Alibaba Cloud Logstash clusters are deployed in virtual private clouds (VPCs). If you want to use Logstash to collect data from the Internet or transfer collected data to the Internet, you must configure a Network Address Translation (NAT) gateway and use the gateway to connect your Logstash cluster to the Internet. This topic describes the procedure in detail.

Prerequisites

  • A VPC and a vSwitch are created.

    For more information, see Create an IPv4 VPC.

  • An Alibaba Cloud Logstash cluster is created.

    For more information, see Create a cluster.

Procedure

  1. Log on to the Elasticsearch console.
  2. Navigate to the desired cluster.
    1. In the top navigation bar, select the region where the cluster resides.
    2. In the left-side navigation pane, click Logstash Clusters. On the Logstash Clusters page, find the cluster and click its ID.
  3. In the left-side navigation pane of the page that appears, click Networks and Security.
  4. In the Network Settings section, click Configure NAT Gateway.
    For more information about the descriptions and configurations of NAT gateways, see Create an Internet NAT gateway. Destination Network Address Translation (DNAT) entries allow services on the Internet to send data to Logstash. Source Network Address Translation (SNAT) entries allow Logstash to access the Internet.
  5. On the Public NAT Gateway page, click Create NAT Gateway.
    When you create a NAT gateway, select the region and VPC where the Logstash cluster resides. For more information, see Step 1: Create a NAT gateway.
  6. Associate an elastic IP address (EIP) with the NAT gateway.
    1. On the Public NAT Gateway page, find the NAT gateway that you created, click More in the Actions column, and select Bind Elastic IP Address.
    2. In the Associate EIP dialog box, select Select Existing EIPs.
      If no EIPs are available, select Purchase EIPs and click OK. Then, an EIP is associated with the NAT gateway.
    3. Select an EIP and click OK.
      Notice You can associate a maximum of 20 EIPs with a NAT gateway. The number of pay-as-you-go EIPs that are associated with a NAT gateway cannot exceed 10. Each of the pay-as-you-go EIPs supports a peak throughput of 200 Mbit/s. If you want to increase the number of EIPs that can be associated, you can submit a ticket.
  7. Create a DNAT entry.
    1. On the Public NAT Gateway page, find the NAT gateway that you created and click Configure DNAT in the Actions column.
    2. In the DNAT Entry List section of the page that appears, click Create DNAT Entry.
    3. On the Create DNAT Entry page, configure the following parameters.
      Parameter Description
      Select Public IP Address Select an available public IP address.
      Note If a public IP address is used to create an SNAT entry, you cannot use the public IP address to create a DNAT entry.
      Select Private IP Address Select Manual Input and enter the IP address of a node in your Logstash cluster. You can obtain the IP addresses of the nodes in your Logstash cluster on the Basic Information page of the Logstash cluster. For more information, see View the basic information of a cluster.
      Port Settings Select a DNAT mapping method.
      • Any Port: specifies IP address mapping. The selected public IP address is associated with the Logstash cluster. All requests that are destined for the public IP address are forwarded to the Logstash cluster.
      • Specific Port: specifies port mapping. The NAT gateway forwards requests to the specified node based on the specified protocol and ports.

        If you select Specific Port, you must configure Public Port, Private Port, and Protocol Type. Public Port specifies the external port that is used for request forwarding. Private Port specifies the internal port that is used for request forwarding. Protocol Type specifies the protocol used by the ports.

      Entry Name Enter a name for the DNAT entry.

      The name must be 2 to 128 characters in length, and can contain letters, digits, underscores (_), and hyphens (-). The name must start with a letter.

    4. Click Confirm.
  8. Create an SNAT entry.
    1. Go to the Public NAT Gateway page. Find the NAT gateway that you created and click Configure SNAT in the Actions column.
    2. In the Used in SNAT Entry section, click Create SNAT Entry.
    3. On the Create SNAT Entry page, select Specify vSwitch for SNAT Entry and configure other parameters.
      Parameter Description
      Select VSwitch Select a vSwitch in the VPC where the Logstash cluster resides. All ECS instances that belong to the specified vSwitch can access the Internet by using the SNAT feature.
      Select Public IP Address Select the public IP address that is used to access the Internet. You can select multiple public IP addresses to build an SNAT IP address pool.

      If you select multiple public IP addresses to build an SNAT IP address pool, make sure that these public IP addresses are associated with the same EIP bandwidth plan. For more information, see Associate EIPs with and disassociate EIPs from EIP bandwidth plans.

      For more information about the parameters, see Create an SNAT entry on an Internet NAT gateway.

    4. Click Confirm.
  9. Return to the Basic Information page of the Logstash cluster in the Elasticsearch console and configure pipelines to transmit data over the Internet.