You can use the following Internet services to enable Elastic Compute Service (ECS) instances in a virtual private cloud (VPC) to access the Internet: Elastic IP Address (EIP), NAT Gateway, Server Load Balancer (SLB), and static public IP addresses. This topic describes the features and use cases of the preceding Internet services.
Public IP address
The Internet services have a variety of public IP address forms, including static public IP addresses of ECS instances in a VPC, public IP addresses of a NAT service plan, public IP addresses of Internet-facing SLB instances, and public IP addresses of VPN gateways. You can associate EIPs with ECS instances in a VPC, NAT gateways, and internal-facing SLB instances. This facilitates public IP address management.
You can associate EIPs with Internet Shared Bandwidth instances and data transfer plans to handle traffic fluctuation and reduce costs.
Internet services
The following table describes the features of the Internet services.
Alibaba Cloud provides Internet Shared Bandwidth and data transfer plans to help you reduce costs. You can select an Internet service based on your business requirements.
Service | Feature | Benefits |
Static public IP address | When you create an ECS instance in a VPC, you can specify whether you want the system to assign a public IPv4 address to the ECS instance. The ECS instance can use the public IP address to communicate with the Internet. You cannot disassociate the public IP address from the ECS instance. However, you can convert the public IP address to an EIP. For more information, see Convert the static public IP address of an ECS instance in a VPC to an EIP. | You can purchase data transfer plans for an ECS instance that is assigned a public IP address. You can also purchase an Internet Shared Bandwidth instance for an ECS instance after you convert the public IP address of the ECS instance to an EIP. For more information, see What is Internet Shared Bandwidth? and What is a data transfer plan? |
EIP | You can associate EIPs with or disassociate EIPs from ECS instances anytime. ECS instances in a VPC can use EIPs in SNAT entries to access the Internet and use EIPs in DNAT entries to provide Internet-facing services. | You can associate EIPs with or disassociate EIPs from ECS instances anytime. You can use Internet Shared Bandwidth and data transfer plans to reduce the cost of data transfer over the Internet. |
Internet NAT gateway | ECS instances in a VPC can use SNAT entries to access the Internet and use DNAT entries to provide Internet-facing services. Note Internet NAT gateways do not provide load balancing services. To balance the loads of ECS instances, use SLB. | An Internet NAT gateway allows multiple ECS instances in a VPC to communicate with the Internet. However, each EIP can be used by only one ECS instance. |
SLB | SLB provides load balancing services at Layer 4 and Layer 7. You can specify the ports on which SLB listens to distribute requests from the Internet to ECS instances. Alibaba Cloud provides two types of SLB instances: CLB and ALB. Note ECS instances that are deployed in VPCs cannot access the Internet through SLB. In this case, SNAT is not supported. | SLB supports DNAT. Each port on an SLB instance can be mapped to one or more ECS instances. SLB distributes network traffic across multiple ECS instances to prevent single points of failure. This improves the availability of application systems. After you associate an EIP with an SLB instance, you can purchase Internet Shared Bandwidth instances and data transfer plans to reduce costs. |
Scenario 1: Provide services
Use one ECS instance to provide services
If you have only one application that has a small volume of workloads, you can deploy only one ECS instance. You can deploy all workloads, including applications, databases, and files, on the ECS instance. Then, you can associate an EIP with the ECS instance to enable the ECS instance to provide services over the Internet.
Provide Layer 4 services with load balancing
If you have a high volume of workloads, you may need to deploy more than one ECS instance and enable load balancing. To meet this requirement, you can create an Internet-facing SLB instance, create a Layer 4 TCP or UDP listener, and add multiple ECS instances to the SLB instance.
Provide Layer 7 services with load balancing
If you want to distribute network traffic to different backend servers, you can create Layer 7 listeners and create URL-based forwarding rules. To meet this requirement, you can create an Internet-facing SLB instance, create a Layer 7 HTTP or HTTPS listener, and add multiple backend ECS instances.
Scenario 2: Enable an ECS instance with no public IP address assigned to access the Internet
Associate with EIPs
If you have a small number of ECS instances, you can associate an EIP with each ECS instance. Then, ECS instances in VPCs can use their EIPs to access the Internet. If you want to disable Internet access for the ECS instances, disassociate them from the EIPs.
Associate with a NAT gateway and create an SNAT entry
If you have a large number of ECS instances, associating them with EIPs increases the O&M cost. In addition, security risks may arise because the ECS instances are exposed to the Internet. To address this issue, we recommend that you create a public NAT gateway and SNAT entries, as shown in the following figure. Do not create DNAT entries.