All Products
Search

This Product

    Platform For AI:Improve Internet access speed by using a private gateway

    Document Center

    Platform For AI:Improve Internet access speed by using a private gateway

    Last Updated:Nov 28, 2025

    By default, DSW and DLC instances use a shared gateway. The network speed of the shared gateway may be insufficient for downloading large files because of bandwidth limits. To improve network upload and download speeds, you can create an Internet NAT gateway for the virtual private cloud (VPC) where the instance is located, attach an Elastic IP Address (EIP), and configure an SNAT entry. This allows the instance to access the Internet at a high speed through a private gateway.

    Prerequisites

    • A VPC and a vSwitch have been created for the DSW instance. To prevent conflicts with the CIDR block of the PAI cluster, we strongly recommend that you use the 192.168.0.0/16 CIDR block for your VPC. For more information, see Create and manage a VPC.

    • A security group has been created for the VPC. For more information, see Create a security group.

    Billing

    Internet NAT Gateway and Elastic IP Address (EIP) are pay-as-you-go cloud services. You are continuously charged for these services even if the DSW instance is stopped. Therefore, delete these resources promptly when they are no longer needed.

    Procedure

    This topic uses a DSW instance as an example to describe how to configure a private gateway. The procedure also applies to DLC instances.

    1. Create an Internet NAT gateway. Log on to the NAT Gateway console and create an Internet NAT gateway. The following table describes the key parameters. For more information about the detailed steps, see Create an Internet NAT gateway.

      If you have multiple Internet NAT gateways in your VPC, see Deployment solutions for multiple Internet NAT gateways in the same VPC for information about network design and deployment solutions.

      Parameter

      Description

      Region

      Make sure that the region you select is the same as the region where your VPC resides. If you do not specify a region, the region where your VPC resides is used by default.

      Network and Zone

      Select a VPC and a vSwitch that match the configurations of the DSW instance.

      EIP

      If no EIP instance is available, click Purchase EIP and configure the EIP based on the instructions on the page. We recommend that you set Maximum Bandwidth to a value as high as possible.

    2. Create an SNAT entry. On the Internet NAT Gateway page, click the name of the gateway, go to the SNAT tab, and then click Create SNAT Entry. In the settings, select Specify VPC for Granularity and select an IP address. If you have purchased multiple IP addresses, you can select more than one. For more information, see Create an SNAT entry.image.png

    3. Log on to the PAI console and select the same region as the VPC in the upper-left corner. Configure the network parameters on the DSW instance configuration page. This page appears when you create a DSW instance. For an existing instance, click Change Settings to open the page. The following table describes the key parameters. For more information about other parameters, see Create a DSW instance.

      Parameter

      Description

      VPC

      This parameter can be configured only when you select a public resource group for Resource Group.

      Select the created VPC, vSwitch, and security group.

      Security Group

      vSwitch

      Internet Gateway

      Select Private Gateway. The DSW instance accesses the Internet through a private Internet gateway. If you select Private Gateway but do not purchase an Internet NAT gateway, attach an EIP, and configure an SNAT entry, the instance cannot access the Internet.

    4. Test the network connectivity.

      1. Open the DSW instance and click Open in the menu bar.

      2. Run the ping www.aliyun.com command to test the network connectivity.

        If a response message is returned, it indicates that the DSW instance can access the Internet through the private Internet gateway.

        The test result shows that the DSW instance can access the Internet through the private Internet gateway.

        PING www.aliyun.com.w.cdngslb.com (47.118.XX.XX) 56(84) bytes of data.
64 bytes from 47.118.XX.XX (47.118.XX.XX): icmp_seq=1 ttl=59 time=5.96 ms
64 bytes from 47.118.XX.XX (47.118.XX.XX): icmp_seq=2 ttl=59 time=5.83 ms
64 bytes from 47.118.XX.XX (47.118.XX.XX): icmp_seq=3 ttl=59 time=5.83 ms
64 bytes from 47.118.XX.XX (47.118.XX.XX): icmp_seq=4 ttl=59 time=5.84 ms
64 bytes from 47.118.XX.XX (47.118.XX.XX): icmp_seq=5 ttl=59 time=5.86 ms

    Appendix: Configure an instance to deny Internet access

    If you have special security requirements and want to prevent computing resources such as DSW and DLC from accessing the Internet, set the Internet Access Gateway to Private Gateway and do not create an Internet NAT gateway or an SNAT entry when you configure the instance. This ensures that the instance can access only data within the VPC and cannot access the Internet.