All Products
Search

This Product

    Platform For AI:Best practices for accessing dedicated gateway across VPCs

    Document Center

    Platform For AI:Best practices for accessing dedicated gateway across VPCs

    Last Updated:Sep 23, 2024

    You can use the dedicated gateway feature to implement isolation and access control. Dedicated gateway allows various access methods, such as public network access, intra-region virtual private cloud (VPC) access, and inter-region VPC access. This topic describes how to access a dedicated gateway across VPCs. In this solution, the two VPCs reside in different regions, but they can also reside in the same region.

    Overview

    Before this solution, you must have connected two VPCs by using Cloud Enterprise Network (CEN), VPC peering, or other methods. This solution only describes how to connect the VPCs to a dedicated gateway in four steps:

    1. Create a dedicated gateway and associate VPC 1: The system configures access control and connects the dedicated gateway to VPC 1.

    2. Specify effective scope for the dedicated gateway: Include VPC 2 in the effective scope of the dedicated gateway.

    3. Verify connectivity: Verify whether VPC2 can access the dedicated gateway through the endpoint.

    4. Create a service and associate the dedicated gateway: During service deployment, associate the service with the dedicated gateway to enable access from VPC 1 and VPC 2.

    image

    Prerequisites

    Make sure the following prerequisites are met before you proceed:

    • Two VPCs are created and vSwitches are configured for the VPCs. For more information, see Create and manage a VPC and Create and manage a vSwitch. In this example, VPC 1 is created in the China (Beijing) region and VPC 2 is created in the China (Hangzhou) region.

    • Connection between the two VPCs is established by using CEN, VPC peering, or other methods. For more information, see Overview of VPC connections.

    Step 1: Create a dedicated gateway and associate VPC 1

    1. Log on to the PAI console and select the China (Beijing) region. In the left-side navigation pane, choose Model Deployment > Elastic Algorithm Service (EAS). Then, select a workspace and click Enter Elastic Algorithm Service (EAS).

    2. On the Model online service (EAS) page, choose the Dedicated Gateway tab and create a dedicated gateway. For more information, see Use a dedicated gateway.

    3. On the details page of the dedicated gateway, choose the VPC tab and click Add VPC. For more information, see Use a dedicated gateway.image

      In step ③, select the VPC (ID) and vSwitch you created in the China (Beijing) region.

      Note

      If the following error message appears when you add a VPC, select a vSwitch from a supported zone.

      Vswitch vsw-2zeqwh8hv0gb96zcd**** in zone cn-beijing-g is not supported, supported zones: [cn-beijing-i cn-beijing-l cn-beijing-k]

      If Status changes to Running, the VPC is added. Then, a corresponding zone is automatically created in the DNS console.

    Step 2: Specify effective scope for the dedicated gateway

    1. Log on to the Alibaba Cloud DNS console. In the left-side navigation pane, click Private DNS (PrivateZone). On the page that appears, choose Built-in Authoritative Module > User Defined Zones. Then, find the zone that correspond to the dedicated gateway and click Effective Scope Settings in the Actions column.

    2. In the Zone Settings tab, expand the Effective Scope of Zone section. Then, select VPC 2 in the China (Hangzhou) region in the Alibaba Cloud VPC field.image

    3. Click OK.

    Step 3: Verify connectivity

    1. On the details page of the dedicated gateway, choose the VPC tab and view the Endpoint.image

    2. Log on to VPC 2 in the China(Hangzhou) region and access the endpoint of the gateway.

      The following return indicates that the dedicated gateway is accessible across VPCs.image

    Step 4: Create a service and associate the dedicated gateway

    1. Log on to the PAI console and select the China (Beijing) region. In the left-side navigation pane, choose Model Deployment > Elastic Algorithm Service (EAS). Then, select a workspace and click Enter Elastic Algorithm Service (EAS).

    2. On the Elastic Algorithm Service (EAS) page, deploy a custom service. In the Service Configuration section, select the created dedicated gateway. For information about the other parameters, see Deploy a model service in the PAI console.image

      If Status changes to Running, the service is deployed.

    Verify network connectivity

    1. View service endpoint.

      1. In the service list, click the created service to view its details.

      2. Click View Endpoint Information.image

    2. Verify cross-region access over VPCs.

      Log on to VPC 2 in the China(Hangzhou) region. Access the endpoint of the service. You need to delete http:// at the beginning and / at the end of the endpoint. The following return indicates that the service is accessible across VPCs through the dedicated gateway.image

    References

    For information about the billing, usage, and other details about dedicated gateways, see Use a dedicated gateway.