Obtain models or container images outside the Chinese Mainland in DSW - Platform For AI

When you use a container image (docker.io image) outside the Chinese mainland to create a Data Science Workshop (DSW) instance or obtain a model (huggingface.co image) outside the Chinese mainland in a DSW instance, access may fail due to cross-border network restrictions. To address this issue, you can create a Global Accelerator (GA) instance and use its global network acceleration service to enable cross-border access to models and images in DSW.

Usage notes

Make sure that your network access is compliant. Access to websites with illegal content will be blocked.

Billing

GA is an independent cloud product and you are charged for instances, performance Capacity Units (CUs), and network transmission bandwidth. For more information, see Billing rules.

Procedure

This topic uses huggingface and docker as examples to describe how to perform the steps based on your business requirements. The following table describes the domain names requiring acceleration.

Accelerated resource	Accelerated domain name
huggingface	`huggingface.co` and `cdn-lfs.hf.co` domain names for Content Delivery Network (CDN)
docker	`docker.io` and `production.cloudflare.docker.com`

Step 1: Create a standard GA instance

The following section describes only key parameter configurations. For more information, see Create and manage standard GA instances.

Activate GA and log on to the GA console. On the Instances page, click Create Standard Pay-as-you-go Instance. In the Basic Instance Configuration step of the Create Standard Instance (Pay-as-you-go) page, configure basic information, such as the instance name, and click Next.
In the Configure Acceleration Area step, select acceleration regions in which DSW instances reside, configure the network bandwidth based on your business requirements, and then click Next.
In the Configure listeners step, enter a listener name, and set the Protocol parameter to TCP and the Port parameter to 80,443. You can also configure the parameters based on your business requirements.
In the Configure an endpoint group step, configure an endpoint group.
- Region: Select a region outside the Chinese mainland. We recommend that you select US (Silicon Valley).
- Endpoint Configuration: Configure one domain name requiring accelerated access. If you need to configure multiple domain names, add multiple virtual endpoint groups later.
  - Backend Service Type: Select Custom Domain Name.
  - Backend Service: Enter the domain name that requires acceleration, such as huggingface.co.
  - Weight: Retain the default configuration.
In the Configuration Review step, confirm the configuration details and click Submit.

Step 2: Add virtual endpoint groups and configure forwarding rules

In the left-side navigation pane, choose Standard Instance > Instances. On the Instances page, find the created instance and click its name. On the page that appears, click the Listeners tab.
On the Listeners tab, find the desired listener and click its name. On the page that appears, click the Endpoint Group tab. On the Endpoint Group tab, you can find the default endpoint group, in which the domain name is huggingface.co, that you configured in Step 1.
Click Add Virtual Endpoint Group to add a virtual endpoint group for each domain name requiring acceleration. In this example, the additional domain names are docker.io, production.cloudflare.docker.com, and cdn-lfs.hf.co.
- Backend Service Type: Select Custom Domain Name.
- Backend Service: Enter a domain name requiring acceleration.
- Weight: Retain the default configuration.
Add virtual endpoint groups for other domain names requiring acceleration by using the same method. After the operations are complete, three virtual endpoint groups appear in the list.
On the listener configuration page, click the Forwarding Rule tab. On the Forwarding Rule tab, click Add Forwarding Rule for each of the four domain names requiring acceleration. Configure the following parameters for each forwarding rule:
- Domain name matching rule: Select Exact Match.
- Host: Enter the domain name requiring acceleration.
- Forward: Select the endpoint group type and endpoint group for the desired domain name. For example, select the default endpoint group for the huggingface.co domain name, and Virtual Endpoint Group 1, 2, and 3 for the docker.io, production.cloudflare.docker.com, and cdn-lfs.hf.co domain names.
After the configurations are complete, four forwarding rules appear.

Step 3: Use GA in DSW

Acceleration method	Method 1: Modify the hosts file of a DSW instance for accelerated access	Method 2: Configure accelerated access by using PrivateZone
Scenario	Obtain models or resources outside the Chinese mainland from existing DSW instances.	Use images outside the Chinese mainland to create DSW instances and obtain models or resources outside the Chinese mainland in DSW.
Whether you need to configure a virtual private cloud (VPC), security group, or vSwitch in DSW	Optional.	Required.
Whether you need to configure a virtual gateway and SNAT in DSW	Optional. When you download large files, the network access speed may not meet your requirements. You can improve Internet access rate by using a private gateway.

Method 1: Modify the hosts file of a DSW instance for accelerated access

On the Instances page, find the desired instance and click its name. On the Acceleration Area tab of the instance details page, obtain an accelerated IP address.
Open a DSW instance, run vim /etc/hosts in the terminal, add the accelerated IP address and domain name to the hosts file, save the file, and then exit the file. The following figure shows the sample content.

Method 2: Configure accelerated access by using PrivateZone

On the Instances page of the GA console, find the desired instance and click its name. On the Instance Information tab, obtain the CNAME.
In the left-side navigation pane of the PAI console, choose Model Training > Data Science Workshop (DSW). On the Data Science Workshop (DSW) page, find the desired instance and click its name. In the Network Information section of the Instance Settings tab, obtain the VPC ID.
On the User Defined Zones subtab on the Built-in Authoritative Module tab on the Private DNS (PrivateZone) page of the Alibaba Cloud DNS console, click Add New Zone. In this example, the huggingface.co and cdn-lfs.hf.co domain names are used. In the Add Built-in Authoritative Zone panel, set the Built-in Authoritative Zone parameter to co. Click Effective Scope of Zone, set the Alibaba Cloud VPC parameter to the VPC ID that you obtained in Step 2, and then click OK. If you do not create a DSW instance, select the VPC that you configured here when you create the DSW instance later.
Find the co zone and click its name. On the Resource Records Settings tab, click Add Record. In the Add Record panel, configure the parameters. huggingface.co and cdn-lfs.hf.co have the same authoritative domain name co. Add records for them one by one.
- Record Type: Select CNAME.
- Record Value: Enter the CNAME that you obtained in Step 1.
Configure docker.io and production.cloudflare.docker.com by using the same method. Finally, a total of three built-in authoritative zones appear.

References

If the network access speed cannot meet your requirements, improve the Internet access rate by using a private gateway.