This topic describes how to purchase a service bundle that consists of an SNAT-enabled Internet NAT gateway and an elastic IP address (EIP) for a virtual private cloud (VPC). After you purchase a service bundle, the EIP is automatically associated with the Internet NAT gateway and an SNAT entry is created for the VPC. This allows the ECS instance to access the Internet.
Prerequisites
A VPC and a vSwitch are created. For more information, see Create a VPC with an IPv4 CIDR block.
Make sure that the VPC meets the following requirements:
The VPC does not have a custom route whose destination CIDR block is 0.0.0.0/0. If the custom route exists, delete it.
If you want to configure SNAT as a Resource Access Management (RAM) user, make sure that the RAM user is authorized to access the VPC. Otherwise, contact the Alibaba Cloud account owner to acquire the permissions.
An ECS instance is created in the VPC and the ECS instance is not assigned a static public IP address. For information about how to create an ECS instance, see Create an instance on the Custom Launch tab.
Purchase an Internet NAT gateway and an EIP at the same time
- Log on to the NAT Gateway console.
On the Internet NAT Gateway page, click Create Internet NAT Gateway.
When you create an Internet NAT gateway for the first time, click Create in the Notes on Creating Service-linked Roles section of the buy page to create a service-linked role. After the service-linked role is created, you can create Internet NAT gateways.
For more information, see Service-linked roles.
On the buy page, set the following parameters and click Buy Now.
Parameter
Description
Billing Method
By default, Pay-As-You-Go is selected. You can pay for resources after you use them. For more information, see Billing of Internet NAT gateways.
Resource Group
Select the resource group to which the virtual private cloud (VPC) belongs. For more information, see Resource group overview.
Tags
Tag Key: Select or enter a tag key.
You can specify at most 20 tag keys. A tag key can be up to 64 characters in length and cannot start with aliyun or acs:. It cannot contain http:// or https://.
Tag Value: Select or enter a tag value.
You can specify at most 20 tag values. A tag value can be up to 128 characters in length. It cannot start with aliyun or acs:, and cannot contain http:// or https://.
Region
Select the region where you want to create the Internet NAT gateway.
VPC
Select the VPC where you want to create the Internet NAT gateway. After the Internet NAT gateway is created, you cannot change the VPC to which the Internet NAT gateway belongs.
Associate vSwitch
Select the vSwitch to which the Internet NAT gateway belongs.
Metering Method
By default, Pay-By-CU is selected. You are charged based on the resources that you use. For more information, see Billing of Internet NAT gateways.
Billing Cycle
By default, By Hour is selected. Bills are generated on an hourly basis. If you use an Internet NAT gateway for less than 1 hour, the usage duration is rounded up to 1 hour.
Instance Name
Enter a name for the Internet NAT gateway.
The name must be 2 to 128 characters in length and can contain digits, underscores (_), and hyphens (-). The name must start with a letter.
Access Mode
Select the mode in which you want to create the Internet NAT gateway. The following modes are supported:
SNAT for All VPC Resources: If you select this value, the Internet NAT gateway is created in unified access mode. After the Internet NAT gateway is created, all resources in the VPC can access the Internet by using the SNAT feature of the NAT gateway.
If you select SNAT for All VPC Resources, you must also specify an EIP.
Configure Later: If you select this option, you can configure the Internet NAT gateway in the console after you complete the payment.
If you select Configure Later, only the Internet NAT gateway is created. No SNAT entry is created.
In this example, SNAT for All VPC Resources is selected.
EIP
Select an EIP for the Internet NAT gateway. The following modes are supported:
Select EIP: Select an existing EIP from the EIP drop-down list.
Purchase EIP: Purchase a pay-as-you-go EIP in the region where the Internet NAT gateway is deployed.
Line Type: BGP(Multi-ISP) is selected by default.
Security Protection: By default, Default is selected, which specifies Anti-DDoS Origin Basic. Anti-DDoS Origin Basic can mitigate DDoS attacks at up to 5 Gbit/s.
Maximum Bandwidth: Specify the maximum bandwidth of the EIP.
Metering Method: Select the metering method of the EIP.
Pay-By-Data-Transfer: Bills are generated on an hourly basis based on the amount of data transferred over the Internet. For more information, see Internet data transfer fee.
Pay-By-Bandwidth: Bills are generated on a daily basis based on the specified maximum bandwidth value of the EIP. For more information, see Pay-as-you-go.
Confirm the information and complete the payment.
To associate the Internet NAT gateway with an existing EIP, confirm the information on the Confirm page, select Terms of Service, and then click Activate Now.
To associate the Internet NAT gateway with a new EIP, confirm the information on the Confirm page, select Terms of Service, and then click Confirm to complete the payment.
When the Purchased message appears, the purchase is completed.
Result
Check whether the Internet NAT gateway is created and associated with the EIP
- Log on to the NAT Gateway console.
On the Internet NAT Gateway page, you can view the Internet NAT gateway that you purchased.
In the EIP column of the Internet NAT gateway, view the IP address of the associated EIP.
On the Internet NAT Gateway page, click the ID of the Internet NAT gateway. On the Basic Information tab, view the route information about the Internet NAT gateway in the VPC Routes that Point to the NAT Gateway section.
The destination CIDR block of the route is 0.0.0.0/0, and the next hop of the route is the Internet NAT gateway.
On the Basic Information tab, click the SNAT Management tab to view the SNAT entry that is created by the system.
This SNAT entry is created by using the EIP that is associated with the Internet NAT gateway and is created for the VPC to which the Internet NAT gateway belongs. All ECS instances in the VPC can use the SNAT entry to access the Internet.
Check whether ECS instances in the VPC can use the SNAT entry to access the Internet
Log on to an ECS instance in the VPC. For more information, see Methods for connecting to an ECS instance.
Run the
ping
command:ping <a public IP address or domain name>
to test the network connectivity.In this example,
ping aliyun.com
is used. The result indicates that the ECS instance can access the Internet.Run the
curl myip.ipip.net
command to query the public IP address that the ECS instance uses to access the Internet.The result shows that the ECS instance uses the EIP specified in the SNAT entry to access the Internet, which indicates all ECS instances in the VPC can use the SNAT entry to access the Internet.