All Products
Search

This Product

    Platform For AI:Improve Internet access rate by using a private gateway

    Document Center

    Platform For AI:Improve Internet access rate by using a private gateway

    Last Updated:Mar 07, 2025

    By default, Data Science Workshop (DSW) and Deep Learning Containers (DLC) instances use a shared gateway, which is limited to bandwidth. Therefore, the network speed may not meet the requirements when you download large files. To accelerate network upload and download, you can create an Internet NAT gateway, associate an elastic IP address (EIP) with an instance, and configure SNAT in the virtual private cloud (VPC) in which the instance resides. This allows the instance to access the Internet at a high speed by using a private Internet gateway.

    Prerequisites

    • A VPC and a vSwitch are created. To avoid conflicts with the CIDR block of the Platform for AI (PAI), we recommend that you use the 192.168.0.0/16 CIDR block for the VPC. For more information, see Create and manage a VPC.

    • A security group is created for the VPC. For more information, see Create a security group.

    Note

    Internet NAT gateway is a separate service and incurs additional charges. For more information, see Billing of Internet NAT gateways.

    Procedure

    In this example, a private gateway is configured for a DSW instance. The procedure also applies to DLC instances.

    1. Create an Internet NAT gateway. Log on to the NAT Gateway console. The following table describes the key parameters. For information about other parameters, see the "Step 1: Create an Internet NAT gateway" section in the Use the SNAT feature of an Internet NAT gateway to access the Internet topic.

    For information about how to create multiple Internet NAT gateways in your VPC, see Deploy multiple Internet NAT gateways in one VPC.

    Parameter

    Description

    Region

    Make sure that the region is the same as the region where your VPC resides. If you do not specify a region, the region where your VPC resides is used.

    VPC

    Select an existing VPC, vSwitch, and security group. Make sure that the VPC and vSwitch are the same as the VPC and vSwitch that you configure for the DSW instance.

    Associate vSwitch

    Access Mode

    Select SNAT for All VPC Resources. An SNAT entry is automatically configured for your VPC.

    EIP

    If no EIP is available, click Purchase EIP and complete the configuration by following the on-screen instructions. Configure the Maximum Bandwidth parameter based on your business requirements. We recommend that you select a sufficient bandwidth and set the Metering Method parameter to Pay-By-Data-Transfer.

    1. Create an SNAT entry. On the Internet NAT Gateway page, click the name of the gateway that you created to go to the Basic Information tab. On the SNAT Management tab, check whether an SNAT entry is created. If no SNAT entry is created, create an SNAT entry in the gateway. When you create an SNAT entry, select Specify VPC and set the Select Public IP Address parameter to Use Single IP. If you purchased multiple IP addresses, you can select Use Multiple IP. For more information about how to create an SNAT entry, see the "Step 3: Create an SNAT entry" section in the Use the SNAT feature of an Internet NAT gateway to access the Internet topic. image.png

    2. Configure network parameters of the instance. Log on to the PAI console, and select the region in which your VPC resides in the upper-left corner of the page. Configure network parameters on the configuration page when you create a DSW instance. For an existing instance, click Change Settings to go to the configuration page. The following table describes the key parameters. For information about other parameters, see Create a DSW instance.

      Parameter

      Description

      VPC

      This parameter is available only if you select the public resource group for Resource Group.

      Select an existing VPC, vSwitch, and security group.

      Security group

      vSwitch

      Internet Access Gateway

      Select Private Gateway. The DSW instance accesses the Internet by using the private Internet NAT gateway. If you do not purchase an Internet NAT gateway, associate an EIP with the DSW instance, and configure an SNAT entry, the instance cannot access the Internet.

    3. Test the network connectivity.

      1. Open the DSW instance page and click Terminal in the top navigation bar.

      2. Run the ping www.aliyun.com command to test the network connectivity.

        If a response packet is returned, the DSW instance can access the Internet by using the private Internet NAT gateway.

        The following response indicates that the DSW instance can access the Internet by using the private Internet NAT gateway. 

        PING www.aliyun.com.w.cdngslb.com (47.118.XX.XX) 56(84) bytes of data.
64 bytes from 47.118.XX.XX (47.118.XX.XX): icmp_seq=1 ttl=59 time=5.96 ms
64 bytes from 47.118.XX.XX (47.118.XX.XX): icmp_seq=2 ttl=59 time=5.83 ms
64 bytes from 47.118.XX.XX (47.118.XX.XX): icmp_seq=3 ttl=59 time=5.83 ms
64 bytes from 47.118.XX.XX (47.118.XX.XX): icmp_seq=4 ttl=59 time=5.84 ms
64 bytes from 47.118.XX.XX (47.118.XX.XX): icmp_seq=5 ttl=59 time=5.86 ms

    Appendix: Disable an instance to access the Internet

    If you want to disable a computing resource such as a DSW or DLC instance to access the Internet for security reasons, you can set the Internet Access Gateway parameter to a private gateway. Do not configure an egress network in the specified VPC when you create the instance. The egress network includes an Internet NAT gateway and an SNAT entry. This ensures that the instance can access only the data in the VPC and not the Internet.