全部产品
存储与CDN 数据库 安全 应用服务 数加·人工智能 数加·大数据基础服务 互联网中间件 视频服务 开发者工具 解决方案 物联网

多应用共享公网带宽

更新时间:2017-08-03 09:07:20

本文介绍如何通过API使用NAT网关的DNAT功能和共享带宽功能实现多应用的共享带宽。

为了方便调用API,本操作中使用了一个用python语言编写的Command Line工具。

前期准备

  1. 部署规划

    假设系统中有四个面向互联网的应用,需要使用三个公网IP;另外需要一个ECS和一个IP作为服务器管理的跳板机来使用,并准备一个公网IP暂时备用。整体资源规划如下:

    • 带宽需求总量:150Mbps
    • 公网IP需求总量:5个,其中一个公网IP留作备用
    • ECS需求总量:5个
    • 公网IP与ECS的映射关系:
      • IP1->ECS1
      • IP2->ECS2
      • IP3->ECS3/ECS4(其中80端口映射给ECS3的80端口;443端口映射给ECS4的443端口)
      • IP4->ECS5(运维跳板机,仅开放22端口)
      • IP5:暂不添加DNAT规则
  2. 创建VPC与ECS

    创建VPC与ECS。注意ECS实例不需要单独配置公网IP。

    VPC与ECS资源相关情况如下:

    • VPC ID: vpc-11af8lxxx
    • ECS列表
      实例名称私网IP
      ECS1192.168.1.1
      ECS2192.168.1.2
      ECS3192.168.1.3
      ECS4192.168.1.4
  3. CLI工具下载

    单击此处下载CLI工具。

    Linux环境下可以直接使用wget命令进行下载。

    1. wget http://docs-aliyun.cn-hangzhou.oss.aliyun-inc.com/assets/attach/42691/cn_zh/1468947102311/api.py
  4. 创建AccessKey

    您需要为调用API的账号创建一个AccessKey,用于身份验证。详情查看创建AccessKey

  5. 为CLI工具配置AccessKey

    ak

步骤一 创建NAT网关

  1. 调用CreateNatGateway接口创建NAT网关。

    API示例:

    1. [admin@tester:xxx]$ python api.py CreateNatGateway RegionId=cn-shanghai VpcId=vpc-11af8lxxx BandwidthPackage.1.IpCount=4 BandwidthPackage.1.Bandwidth=150 BandwidthPackage.1.Zone=cn-shanghai-a Name=MyNatGW Description="My first NAT Gateway"
    2. =====Request URL======
    3. https://ecs.aliyuncs.com/?SignatureVersion=1.0&VpcId=vpc-11af8lxxx&Name=MyNatGW&Format=json&TimeStamp=2016-05-23T03%3A26%3A21Z&BandwidthPackage.1.IpCount=5&RegionId=cn-shanghai&AccessKeyId=jZgi0oyrQ6ihgKp9&SignatureMethod=HMAC-SHA1&Version=2014-05-26&Signature=I4KKhWgjJdImTqk4rCifAB3LbLw%3D&action=CreateNatGateway&SignatureNonce=1ebae49c-2096-11e6-b781-2cf0ee28adf2&BandwidthPackage.1.Bandwidth=150&BandwidthPackage.1.Zone=cn-shanghai-a&Description=My+first+NAT+Gateway
    4. =====Request URL end======
    5. ====== Got Response ======
    6. {
    7. "BandwidthPackageIds": {
    8. "BandwidthPackageId": [
    9. "bwp-11odxu2k7"
    10. ]
    11. },
    12. "ForwardTableIds": {
    13. "ForwardTableId": [
    14. "ftb-11tc6xgmv"
    15. ]
    16. },
    17. "NatGatewayId": "ngw-112za33e4",
    18. "RequestId": "2315DEB7-5E92-423A-91F7-4C1EC9AD97C3"
    19. }
  2. 调用 DescribeNatGateways接口查看NAT网关的详细信息。

    API示例:

    1. [admin@tester:xxx]$ python api.py DescribeNatGateways RegionId=cn-shanghai VpcId=vpc-11af8lxxx
    2. =====Request URL======
    3. https://ecs.aliyuncs.com/?SignatureVersion=1.0&VpcId=vpc-11af8lxxx&Format=json&TimeStamp=2016-05-23T03%3A27%3A14Z&RegionId=cn-shanghai&AccessKeyId=jZgi0oyrQ6ihgKp9&SignatureMethod=HMAC-SHA1&Version=2014-05-26&Signature=JvXErso9g0fZdRTgBtNLepe%2F1e4%3D&action=DescribeNatGateways&SignatureNonce=3e1424eb-2096-11e6-bc31-2cf0ee28adf2
    4. =====Request URL end======
    5. ====== Got Response ======
    6. {
    7. "NatGateways": {
    8. "NatGateway": [
    9. {
    10. "BandwidthPackageIds": {
    11. "BandwidthPackageId": [
    12. "bwp-11odxu2k7"
    13. ]
    14. },
    15. "BusinessStatus": "Normal",
    16. "CreationTime": "2016-05-23T03:26:23Z",
    17. "Description": "My first NAT Gateway",
    18. "ForwardTableIds": {
    19. "ForwardTableId": [
    20. "ftb-11tc6xgmv"
    21. ]
    22. },
    23. "InstanceChargeType": "PostPaid",
    24. "Name": "MyNatGW",
    25. "NatGatewayId": "ngw-112za33e4",
    26. "RegionId": "cn-shanghai",
    27. "Spec": "Small",
    28. "Status": "Available",
    29. "VpcId": "vpc-11af8lxxx"
    30. }
    31. ]
    32. },
    33. "PageNumber": 1,
    34. "PageSize": 10,
    35. "RequestId": "FE4C442C-9778-449A-BF7F-7F36C3AF5611",
    36. "TotalCount": 1
    37. }
  3. 调用DescribeBandwidthPackages接口查看已创建的共享带宽包的详细信息。

    1. [admin@tester:xxx]$ python api.py DescribeBandwidthPackages RegionId=cn-shanghai NatGatewayId=ngw-112za33e4
    2. =====Request URL======
    3. https://ecs.aliyuncs.com/?SignatureVersion=1.0&Format=json&TimeStamp=2016-05-23T03%3A33%3A30Z&RegionId=cn-shanghai&NatGatewayId=ngw-112za33e4&AccessKeyId=jZgi0oyrQ6ihgKp9&SignatureMethod=HMAC-SHA1&Version=2014-05-26&Signature=KN0C2Q4TUZtfECBn1c2lOdBzrb8%3D&action=DescribeBandwidthPackages&SignatureNonce=1e8941ae-2097-11e6-acbb-2cf0ee28adf2
    4. =====Request URL end======
    5. ====== Got Response ======
    6. {
    7. "BandwidthPackages": {
    8. "BandwidthPackage": [
    9. {
    10. "Bandwidth": "150",
    11. "BandwidthPackageId": "bwp-11odxu2k7",
    12. "BusinessStatus": "Normal",
    13. "CreationTime": "2016-05-23T03:26:24Z",
    14. "Description": "",
    15. "InstanceChargeType": "PostPaid",
    16. "InternetChargeType": "PayByBandwidth",
    17. "IpCount": "5",
    18. "Name": "",
    19. "NatGatewayId": "ngw-112za33e4",
    20. "PublicIpAddresses": {
    21. "PublicIpAddresse": [
    22. {
    23. "AllocationId": "nateip-11iopy3sl",
    24. "IpAddress": "139.xxx.xx.107"
    25. },
    26. {
    27. "AllocationId": "nateip-11pt1f9ph",
    28. "IpAddress": "139.xxx.xx.55"
    29. },
    30. {
    31. "AllocationId": "nateip-111ul670c",
    32. "IpAddress": "139.xxx.xx.79"
    33. },
    34. {
    35. "AllocationId": "nateip-11ogfjj85",
    36. "IpAddress": "139.xxx.xx.59"
    37. },
    38. {
    39. "AllocationId": "nateip-11s2jempe",
    40. "IpAddress": "139.xxx.xx.58"
    41. }
    42. ]
    43. },
    44. "RegionId": "cn-shanghai",
    45. "Status": "Available",
    46. "ZoneId": "cn-shanghai-a"
    47. }
    48. ]
    49. },
    50. "PageNumber": 1,
    51. "PageSize": 10,
    52. "RequestId": "14406B86-7CA1-4907-9755-86096F476A4F",
    53. "TotalCount": 1
    54. }

步骤二 配置DNAT

  1. 调用CreateForwardEntry接口添加如下五条转发条目:

    • IP1:Any -> ecs-ip1:Any, protocal=Any
    • IP2:Any -> ecs-ip2:Any, protocal=Any
    • IP3:80 -> ecs-ip3:80 , protocal=TCP
    • IP3:443 -> ecs-ip3:443, protocal=TCP
    • IP4:22 -> ecs-ip4:22 , protocal=TCP

      API示例:

      1. [admin@tester:xxx]$ python api.py CreateForwardEntry RegionId=cn-shanghai ForwardTableId=ftb-11tc6xgmv ExternalIp=139.xxx.xx.107 ExternalPort=Any InternalIp=192.168.1.1 InternalPort=Any IpProtocol=Any
      2. =====Request URL======
      3. https://ecs.aliyuncs.com/?ExternalIp=139.xxx.xx.107&SignatureVersion=1.0&Format=json&TimeStamp=2016-05-23T03%3A53%3A18Z&RegionId=cn-shanghai&ExternalPort=Any&InternalIp=192.168.1.1&Signature=iR4GSzhJQtowMJOj%2FRth3ABP4FA%3D&AccessKeyId=jZgi0oyrQ6ihgKp9&ForwardTableId=ftb-11tc6xgmv&SignatureMethod=HMAC-SHA1&Version=2014-05-26&IpProtocol=Any&action=CreateForwardEntry&SignatureNonce=e2ceae11-2099-11e6-b548-2cf0ee28adf2&InternalPort=Any
      4. =====Request URL end======
      5. ====== Got Response ======
      6. [admin@tester:xxx]$ python api.py CreateForwardEntry RegionId=cn-shanghai ForwardTableId=ftb-11tc6xgmv ExternalIp=139.xxx.xx.107 ExternalPort=Any InternalIp=192.168.1.1 InternalPort=Any IpProtocol=Any
      7. =====Request URL======
      8. https://ecs.aliyuncs.com/?ExternalIp=139.xxx.xx.107&SignatureVersion=1.0&Format=json&TimeStamp=2016-05-23T03%3A53%3A18Z&RegionId=cn-shanghai&ExternalPort=Any&InternalIp=192.168.1.1&Signature=iR4GSzhJQtowMJOj%2FRth3ABP4FA%3D&AccessKeyId=jZgi0oyrQ6ihgKp9&ForwardTableId=ftb-11tc6xgmv&SignatureMethod=HMAC-SHA1&Version=2014-05-26&IpProtocol=Any&action=CreateForwardEntry&SignatureNonce=e2ceae11-2099-11e6-b548-2cf0ee28adf2&InternalPort=Any
      9. =====Request URL end======
      10. ====== Got Response ======
      11. {
      12. "ForwardEntryId": "fwd-119smw5tk",
      13. "RequestId": "A4AEE536-A97A-40EB-9EBE-53A6948A6928"
      14. }
      15. [admin@tester:xxx]$
      16. [admin@tester:xxx]$
      17. [admin@tester:xxx]$
      18. [admin@tester:xxx]$ python api.py CreateForwardEntry RegionId=cn-shanghai ForwardTableId=ftb-11tc6xgmv ExternalIp=139.xxx.xx.55 ExternalPort=Any InternalIp=192.168.1.2 InternalPort=Any IpProtocol=Any
      19. =====Request URL======
      20. https://ecs.aliyuncs.com/?ExternalIp=139.xxx.xx.55&SignatureVersion=1.0&Format=json&TimeStamp=2016-05-23T03%3A53%3A42Z&RegionId=cn-shanghai&ExternalPort=Any&InternalIp=192.168.1.2&Signature=mFBn%2BCd4LfHkKj53MwmWyMhzyfs%3D&AccessKeyId=jZgi0oyrQ6ihgKp9&ForwardTableId=ftb-11tc6xgmv&SignatureMethod=HMAC-SHA1&Version=2014-05-26&IpProtocol=Any&action=CreateForwardEntry&SignatureNonce=f09c1b38-2099-11e6-aa80-2cf0ee28adf2&InternalPort=Any
      21. =====Request URL end======
      22. ====== Got Response ======
      23. {
      24. "ForwardEntryId": "fwd-11dz3ly9l",
      25. "RequestId": "5DBC8F86-2D76-4BF4-B839-7FF31B61D516"
      26. }
      27. [admin@tester:xxx]$
      28. [admin@tester:xxx]$
      29. [admin@tester:xxx]$
      30. [admin@tester:xxx]$ python api.py CreateForwardEntry RegionId=cn-shanghai ForwardTableId=ftb-11tc6xgmv ExternalIp=139.xxx.xx.79 ExternalPort=80 InternalIp=192.168.1.3 InternalPort=80 IpProtocol=TCP
      31. =====Request URL======
      32. https://ecs.aliyuncs.com/?ExternalIp=139.xxx.xx.79&SignatureVersion=1.0&Format=json&TimeStamp=2016-05-23T03%3A54%3A10Z&RegionId=cn-shanghai&ExternalPort=80&InternalIp=192.168.1.3&Signature=OpTui3SKbAjKXy6gKRoJb%2B9Lazg%3D&AccessKeyId=jZgi0oyrQ6ihgKp9&ForwardTableId=ftb-11tc6xgmv&SignatureMethod=HMAC-SHA1&Version=2014-05-26&IpProtocol=TCP&action=CreateForwardEntry&SignatureNonce=01c41d5c-209a-11e6-905e-2cf0ee28adf2&InternalPort=80
      33. =====Request URL end======
      34. ====== Got Response ======
      35. {
      36. "ForwardEntryId": "fwd-11r23r7p5",
      37. "RequestId": "67B7AAFD-E7AB-4EB8-AA5C-AA38CFFB4A95"
      38. }
      39. [admin@tester:xxx]$
      40. [admin@tester:xxx]$
      41. [admin@tester:xxx]$
      42. [admin@tester:xxx]$ python api.py CreateForwardEntry RegionId=cn-shanghai ForwardTableId=ftb-11tc6xgmv ExternalIp=139.xxx.xx.79 ExternalPort=443 InternalIp=192.168.1.4 InternalPort=443 IpProtocol=TCP
      43. =====Request URL======
      44. https://ecs.aliyuncs.com/?ExternalIp=139.xxx.xx.79&SignatureVersion=1.0&Format=json&TimeStamp=2016-05-23T03%3A55%3A22Z&RegionId=cn-shanghai&ExternalPort=443&InternalIp=192.168.1.4&Signature=X%2BZtHbTeKYf8xU%2FvWhPAmg%2B5scc%3D&AccessKeyId=jZgi0oyrQ6ihgKp9&ForwardTableId=ftb-11tc6xgmv&SignatureMethod=HMAC-SHA1&Version=2014-05-26&IpProtocol=TCP&action=CreateForwardEntry&SignatureNonce=2c3f2573-209a-11e6-be0f-2cf0ee28adf2&InternalPort=443
      45. =====Request URL end======
      46. ====== Got Response ======
      47. {
      48. "ForwardEntryId": "fwd-11cdhpjlk",
      49. "RequestId": "260A9673-5522-4F66-844A-1F1AB47CD21C"
      50. }
      51. [admin@tester:xxx]$
      52. [admin@tester:xxx]$
      53. [admin@tester:xxx]$
      54. [admin@tester:xxx]$ python api.py CreateForwardEntry RegionId=cn-shanghai ForwardTableId=ftb-11tc6xgmv ExternalIp=139.xxx.xx.59 ExternalPort=22 InternalIp=192.168.1.5 InternalPort=22 IpProtocol=TCP
      55. =====Request URL======
      56. https://ecs.aliyuncs.com/?ExternalIp=139.xxx.xx.59&SignatureVersion=1.0&Format=json&TimeStamp=2016-05-23T03%3A55%3A44Z&RegionId=cn-shanghai&ExternalPort=22&InternalIp=192.168.1.5&Signature=%2FZWf5%2ForHr%2BUR446eEBLC4LNYe8%3D&AccessKeyId=jZgi0oyrQ6ihgKp9&ForwardTableId=ftb-11tc6xgmv&SignatureMethod=HMAC-SHA1&Version=2014-05-26&IpProtocol=TCP&action=CreateForwardEntry&SignatureNonce=39863cf3-209a-11e6-8f6d-2cf0ee28adf2&InternalPort=22
      57. =====Request URL end======
      58. ====== Got Response ======
      59. {
      60. "ForwardEntryId": "fwd-11iv34uj7",
      61. "RequestId": "0884BC12-8EAD-4AAA-826E-30E5435D7C27"
      62. }
  2. 调用DescribeForwardTableEntries接口查看已添加的DNAT条目。

    API示例:

    1. [admin@tester:xxx]$ python api.py DescribeForwardTableEntries RegionId=cn-shanghai ForwardTableId=ftb-11tc6xgmv
    2. =====Request URL======
    3. https://ecs.aliyuncs.com/?SignatureVersion=1.0&Format=json&TimeStamp=2016-05-23T03%3A56%3A18Z&RegionId=cn-shanghai&AccessKeyId=jZgi0oyrQ6ihgKp9&ForwardTableId=ftb-11tc6xgmv&SignatureMethod=HMAC-SHA1&Version=2014-05-26&Signature=x4%2B6oNYxIRBmND8rcIbJM9EJ8ts%3D&action=DescribeForwardTableEntries&SignatureNonce=4db93223-209a-11e6-81eb-2cf0ee28adf2
    4. =====Request URL end======
    5. ====== Got Response ======
    6. {
    7. "ForwardTableEntries": {
    8. "ForwardTableEntry": [
    9. {
    10. "ExternalIp": "139.xxx.xx.107",
    11. "ExternalPort": "any",
    12. "ForwardEntryId": "fwd-119smw5tk",
    13. "ForwardTableId": "ftb-11tc6xgmv",
    14. "InternalIp": "192.168.1.1",
    15. "InternalPort": "any",
    16. "IpProtocol": "any",
    17. "Status": "Available"
    18. },
    19. {
    20. "ExternalIp": "139.xxx.xx.79",
    21. "ExternalPort": "443",
    22. "ForwardEntryId": "fwd-11cdhpjlk",
    23. "ForwardTableId": "ftb-11tc6xgmv",
    24. "InternalIp": "192.168.1.4",
    25. "InternalPort": "443",
    26. "IpProtocol": "tcp",
    27. "Status": "Available"
    28. },
    29. {
    30. "ExternalIp": "139.xxx.xx.55",
    31. "ExternalPort": "any",
    32. "ForwardEntryId": "fwd-11dz3ly9l",
    33. "ForwardTableId": "ftb-11tc6xgmv",
    34. "InternalIp": "192.168.1.2",
    35. "InternalPort": "any",
    36. "IpProtocol": "any",
    37. "Status": "Available"
    38. },
    39. {
    40. "ExternalIp": "139.xxx.xx.59",
    41. "ExternalPort": "22",
    42. "ForwardEntryId": "fwd-11iv34uj7",
    43. "ForwardTableId": "ftb-11tc6xgmv",
    44. "InternalIp": "192.168.1.5",
    45. "InternalPort": "22",
    46. "IpProtocol": "tcp",
    47. "Status": "Available"
    48. },
    49. {
    50. "ExternalIp": "139.xxx.xx.79",
    51. "ExternalPort": "80",
    52. "ForwardEntryId": "fwd-11r23r7p5",
    53. "ForwardTableId": "ftb-11tc6xgmv",
    54. "InternalIp": "192.168.1.3",
    55. "InternalPort": "80",
    56. "IpProtocol": "tcp",
    57. "Status": "Available"
    58. }
    59. ]
    60. },
    61. "PageNumber": 1,
    62. "PageSize": 10,
    63. "RequestId": "C84FDDCF-8550-4024-B89C-01E7459D7CF9",
    64. "TotalCount": 5
    65. }

其它相关操作

增加公网IP个数

当需要更多公网IP时,可以在共享带宽包中增加公网IP个数,并为这些新增加的公网IP添加DNAT规则。

您可以调用AddBandwidthPackageIps接口增加公网IP个数。

API示例:

  1. [admin@tester:xxx]$ python api.py AddBandwidthPackageIps RegionId=cn-shanghai BandwidthPackageId=bwp-11odxu2k7 IpCount=6
  2. =====Request URL======
  3. https://ecs.aliyuncs.com/?SignatureVersion=1.0&BandwidthPackageId=bwp-11odxu2k7&Format=json&TimeStamp=2016-05-23T03%3A58%3A18Z&RegionId=cn-shanghai&AccessKeyId=jZgi0oyrQ6ihgKp9&SignatureMethod=HMAC-SHA1&Version=2014-05-26&Signature=pSjC98nbDGgMl1tdjcXARIfW6t0%3D&action=AddBandwidthPackageIps&SignatureNonce=955c7d70-209a-11e6-907e-2cf0ee28adf2&IpCount=6
  4. =====Request URL end======
  5. ====== Got Response ======
  6. {
  7. "RequestId": "EC0B5C51-7F40-44D6-A642-1DE764B547EC"
  8. }

减少公网IP个数

当需要减少一些公网IP时,可以在共享带宽包中删除指定的公网IP。删除前,确保该IP没有被DNAT规则引用。如果有引用,需要先删除相应的DNAT规则。

您可以调用RemoveBandwidthPackageIps接口减少公网IP个数。

API示例:

  1. [admin@tester:xxx]$ python api.py RemoveBandwidthPackageIps RegionId=cn-shanghai BandwidthPackageId=bwp-11odxu2k7 RemovedIpAddresses.1=nateip-1110a2l48 RemovedIpAddresses.2=nateip-11s2jempe
  2. =====Request URL======
  3. https://ecs.aliyuncs.com/?RemovedIpAddresses.2=nateip-11s2jempe&SignatureVersion=1.0&BandwidthPackageId=bwp-11odxu2k7&Format=json&TimeStamp=2016-05-23T04%3A01%3A34Z&RegionId=cn-shanghai&RemovedIpAddresses.1=nateip-1110a2l48&AccessKeyId=jZgi0oyrQ6ihgKp9&SignatureMethod=HMAC-SHA1&Version=2014-05-26&Signature=l4NbMQD5X1xkLrgBZm34Aj4uwiI%3D&action=RemoveBandwidthPackageIps&SignatureNonce=0a34f3f3-209b-11e6-b183-2cf0ee28adf2
  4. =====Request URL end======
  5. ====== Got Response ======
  6. {
  7. "RequestId": "7D275A59-1EB0-4775-8A20-2A47055EAC5C"
  8. }

临时增减带宽

随着业务压力的变化,在某些时候需要增减购买的带宽。

您可以调用ModifyBandwidthPackageSpec修改带宽。

API示例:

  1. [admin@tester:xxx]$ python api.py ModifyBandwidthPackageSpec RegionId=cn-shanghai BandwidthPackageId=bwp-11odxu2k7 Bandwidth=200
  2. =====Request URL======
  3. https://ecs.aliyuncs.com/?SignatureVersion=1.0&BandwidthPackageId=bwp-11odxu2k7&Format=json&TimeStamp=2016-05-23T04%3A03%3A08Z&RegionId=cn-shanghai&Bandwidth=200&AccessKeyId=jZgi0oyrQ6ihgKp9&SignatureMethod=HMAC-SHA1&Version=2014-05-26&Signature=tozPphaDTYvhOI%2Bw%2FJjw7WaPn70%3D&action=ModifyBandwidthPackageSpec&SignatureNonce=42429561-209b-11e6-b869-2cf0ee28adf2
  4. =====Request URL end======
  5. ====== Got Response ======
  6. {
  7. "RequestId": "079874CD-AEC1-43E6-AC03-ADD96B6E4907"
  8. }
本文导读目录