This topic describes how to create an Internet NAT gateway, associate an elastic IP address (EIP) with a Data Science Workshop (DSW) instance, and configure SNAT in the virtual private cloud (VPC) that is associated with the DSW instance. This allows the DSW instance to access the Internet by using a private Internet NAT gateway to accelerate the upload and download of training data and code.
Prerequisites
A VPC and a vSwitch are created. To avoid conflicts with the CIDR block of the Platform for AI (PAI), we recommend that you use the
192.168.0.0/16
CIDR block for the VPC. For more information, see Create and manage a VPC.A security group is created for the VPC. For more information, see Create a security group.
Background information
When you develop algorithms and models in DSW, the DSW instances in the cluster use a shared Internet gateway and have limited bandwidth. This may result in low download speed when you pull large datasets or models. PAI provides a solution to the issue. The solution can help you connect DSW instances to your VPC and route requests from the Internet to a private NAT Internet gateway. To resolve the bottleneck issue of the Internet egress bandwidth, you can associate an EIP with the DSW instance and select a bandwidth based on your business requirements.
Procedure
Create an Internet NAT gateway. The following table describes the key parameters. For information about other parameters, see the "Step 1: Create an Internet NAT gateway" section in the Use the SNAT feature of an Internet NAT gateway to access the Internet topic.
For information about how to create multiple Internet NAT gateways in your VPC, see Deploy multiple Internet NAT gateways in one VPC.
Parameter
Description
Region
Make sure that the region is the same as the region where your VPC resides. If you do not specify a region, the region where your VPC resides is used.
VPC
Select an existing VPC, vSwitch, and security group. Make sure that the VPC and vSwitch are the same as the VPC and vSwitch that you configure for the DSW instance.
Associate vSwitch
Access Mode
Select SNAT for All VPC Resources. An SNAT entry is automatically configured for your VPC.
EIP
If no EIP is available, click Purchase EIP and complete the configuration by following the on-screen instructions. Configure the Maximum Bandwidth parameter based on your business requirements. We recommend that you select a sufficient bandwidth and set the Metering Method parameter to Pay-By-Data-Transfer.
On the Internet NAT Gateway page, click the name of the gateway that you created to go to the Basic Information tab. On the SNAT Management tab, check whether an SNAT entry is created.
If no SNAT entry is created, create an SNAT entry in the gateway. When you create an SNAT entry, select Specify VPC and set the Select Public IP Address parameter to Use Single IP. If you purchased multiple IP addresses, you can select Use Multiple IP. For more information about how to create an SNAT entry, see the "Step 3: Create an SNAT entry" section in the Use the SNAT feature of an Internet NAT gateway to access the Internet topic.
Create a DSW instance in the region where the VPC resides. The following table describes the key parameters. For information about other parameters, see Create a DSW instance.
Parameter
Description
VPC
This parameter is available only if you select the public resource group for Resource Group.
Select an existing VPC, vSwitch, and security group.
Security group
vSwitch
Internet Access Gateway
Select Private Gateway. The DSW instance accesses the Internet by using the private Internet NAT gateway. If you do not purchase an Internet NAT gateway, associate an EIP with the DSW instance, and configure an SNAT entry, the DSW instance cannot access the Internet.
Test the network connectivity.
On the DSW page, find the DSW instance and click Launch in the Actions column. For more information, see Create a DSW instance.
In the DSW development environment, click Terminal in the top navigation bar.
Run the
ping www.aliyun.com
command to test the network connectivity.If a response packet is returned, the DSW instance can access the Internet by using the private Internet NAT gateway.
The following response indicates that the DSW instance can access the Internet by using the private Internet NAT gateway.
PING www.aliyun.com.w.cdngslb.com (47.118.XX.XX) 56(84) bytes of data. 64 bytes from 47.118.XX.XX (47.118.XX.XX): icmp_seq=1 ttl=59 time=5.96 ms 64 bytes from 47.118.XX.XX (47.118.XX.XX): icmp_seq=2 ttl=59 time=5.83 ms 64 bytes from 47.118.XX.XX (47.118.XX.XX): icmp_seq=3 ttl=59 time=5.83 ms 64 bytes from 47.118.XX.XX (47.118.XX.XX): icmp_seq=4 ttl=59 time=5.84 ms 64 bytes from 47.118.XX.XX (47.118.XX.XX): icmp_seq=5 ttl=59 time=5.86 ms
Appendix: Disable a DSW instance to access the Internet
If you want to disable a DSW instance to access the Internet for security reasons, you can set the Internet Access Gateway parameter to a private gateway. Do not configure an egress network in the specified VPC when you create the DSW instance. The egress network includes an Internet NAT gateway and an SNAT entry. This ensures that the DSW instance can access only the data in the VPC and not the Internet.