This topic describes how to use an Internet NAT gateway to enable multiple applications to share the bandwidth provided by an EIP bandwidth plan. This reduces the costs of Internet data transfer.

Scenarios

The following scenario is used in this example. An enterprise has created two Elastic Compute Service (ECS) instances (ECS 1 and ECS 2) and has deployed an application on each ECS instance. The enterprise wants the ECS instances to provide Internet-facing services. The service port is port 80. The amount of bandwidth required by the two ECS instances varies within a day:
  • The peak hours of ECS 1 are from 13:00:00 to 18:00:00. During this period of time, the bandwidth that is required by ECS 1 is 700 Mbit/s. During the remaining hours of the day, the bandwidth that is required by ECS 1 is 300 Mbit/s.
  • The peak hours of ECS 2 are from 19:00:00 to 23:00:00. During this period of time, the bandwidth that is required by ECS 2 is 700 Mbit/s. During the remaining hours of the day, the bandwidth that is required by ECS 2 is 300 Mbit/s.
Scenario

If you want to purchase a bandwidth plan for each ECS instance, you must purchase a 700 Mbit/s bandwidth plan for each ECS instance. The two bandwidth plans provide 1,400 Mbit/s of bandwidth in total. However, the ECS instances cannot fully utilize the bandwidth during off-peak hours. This causes a waste of bandwidth resources.

To resolve this issue, you can associate an EIP bandwidth plan with an Internet NAT gateway and configure Destination Network Address Translation (DNAT) to allow access from the Internet.
  • DNAT maps elastic IP addresses (EIPs) on an Internet NAT gateway to ECS instances in a virtual private cloud (VPC). Then, the ECS instances can receive requests from the Internet.
  • An EIP bandwidth plan allows multiple applications to share bandwidth resources. In this example, a 1,000 Mbit/s bandwidth plan is purchased to meet the bandwidth requirements. This reduces the costs of Internet data transfer.

Prerequisites

  • A VPC and a vSwitch are created. For more information, see Create an IPv4 VPC.
  • Elastic Compute Service (ECS) instances are created and attached to the vSwitch. Applications are deployed on the ECS instances. For more information, see Create an instance by using the wizard.
  • Two EIPs (EIP 1 and EIP 2) are created. The EIPs are used to associate with the Internet NAT gateway. For more information, see Apply for an EIP. The EIPs must meet the following requirements:
    • The EIPs are created in the same region as the Internet NAT gateway with which you want to associate the EIPs.
    • The EIPs are billed on a pay-as-you-go basis.

Procedure

Procedure

Step 1: Create a NAT gateway

  1. Log on to the NAT Gateway console.
  2. On the Public NAT Gateway page, click Create NAT Gateway.
  3. If this is the first time you purchase a NAT gateway, you must create a service-linked role for NAT Gateway.On the NAT Gateway (Pay-As-You-Go) page, click Create in the Notes on Creating Service-linked Roles section. After a service-linked role is created, you can purchase NAT gateways.
    Create a service-linked role
  4. On the NAT Gateway (Pay-As-You-Go) page, set the following parameters and click Buy Now.
    • Region and Zone: Select the region where you want to deploy the NAT gateway.
    • Zone: Select the zone where you want to deploy the NAT gateway.
    • VPC ID: Select the VPC where you want to deploy the NAT gateway. After the NAT gateway is created, you cannot change the VPC where the NAT gateway is deployed.
    • VSwitch ID: Select the vSwitch to which the NAT gateway is attached.
    • Gateway Type: By default, Enhanced is selected.
    • Billing Method: Select a billing method for the NAT gateway.

      Only Pay by Actual Usage is supported. For more information, see Pay-by-CU.

    • Billing Cycle: By default, By Hour is selected. Bills are generated on an hourly basis. If you use a NAT gateway for less than one hour, the usage duration is rounded up to one hour.
  5. On the Confirm Order page, confirm the configuration of the NAT gateway, select the check box for Terms of Service, and then click Activate Now.
    When the message Order complete. appears, the purchase is completed.
After you create a NAT gateway, you can find the NAT gateway on the NAT Gateway page. Create a NAT gateway

Step 2: Associate EIPs with the Internet NAT gateway

An Internet NAT gateway can run as expected only when it is associated with an EIP. After you create an Internet NAT gateway, you can associate EIPs with the Internet NAT gateway to meet your business requirements.

  1. On the Internet NAT Gateway page, find the Internet NAT gateway that you created in Step 1, and then choose More > Bind Elastic IP Address in the Actions column.
  2. In the Bind Elastic IP Address dialog box, set the parameters to associate an EIP with the Internet NAT gateway based on the following information and click OK:
    • Resource Group: Select the resource group to which the EIP belongs.
    • EIPs: Select the EIP that you want to associate with the Internet NAT gateway.

      In this example, Select Existing EIPs is selected. Then, select the two EIPs that are described in the Prerequisites section. For more information, see Prerequisites.

Step 3: Create DNAT entries

A DNAT entry maps the EIP of an Internet NAT gateway to an ECS instance. This allows the ECS instance to provide Internet-facing services.

To create DNAT entries for ECS 1 and ECS 2, perform the following operations:

  1. On the Internet NAT Gateway page, find the Internet NAT gateway that you created in Step 1 and click Configure DNAT in the Actions column.
  2. In the DNAT Entry List section, click Create DNAT Entry.
  3. On the Create DNAT Entry page, set the following parameters to create a DNAT entry for ECS 1 and click OK:
    • Select Public IP Address: Select the EIP that is used to communicate with the Internet.

      EIP 1 is selected in this example.

    • Select Private IP Address: Specify the private IP address of the ECS instance that uses the DNAT entry to communicate with the Internet.
      You can use the following methods to specify the private IP address of the ECS instance.
      • Select by ECS or ENI: Specify the private IP address by selecting the ECS instance or the elastic network interface (ENI) that is associated with the ECS instance from the drop-down list.
      • Manual Input: Enter the private IP address of the ECS instance.
        Note The private IP address that you enter must fall within the CIDR block of the VPC. You can also enter the private IP address of an existing ECS instance.

      In this example, the private IP address of ECS 1 that is attached to the vSwitch is selected.

    • Port Settings: Select a DNAT mapping method.

      Specific Port is selected in this example. Then, Public Port is set to 80, Private Port is set to 80, and IP Protocol is set to TCP. For more information about the other parameters, see DNAT port settings.

    • Entry Name: Enter a name for the DNAT entry.

      The name must be 2 to 128 characters in length, and can contain digits, underscores (_), and hyphens (-). It must start with a letter.

      DNAT 1 is entered in this example.

  4. In the DNAT Entry List section, click Create DNAT Entry again.
  5. On the Create DNAT Entry page, set the following parameters to create a DNAT entry for ECS 2 and click OK.
    • Select Public IP Address: Select the EIP that is used to communicate with the Internet.

      EIP 2 is selected in this example.

    • Select Private IP Address: Specify the private IP address of the ECS instance that uses the DNAT entry to communicate with the Internet.

      ECS 2 that is attached to the vSwitch is selected in this example.

    • Port Settings: Select a DNAT mapping method.

      Specific Port is selected in this example. Then, Public Port is set to 80, Private Port is set to 80, and IP Protocol is set to TCP.

    • Entry Name: Enter a name for the DNAT entry.

      The name must be 2 to 128 characters in length, and can contain digits, underscores (_), and hyphens (-). It must start with a letter.

      DNAT 2 is entered in this example.

The following table describes the details about the DNAT entries that are added for ECS 1 and ECS 2.
Entry name Public IP address External port Protocol type Private IP address Internal port
DNAT1 EIP1 80 TCP Private IP address of ECS 1 80
DNAT2 EIP2 80 TCP Private IP address of ECS 2 80

Step 4: Create an EIP bandwidth plan

EIP bandwidth plans support bandwidth sharing and multiplexing on a regional scale. You can use EIP bandwidth plans to reduce bandwidth resource costs.

  1. Log on to the EIP bandwidth plan console.
  2. On the Internet Shared Bandwidth page, click Buy Internet Shared Bandwidth.
  3. On the buy page, set the following parameters, click Buy Now, and then complete the payment:
    • Region: Select the region where you want to create the EIP bandwidth plan.

      Make sure that the EIP bandwidth plan is created in the same region as the EIP that you want to associate with the EIP bandwidth plan.

    • ISP: Select a line type for the EIP bandwidth plan.
      • BGP (Multi-ISP): If you select this option, you can associate only EIPs of BGP (Multi-ISP) with the EIP bandwidth plan.
      • BGP(Multi-ISP)_PRO: If you select this option, you can associate only EIPs of BGP (Multi-ISP) Pro with the EIP bandwidth plan.
        Note Only the China (Hong Kong) region supports BGP (Multi-ISP) Pro.

        BGP (Multi-ISP) is selected in this example.

    • Billing Method: Select a billing method for the EIP bandwidth plan.

      Only pay-by-data-transfer is supported. For more information, see Billing.

    • Bandwidth: Specify the maximum bandwidth of the EIP bandwidth plan.

      1000 Mbps is selected in this example.

    • Name: Enter a name for the EIP bandwidth plan.

      The name must be 2 to 128 characters in length, and can contain digits, underscores (_), and hyphens (-). It must start with a letter.

    • Resource Group: Select the resource group to which the EIP bandwidth plan belongs.
    • Purchase Quantity: Specify the number of EIP bandwidth plans that you want to purchase.

      One EIP bandwidth plan is purchased in this example.

Step 5: Associate EIPs with the EIP bandwidth plan

You can associate EIP 1 and EIP 2 with the EIP bandwidth plan that you created. After the EIPs are associated with the EIP bandwidth plan:
  • Services attached to the Internet NAT gateway with which the EIPs are associated share the bandwidth of the EIP bandwidth plan.
  • The previous bandwidth limits of the EIPs become invalid. The bandwidth limits of the EIPs equal the bandwidth limit of the associated EIP bandwidth plan.
  • The previous billing methods of the EIPs become invalid. The EIPs function as public IP addresses. Data transfer and bandwidth usage are not charged for the EIPs.

To associate EIP 1 and EIP 2 with the EIP bandwidth plan, perform the following operations:

  1. On the Internet Shared Bandwidth page, find the EIP bandwidth plan that is created in Step 4 and click AddIP in the Actions column.
  2. In the Add IP panel, click Select from EIP List.Then, select the EIPs that you want to associate with the EIP bandwidth plan.
    EIP 1 and EIP 2 are selected in this example.
  3. Click OK.

Step 6: Check network connectivity

You can test the network connectivity by using a computer to access the applications that are deployed on ECS 1 and ECS 2.
Note Make sure that the security group rules of the ECS instances allow the ECS instances to receive requests from the Internet.
  1. Open a browser on a computer that can access the Internet.
  2. Enter one of the EIPs that are associated with the Internet NAT gateway to access the application that runs on an ECS instance.
    The results indicate that you can access the applications that are deployed on ECS 1 and ECS 2 over the Internet. In addition, the ECS instances share the bandwidth of the EIP bandwidth plan and can handle traffic spikes.
    Figure 1. Access the application that runs on ECS 1
    Access the application that runs on ECS 1
    Figure 2. Access the application that runs on ECS 2
    Access the application that runs on ECS 2