Home PageData Transmission ServiceUser GuidePreparationConnect a data center to Alibaba CloudConnect an on-premises data center to DTS by using an Internet NAT gateway
Search for Help Content

Connect an on-premises data center to DTS by using an Internet NAT gateway

Updated at: 2025-02-07 06:46
Community

This topic describes how to configure an Internet network address translation (NAT) gateway to connect a self-managed databases that are hosted over the Internet to Alibaba Cloud and configure a Data Transmission Service (DTS) instance over a virtual private cloud (VPC).

Background information

When you create a DTS instance where the source or destination database is accessed over the Internet, and set the Access Method parameter to Public IP Address, you must add the CIDR block of the DTS server to the security settings of the database, such as firewall policies, IP address whitelists, and security group rules. A DTS server may contain a large number of IP addresses and the IP addresses may change as your business develops. Some IP addresses may be missed or you cannot connect to the database due to an invalid address. In this case, an error occurs to an instance.

Prerequisites

The database can access to the Internet.

Procedure

  1. Create a VPC.

    Create a transit VPC and a vSwitch.

  2. Purchase an Internet NAT gateway.

    Purchase an Internet NAT gateway in the transit VPC.

  3. Purchase an Elastic IP address (EIP).

  4. Associate the EIP to the Internet NAT gateway.

  5. Configure SNAT entries to the Internet NAT gateway.

  6. Configure alert rules in the Cloud Monitor console.

    Configure alert rules for the EIP associated with the Internet NAT gateway to monitor metrics and handle exceptions at the earliest opportunity.

  7. Configure the database whitelist.

    Add the EIP to the security settings of the database.

  8. Create a DTS instance.

Usage notes

  • You are charged for the Internet NAT gateway and EIP purchased. For more information, see Billing of Internet NAT gateways and Billing methods.

  • The instance that involves this solution may be unstable due to factors such as poor quality of Internet connections. Issues that arise in such circumstance are not covered by the service level agreement (SLA) of DTS.

  • When the DTS instance that involves this solution is running, do not modify or delete the transit VPC, the Internet NAT gateway, or associated EIP. Otherwise, the DTS instance is delayed or interrupted.

  • The IP address whitelist of the database connected over the Internet includes all EIPs associated with the In ternet NAT gateway. This way, you can access the database by using the Internet NAT gateway.

  • Do not add IP addresses beyond the EIP to the IP address whitelist of the database. Otherwise, this poses security risks to the database such as unauthorized access from other public IP addresses.

  • You can specify the Maximum Bandwidth parameter based on your business requirements when you purchase the EIP.

    Note

    Each DTS thread has only one connection that accesses the database by using an EIP.

  • You must disable the EIP Affinity of the Internet NAT gateway to ensure that DTS can use all associated EIPs. Otherwise, some associated EIPs fail to be used and the traffic of multiple threads cannot be distributed to multiple EIPs. A traffic bottleneck occurs.

  • The values of OutboundRatelimitDropSpeed and InboundRatelimitDropSpeed for each EIP associated with the Internet NAT gateway must be 0. If the value is greater than 0, a DTS instance may be delayed or interrupted. To address this issue, you can scale out the traffic (Maximum Bandwidth) of the EIP or increase the number of EIPs associated with the Internet NAT gateway. For more information, see Upgrades and downgrades.

    Note

    • If you increase the number of EIPs associated with the Internet NAT gateway, you must add the new EIPs to the IP address whitelist of the database connected over the Internet.

    • If the packet loss still appears after necessary actions are taken, contact the technical support for help.

Procedure

Step 1: Create a VPC

  1. Log on to the VPC console.

  2. In the top navigation bar, select the region where you want to create a VPC and a vSwitch.

    Note

    The VPC and the cloud resources that you want to deploy in the VPC must belong to the same region.

  3. On the VPC page, click Create VPC.

  4. Set the following parameters.

    1. Configure the VPC.

      1. Select a Region of the VPC.

      2. Specify a Name for the VPC.

      3. Optional: Select Manually enter an IPv4 CIDR block for the IPv4 CIDR Block parameter.

      4. Select 10.0.0.0/8 as the IPv4 CIDR Block.

    2. Configure the vSwitch.

      1. Specify a Name for the vSwitch.

      2. Select a Zone for the vSwitch.

        Important

        Select the zone to which the vSwitch belongs supports NAT gateways.

      3. Use the default settings for other parameters.

      For more information, see Create and manage a VPC.

    3. Click OK.

Step 2: Purchase an Internet NAT gateway

  1. Log on to the NAT Gateway console.
  2. On the Internet NAT Gateway page, click Create NAT Gateway.

  3. When you create an Internet NAT gateway for the first time, click Create in the Notes on Creating Service-linked Roles section of the buy page to create a service-linked role. After the service-linked role is created, you can create Internet NAT gateways.

    创建角色 For more information, see Service-linked roles.

  4. Set the following parameters.

    1. Select a Region for the Internet NAT gateway.

      Important

      The Internet NAT gateway and the VPC created in Step 1 of this topic must be deployed in the same Region.

    2. Select the VPC that you created in Step 1 of this topic.

    3. Select the Associate vSwitch that you created in Step 1 of this topic.

    4. Optional: Specify a Instance Name for the Internet NAT gateway.

    5. Select Configure Later for the Access Mode parameter.

    For more information, see Use the SNAT feature of an Internet NAT gateway to access the Internet.

  5. Click Buy Now and complete the payment.

Step 3: Purchase an EIP

  1. Log on to the Elastic IP Address console .

  2. On the Elastic IP Addresses page, click Create EIP.

  3. Set the parameters of the EIP.

    Select a Region and Zone for the EIP. Use the default settings for other parameters. For more information, see Apply for an EIP.

    Important

    The EIP and the VPC created in Step 1 of this topic must be deployed in the same Region and Zone.

  4. Click Buy Now and complete the payment.

  5. Record the IP address of the EIP.

    1. If the purchase is successful, return to the Elastic IP Addresses page.

    2. In the top navigation bar, select the region where the EIP is created.

    3. Record the address of the IP Address column.

Step 4: Associate the EIP to the Internet NAT gateway

  1. Log on to the NAT Gateway console.
  2. In the top navigation bar, select the region where you want to create the NAT gateway.

  3. On the Internet NAT Gateway page, find the Internet NAT gateway that you want to manage and click Associate Now in the EIP column.

    Note

    You can also choose image > Associate EIP in the Actions column of the instance.

  4. In the Associate EIP dialog box, select Select Existing EIP, and then select the EIP you purchased in Step 3 of this topic.

    Note

    If you purchase multiple EIP instances, repeat this step.

  5. Click OK.

    After you complete the preceding operations, the EIP is displayed in the EIP column.绑定EIP

Step 5: Configure SNAT entries to the Internet NAT gateway

  1. Log on to the NAT Gateway console.
  2. In the top navigation bar, select the region where you want to create the NAT gateway.
  3. On the Internet NAT Gateway page, find the NAT gateway that you want to manage and click Configure SNAT in the Actions column.

  4. On the SNAT Management tab, click Create SNAT Entry.

  5. Configure the following parameters.

    Note

    If the SNAT entries for the VPC exist, you can click Edit in the Actions column to modify the parameter.

    1. Select Specify VPC for the SNAT Entry parameter.

    2. Select the EIP specified in Step 4 of this topic for the EIP parameter.

      Note

      Select all purchased EIP instances that are associated with the Internet NAT gateway.

    3. Disable EIP Affinity.

  6. Click Create Now.

    Wait until the Status of the SNAT entry is in Available.

Step 6: Configure alert rules for the EIP associated with the Internet NAT gateway

  1. Log on to the Cloud Monitor console.

  2. In the left-side navigation pane, choose Alerts > Alert Rules.

  3. On the Alert Rules page, click Create Alert Rule.

  4. Configure the following parameters.

    Parameter

    Description

    Parameter

    Description

    Product

    Select Elastic IP Address.

    Resource Range

    Select Instances.

    Associated Resources

    1. Click Add Instance.

    2. In the dialog box that appears, select a region and an instance to find the EIP associated in Step 4 of this topic.

    3. Select the EIP.

      Note

      Select all purchased EIP instances that are associated with the Internet NAT gateway.

    4. Click OK.

    Rule Description

    1. Click Add Rule and select Combined Metrics.

    2. In the Configure Rule Description panel, enter the Alert Rule.

    3. In the Multi-metric Alert Condition section, configure alert rules for the OutboundRatelimitDropSpeed and InboundRatelimitDropSpeed.

      Note

      • Set the metric to an average value greater than (>) 0 pps.

      • You can click Add Metric to add multiple-metric alert rules.

    4. Select Generate alerts if one of the conditions is met (II) for the Relationship Between Metrics parameter.

    5. Select the Alert Threshold Triggers based on your business requirements.

    6. Click OK.

    Alert Contact Group

    Select the alert contact groups to which alert notifications are sent.

    Note

    For more information, see Create an alert contact or alert contact group.

    Other parameters

    Configure other parameters based on your business requirements. For more information, see Create an alert rule.

  5. Click OK.

Step 7: Add the EIP to the security settings of the database

Add the EIP associated in Step 4 of this topic to the security settings of the database, such as firewall policies, IP address whitelists, and security group rules.

Step 8: Create a DTS instance

Configure the following parameters to the Source Database and Destination Database parameters of a DTS instance, and complete subsequent configurations based on your business requirements.

  1. Select Database Type based on your business requirements.

  2. Select Access Method as the Express Connect, VPN Gateway, or Smart Access Gateway.

  3. Select Instance Region as the region where the VPC is deployed that you create in Step 1 of this topic.

  4. Select Connected VPC as the VPC you create in Step 1 of this topic.

  5. Select Domain Name or IP as the domain name or IP address of the database server.

Previous: Connect an on-premises database or a third-party cloud database to Alibaba Cloud by using Database GatewayNext: Connect an AWS database to Alibaba Cloud
  • On this page (1, T)
  • Background information
  • Prerequisites
  • Procedure
  • Usage notes
  • Procedure
  • Step 1: Create a VPC
  • Step 2: Purchase an Internet NAT gateway
  • Step 3: Purchase an EIP
  • Step 4: Associate the EIP to the Internet NAT gateway
  • Step 5: Configure SNAT entries to the Internet NAT gateway
  • Step 6: Configure alert rules for the EIP associated with the Internet NAT gateway
  • Step 7: Add the EIP to the security settings of the database
  • Step 8: Create a DTS instance
Feedback
phone Contact Us

Chat now with Alibaba Cloud Customer Service to assist you in finding the right products and services to meet your needs.

alicare alicarealicarealicare