This topic describes how to add multiple elastic IP addresses (EIPs) to a Source Network Address Translation (SNAT) IP address pool when you create an SNAT entry. After you create an SNAT IP address pool, Elastic Compute Service (ECS) instances in a virtual private cloud (VPC) can use the EIPs in the SNAT IP address pool to access the Internet.

Prerequisites

  • A VPC and a vSwitch are created. For more information, see Create an IPv4 VPC.
  • The EIPs that you want to add to the SNAT IP address pool are created. In this example, the EIPs are billed on a pay-as-you-go basis. For more information, see Apply for an EIP.
  • A pay-as-you-go EIP bandwidth plan is purchased. For more information, see Create an EIP bandwidth plan.

Background information

Internet NAT gateways are enterprise-class gateways that support the SNAT feature. SNAT allows ECS instances in a VPC to access the Internet even if no public IP addresses are associated with the ECS instances. If you specify only one EIP for a VPC, vSwitch, or ECS instance when you create an SNAT entry, the EIP may be unable to withstand traffic spikes on the ECS instance.

You can add multiple EIPs to an SNAT IP address pool. When an ECS instance in a VPC needs to access the Internet, the ECS instance randomly selects an EIP from the SNAT IP address pool.

SNAT IP address pool

Step 1: Create an Internet NAT gateway

  1. Log on to the NAT Gateway console.
  2. On the Public NAT Gateway page, click Create NAT Gateway.
  3. If this is the first time you create a NAT gateway, you must create a service-linked role for NAT Gateway. On the NAT Gateway (Pay-As-You-Go) page, click Create in the Notes on Creating Service-linked Roles section. After a service-linked role is created, you can create NAT gateways.
    Create a service-linked role
  4. On the NAT Gateway (Pay-As-You-Go) page, set the following parameters and click Buy Now:
    • Region and Zone: Select the region where you want to deploy the NAT gateway.
    • Zone: Select the zone where you want to deploy the NAT gateway.
    • VPC ID: Select the VPC where you want to deploy the NAT gateway. After the NAT gateway is created, you cannot change the VPC where the NAT gateway is deployed.
    • VSwitch ID: Select the vSwitch to which the NAT gateway is attached.
    • Gateway Type: By default, Enhanced is selected.
    • Billing Method: Select a billing method for the NAT gateway.

      Only Pay by Actual Usage is supported. For more information, see Pay-by-actual-usage.

    • Billing Cycle: By default, By Hour is selected. Bills are generated on an hourly basis. If you use a NAT gateway for less than one hour, the usage duration is rounded up to one hour.
  5. On the Confirm Order page, confirm the configuration of the NAT gateway, select Terms of Service, and then click Activate Now.
    When the message Order complete. appears, the purchase is completed.

Step 2: Associate multiple EIPs with the Internet NAT gateway

  1. Log on to the NAT Gateway console.
  2. In the top navigation bar, select the region where the Internet NAT gateway is deployed.
  3. On the Internet NAT Gateway page, find the Internet NAT gateway that you want to manage and click Associate Now in the Elastic IP Address column.
  4. In the Associate EIP dialog box, set the following parameters and click OK:
    • Resource Group: Select the resource group to which the EIP belongs.
    • EIPs: In this example, Select Existing EIPs is selected, and a pay-as-you-go EIP is selected from the drop-down list.
  5. Repeat the preceding steps to associate more EIPs with the NAT gateway.

Step 3: Associate the EIPs with an EIP bandwidth plan

  1. Log on to the Elastic IP Address console.
  2. In the top navigation bar, select the region where the EIP is created.
  3. On the Elastic IP Addresses page, find the EIP that you want to manage and choose More > Add to Shared Bandwidth Plan in the Actions column.
  4. Select the EIP bandwidth plan with which you want to associate the EIP and click OK.
  5. Repeat the preceding steps to associate more EIPs with the EIP bandwidth plan.

Step 4: Create an SNAT entry

To create an SNAT entry and add multiple EIPs to the SNAT IP address pool, perform the following operations:

  1. Log on to the NAT Gateway console.
  2. In the top navigation bar, select the region where the Internet NAT gateway is deployed.
  3. On the Internet NAT Gateway page, find the Internet NAT gateway that you want to manage and click Configure SNAT in the Actions column.
  4. On the SNAT Management tab, click Create SNAT Entry.
  5. On the Create SNAT Entry page, set the following parameters and click Confirm: In this example, Specify vSwitch is selected.
    • Select VSwitch: Select a vSwitch in a VPC. ECS instances that are attached to the vSwitch can access the Internet by using the EIPs in the SNAT entry.
    • VSwitch CIDR Block: The CIDR block of the vSwitch is displayed.
    • Select Public IP Address: Select the EIP that is used to access the Internet. In this example, Use Multiple IP Addresses is selected.

      Use Multiple IP Addresses: Select the EIPs that are associated with an EIP bandwidth plan from the Public IP Address drop-down list.

    • Entry Name: Enter a name for the SNAT entry.

Step 5: Check network connectivity

To check network connectivity, perform the following operations on two ECS instances to which the SNAT entry apply: Log on to the ECS instances and run the ifconfig command to view the private IP addresses of the ECS instances. Then, run the curl https://myip.ipip.net command to view the EIPs that the ECS instances use to access the Internet. The EIPs that the ECS instances use are randomly allocated from the SNAT IP address pool. ECS1ECS2