本文介绍如何通过NAT网关的DNAT功能和共享带宽功能实现多个应用共享一份公网带宽,节省公网成本。
背景信息
假设部署了四个面向互联网的应用,需要使用三个公网IP。另外需要一个ECS和一个IP作为服务器管理的跳板机来使用,并准备一个公网IP暂时备用。整体资源规划如下。
- 带宽需求总量:150Mbps
- 公网IP需求总量:5个,其中一个公网IP留作备用
- ECS需求总量:5个
- 公网IP与ECS的映射关系:
- IP1->ECS1
- IP2->ECS2
- IP3->ECS3/ECS4(其中80端口映射给ECS3的80端口;443端口映射给ECS4的443端口)
- IP4->ECS5(运维跳板机,仅开放22端口)
- IP5:暂不添加DNAT规则
创建VPC与ECS。注意:
VPC(ID: vpc-11af8l****)与ECS资源相关情况如下。
| 实例名称 |
私网IP |
| ECS1 |
192.168.1.1 |
| ECS2 |
192.168.1.2 |
| ECS3 |
192.168.1.3 |
| ECS4 |
192.168.1.4 |
步骤一:创建NAT网关
- 调用CreateNatGateway接口创建NAT网关。
[admin@tester:xxx]$ python api.py CreateNatGateway RegionId=cn-shanghai VpcId=vpc-11af8l**** BandwidthPackage.1.IpCount=4 BandwidthPackage.1.Bandwidth=150 BandwidthPackage.1.Zone=cn-shanghai-a Name=MyNatGW Description="My first NAT Gateway"
=====Request URL======
https://ecs.aliyuncs.com/?SignatureVersion=1.0&VpcId=vpc-11af8l****&Name=MyNatGW&Format=json&TimeStamp=2016-05-23T03%3A26%3A21Z&BandwidthPackage.1.IpCount=5&RegionId=cn-shanghai&AccessKeyId=jZgi0oyrQXXXXXXX&SignatureMethod=HMAC-SHA1&Version=2014-05-26&Signature=I4KKhWgjJdImTqk4rCifAB3LbLw%3D&action=CreateNatGateway&SignatureNonce=1ebae49c-2096-11e6-b781-2cf0ee28adf2&BandwidthPackage.1.Bandwidth=150&BandwidthPackage.1.Zone=cn-shanghai-a&Description=My+first+NAT+Gateway
=====Request URL end======
====== Got Response ======
{
"BandwidthPackageIds": {
"BandwidthPackageId": [
"bwp-11odxu2k7"
]
},
"ForwardTableIds": {
"ForwardTableId": [
"ftb-11tc6xgmv"
]
},
"NatGatewayId": "ngw-112za33e4****",
"RequestId": "2315DEB7-5E92-423A-91F7-4C1EC9AD97C3"
- 调用DescribeNatGateways接口查看NAT网关的详细信息。
[admin@tester:xxx]$ python api.py DescribeNatGateways RegionId=cn-shanghai VpcId=vpc-11af8l****
=====Request URL======
https://ecs.aliyuncs.com/?SignatureVersion=1.0&VpcId=vpc-11af8l****&Format=json&TimeStamp=2016-05-23T03%3A27%3A14Z&RegionId=cn-shanghai&AccessKeyId=jZgi0oyrQ6ihgKp9&SignatureMethod=HMAC-SHA1&Version=2014-05-26&Signature=JvXErso9g0fZdRTgBtNLepe%2F1e4%3D&action=DescribeNatGateways&SignatureNonce=3e1424eb-2096-11e6-bc31-2cf0ee28adf2
=====Request URL end======
====== Got Response ======
{
"NatGateways": {
"NatGateway": [
{
"BandwidthPackageIds": {
"BandwidthPackageId": [
"bwp-11odxu2k7****"
]
},
"BusinessStatus": "Normal",
"CreationTime": "2016-05-23T03:26:23Z",
"Description": "My first NAT Gateway",
"ForwardTableIds": {
"ForwardTableId": [
"ftb-11tc6xgmv"
]
},
"InstanceChargeType": "PostPaid",
"Name": "MyNatGW",
"NatGatewayId": "ngw-112za33e4****",
"RegionId": "cn-shanghai",
"Spec": "Small",
"Status": "Available",
"VpcId": "vpc-11af8l****"
}
]
},
"PageNumber": 1,
"PageSize": 10,
"RequestId": "FE4C442C-9778-449A-BF7F-7F36C3AF5611",
"TotalCount": 1
}
- 调用DescribeBandwidthPackages接口查看已创建的共享带宽包的详细信息。
[admin@tester:xxx]$ python api.py DescribeBandwidthPackages RegionId=cn-shanghai NatGatewayId=ngw-112za33e4****
=====Request URL======
https://ecs.aliyuncs.com/?SignatureVersion=1.0&Format=json&TimeStamp=2016-05-23T03%3A33%3A30Z&RegionId=cn-shanghai&NatGatewayId=ngw-112za33e4&AccessKeyId=jZgi0oyrQ6ihgKp9&SignatureMethod=HMAC-SHA1&Version=2014-05-26&Signature=KN0C2Q4TUZtfECBn1c2lOdBzrb8%3D&action=DescribeBandwidthPackages&SignatureNonce=1e8941ae-2097-11e6-acbb-2cf0ee28adf2
=====Request URL end======
====== Got Response ======
{
"BandwidthPackages": {
"BandwidthPackage": [
{
"Bandwidth": "150",
"BandwidthPackageId": "bwp-11odxu2k7****",
"BusinessStatus": "Normal",
"CreationTime": "2016-05-23T03:26:24Z",
"Description": "",
"InstanceChargeType": "PostPaid",
"InternetChargeType": "PayByBandwidth",
"IpCount": "5",
"Name": "",
"NatGatewayId": "ngw-112za33e4****",
"PublicIpAddresses": {
"PublicIpAddresse": [
{
"AllocationId": "nateip-11iopy3sl****",
"IpAddress": "139.xxx.xx.107"
},
{
"AllocationId": "nateip-11pt1f9ph****",
"IpAddress": "139.xxx.xx.55"
},
{
"AllocationId": "nateip-111ul670c****",
"IpAddress": "139.xxx.xx.79"
},
{
"AllocationId": "nateip-11ogfjj85****",
"IpAddress": "139.xxx.xx.59"
},
{
"AllocationId": "nateip-11s2jempe****",
"IpAddress": "139.xxx.xx.58"
}
]
},
"RegionId": "cn-shanghai",
"Status": "Available",
"ZoneId": "cn-shanghai-a"
}
]
},
"PageNumber": 1,
"PageSize": 10,
"RequestId": "14406B86-7CA1-4907-9755-86096F476A4F",
"TotalCount": 1
}
步骤二:配置DNAT
- 调用CreateForwardEntry接口添加如下转发条目。
| 公网IP |
公网端口 |
私网IP |
私网端口 |
协议 |
| IP1 |
Any |
ecs-ip1 |
Any |
Any |
| IP2 |
Any |
ecs-ip2 |
Any |
Any |
| IP3 |
80 |
ecs-ip3 |
80 |
TCP |
| IP3 |
443 |
ecs-ip4 |
443 |
TCP |
| IP4 |
22 |
ecs-ip5 |
22 |
TCP |
[admin@tester:xxx]$ python api.py CreateForwardEntry RegionId=cn-shanghai ForwardTableId=ftb-11tc6xgmv ExternalIp=139.xxx.xx.107 ExternalPort=Any InternalIp=192.168.1.1 InternalPort=Any IpProtocol=Any
=====Request URL======
https://ecs.aliyuncs.com/?ExternalIp=139.xxx.xx.107&SignatureVersion=1.0&Format=json&TimeStamp=2016-05-23T03%3A53%3A18Z&RegionId=cn-shanghai&ExternalPort=Any&InternalIp=192.168.1.1&Signature=iR4GSzhJQtowMJOj%2FRth3ABP4FA%3D&AccessKeyId=jZgi0oyrQ6ihgKp9&ForwardTableId=ftb-11tc6xgmv&SignatureMethod=HMAC-SHA1&Version=2014-05-26&IpProtocol=Any&action=CreateForwardEntry&SignatureNonce=e2ceae11-2099-11e6-b548-2cf0ee28adf2&InternalPort=Any
=====Request URL end======
====== Got Response ======
[admin@tester:xxx]$ python api.py CreateForwardEntry RegionId=cn-shanghai ForwardTableId=ftb-11tc6xgmv ExternalIp=139.xxx.xx.107 ExternalPort=Any InternalIp=192.168.1.1 InternalPort=Any IpProtocol=Any
=====Request URL======
https://ecs.aliyuncs.com/?ExternalIp=139.xxx.xx.107&SignatureVersion=1.0&Format=json&TimeStamp=2016-05-23T03%3A53%3A18Z&RegionId=cn-shanghai&ExternalPort=Any&InternalIp=192.168.1.1&Signature=iR4GSzhJQtowMJOj%2FRth3ABP4FA%3D&AccessKeyId=jZgi0oyrQ6ihgKp9&ForwardTableId=ftb-11tc6xgmv&SignatureMethod=HMAC-SHA1&Version=2014-05-26&IpProtocol=Any&action=CreateForwardEntry&SignatureNonce=e2ceae11-2099-11e6-b548-2cf0ee28adf2&InternalPort=Any
=====Request URL end======
====== Got Response ======
{
"ForwardEntryId": "fwd-119smw5tk****",
"RequestId": "A4AEE536-A97A-40EB-9EBE-53A6948A6928"
}
[admin@tester:xxx]$
[admin@tester:xxx]$
[admin@tester:xxx]$
[admin@tester:xxx]$ python api.py CreateForwardEntry RegionId=cn-shanghai ForwardTableId=ftb-11tc6xgmv**** ExternalIp=139.xxx.xx.55 ExternalPort=Any InternalIp=192.168.1.2 InternalPort=Any IpProtocol=Any
=====Request URL======
https://ecs.aliyuncs.com/?ExternalIp=139.xxx.xx.55&SignatureVersion=1.0&Format=json&TimeStamp=2016-05-23T03%3A53%3A42Z&RegionId=cn-shanghai&ExternalPort=Any&InternalIp=192.168.1.2&Signature=mFBn%2BCd4LfHkKj53MwmWyMhzyfs%3D&AccessKeyId=jZgi0oyrQ6ihgKp9&ForwardTableId=ftb-11tc6xgmv&SignatureMethod=HMAC-SHA1&Version=2014-05-26&IpProtocol=Any&action=CreateForwardEntry&SignatureNonce=f09c1b38-2099-11e6-aa80-2cf0ee28adf2&InternalPort=Any
=====Request URL end======
====== Got Response ======
{
"ForwardEntryId": "fwd-11dz3ly9l****",
"RequestId": "5DBC8F86-2D76-4BF4-B839-7FF31B61D516"
}
[admin@tester:xxx]$
[admin@tester:xxx]$
[admin@tester:xxx]$
[admin@tester:xxx]$ python api.py CreateForwardEntry RegionId=cn-shanghai ForwardTableId=ftb-11tc6xgmv**** ExternalIp=139.xxx.xx.79 ExternalPort=80 InternalIp=192.168.1.3 InternalPort=80 IpProtocol=TCP
=====Request URL======
https://ecs.aliyuncs.com/?ExternalIp=139.xxx.xx.79&SignatureVersion=1.0&Format=json&TimeStamp=2016-05-23T03%3A54%3A10Z&RegionId=cn-shanghai&ExternalPort=80&InternalIp=192.168.1.3&Signature=OpTui3SKbAjKXy6gKRoJb%2B9Lazg%3D&AccessKeyId=jZgi0oyrQ6ihgKp9&ForwardTableId=ftb-11tc6xgmv&SignatureMethod=HMAC-SHA1&Version=2014-05-26&IpProtocol=TCP&action=CreateForwardEntry&SignatureNonce=01c41d5c-209a-11e6-905e-2cf0ee28adf2&InternalPort=80
=====Request URL end======
====== Got Response ======
{
"ForwardEntryId": "fwd-11r23r7p5****",
"RequestId": "67B7AAFD-E7AB-4EB8-AA5C-AA38CFFB4A95"
}
[admin@tester:xxx]$
[admin@tester:xxx]$
[admin@tester:xxx]$
[admin@tester:xxx]$ python api.py CreateForwardEntry RegionId=cn-shanghai ForwardTableId=ftb-11tc6xgmv**** ExternalIp=139.xxx.xx.79 ExternalPort=443 InternalIp=192.168.1.4 InternalPort=443 IpProtocol=TCP
=====Request URL======
https://ecs.aliyuncs.com/?ExternalIp=139.xxx.xx.79&SignatureVersion=1.0&Format=json&TimeStamp=2016-05-23T03%3A55%3A22Z&RegionId=cn-shanghai&ExternalPort=443&InternalIp=192.168.1.4&Signature=X%2BZtHbTeKYf8xU%2FvWhPAmg%2B5scc%3D&AccessKeyId=jZgi0oyrQ6ihgKp9&ForwardTableId=ftb-11tc6xgmv&SignatureMethod=HMAC-SHA1&Version=2014-05-26&IpProtocol=TCP&action=CreateForwardEntry&SignatureNonce=2c3f2573-209a-11e6-be0f-2cf0ee28adf2&InternalPort=443
=====Request URL end======
====== Got Response ======
{
"ForwardEntryId": "fwd-11cdhpjlk****",
"RequestId": "260A9673-5522-4F66-844A-1F1AB47CD21C"
}
[admin@tester:xxx]$
[admin@tester:xxx]$
[admin@tester:xxx]$
[admin@tester:xxx]$ python api.py CreateForwardEntry RegionId=cn-shanghai ForwardTableId=ftb-11tc6xgmv ExternalIp=139.xxx.xx.59 ExternalPort=22 InternalIp=192.168.1.5 InternalPort=22 IpProtocol=TCP
=====Request URL======
https://ecs.aliyuncs.com/?ExternalIp=139.xxx.xx.59&SignatureVersion=1.0&Format=json&TimeStamp=2016-05-23T03%3A55%3A44Z&RegionId=cn-shanghai&ExternalPort=22&InternalIp=192.168.1.5&Signature=%2FZWf5%2ForHr%2BUR446eEBLC4LNYe8%3D&AccessKeyId=jZgi0oyrQ6ihgKp9&ForwardTableId=ftb-11tc6xgmv&SignatureMethod=HMAC-SHA1&Version=2014-05-26&IpProtocol=TCP&action=CreateForwardEntry&SignatureNonce=39863cf3-209a-11e6-8f6d-2cf0ee28adf2&InternalPort=22
=====Request URL end======
====== Got Response ======
{
"ForwardEntryId": "fwd-11iv34uj7****",
"RequestId": "0884BC12-8EAD-4AAA-826E-30E5435D7C27"
}
- 调用DescribeForwardTableEntries接口查看已添加的DNAT条目。
[admin@tester:xxx]$ python api.py DescribeForwardTableEntries RegionId=cn-shanghai ForwardTableId=ftb-11tc6****
=====Request URL======
https://ecs.aliyuncs.com/?SignatureVersion=1.0&Format=json&TimeStamp=2016-05-23T03%3A56%3A18Z&RegionId=cn-shanghai&AccessKeyId=jZgi0oyrQ6ihgKp9&ForwardTableId=ftb-11tc6xgmv&SignatureMethod=HMAC-SHA1&Version=2014-05-26&Signature=x4%2B6oNYxIRBmND8rcIbJM9EJ8ts%3D&action=DescribeForwardTableEntries&SignatureNonce=4db93223-209a-11e6-81eb-2cf0ee28adf2
=====Request URL end======
====== Got Response ======
{
"ForwardTableEntries": {
"ForwardTableEntry": [
{
"ExternalIp": "139.xxx.xx.107",
"ExternalPort": "any",
"ForwardEntryId": "fwd-119smw5tk****",
"ForwardTableId": "ftb-11tc6xgmv****",
"InternalIp": "192.168.xx.1",
"InternalPort": "any",
"IpProtocol": "any",
"Status": "Available"
},
{
"ExternalIp": "139.xxx.xx.79",
"ExternalPort": "443",
"ForwardEntryId": "fwd-11cdhpjlk****",
"ForwardTableId": "ftb-11tc6xgmv****",
"InternalIp": "192.168.xx.4",
"InternalPort": "443",
"IpProtocol": "tcp",
"Status": "Available"
},
{
"ExternalIp": "139.xxx.xx.55",
"ExternalPort": "any",
"ForwardEntryId": "fwd-11dz3ly9l****",
"ForwardTableId": "ftb-11tc6xgmv****",
"InternalIp": "192.168.xx.2",
"InternalPort": "any",
"IpProtocol": "any",
"Status": "Available"
},
{
"ExternalIp": "139.xxx.xx.59",
"ExternalPort": "22",
"ForwardEntryId": "fwd-11iv34uj7****",
"ForwardTableId": "ftb-11tc6xgmv****",
"InternalIp": "192.168.xx.5",
"InternalPort": "22",
"IpProtocol": "tcp",
"Status": "Available"
},
{
"ExternalIp": "139.xxx.xx.79",
"ExternalPort": "80",
"ForwardEntryId": "fwd-11r23r7p5****",
"ForwardTableId": "ftb-11tc6xgmv****",
"InternalIp": "192.168.xx.3",
"InternalPort": "80",
"IpProtocol": "tcp",
"Status": "Available"
}
]
},
"PageNumber": 1,
"PageSize": 10,
"RequestId": "C84FDDCF-8550-4024-B89C-01E7459D7CF9",
"TotalCount": 5
}
在文档使用中是否遇到以下问题
更多建议
匿名提交