    If the number of ECS instances is large, associating an EIP with each ECS instance incurs high costs. Also, users accessing ECS instances through the EIPs poses some risks. In this case, we recommend that you configure an SNAT entry for the ECS instances, but do not configure any DNAT entries. In this way, the ECS instances can access the Internet, but users cannot access these ECS instances over the Internet, as shown in the following figure.