本文介绍如何通过NAT网关的DNAT功能和共享带宽功能实现多个应用共享一份公网带宽,节省公网成本。
背景信息
假设部署了四个面向互联网的应用,需要使用三个公网IP。另外需要一个ECS和一个IP作为服务器管理的跳板机来使用,并准备一个公网IP暂时备用。整体资源规划如下:
- 带宽需求总量:150Mbps
- 公网IP需求总量:5个,其中一个公网IP留作备用
- ECS需求总量:5个
- 公网IP与ECS的映射关系:
- IP1->ECS1
- IP2->ECS2
- IP3->ECS3/ECS4(其中80端口映射给ECS3的80端口;443端口映射给ECS4的443端口)
- IP4->ECS5(运维跳板机,仅开放22端口)
- IP5:暂不添加DNAT规则
创建VPC与ECS。注意
VPC(ID: vpc-11af8lxxx)-与ECS资源相关情况如下:
说明 ECS实例不需要单独配置公网IP。
| 实例名称 | 私网IP |
|---|---|
| ECS1 | 192.168.1.1 |
| ECS2 | 192.168.1.2 |
| ECS3 | 192.168.1.3 |
| ECS4 | 192.168.1.4 |
前提条件
- 为了方便调用API,本教程使用了一个用Python语言编写的Command Line工具。单击此处下载CLI工具。
Linux环境下可以直接使用wget命令进行下载。
wget http://docs-aliyun.cn-hangzhou.oss.aliyun-inc.com/assets/attach/42691/cn_zh/1468947102311/api.py - 创建AccessKey。
您需要为调用API的账号创建一个AccessKey,用于身份验证。详情查看创建AccessKey。
- 为CLI工具配置AccessKey。
步骤一 创建NAT网关
- 调用CreateNatGateway接口创建NAT网关。
[admin@tester:xxx]$ python api.py CreateNatGateway RegionId=cn-shanghai VpcId=vpc-11af8lxxx BandwidthPackage.1.IpCount=4 BandwidthPackage.1.Bandwidth=150 BandwidthPackage.1.Zone=cn-shanghai-a Name=MyNatGW Description="My first NAT Gateway" =====Request URL====== https://ecs.aliyuncs.com/?SignatureVersion=1.0&VpcId=vpc-11af8lxxx&Name=MyNatGW&Format=json&TimeStamp=2016-05-23T03%3A26%3A21Z&BandwidthPackage.1.IpCount=5&RegionId=cn-shanghai&AccessKeyId=jZgi0oyrQXXXXXXX&SignatureMethod=HMAC-SHA1&Version=2014-05-26&Signature=I4KKhWgjJdImTqk4rCifAB3LbLw%3D&action=CreateNatGateway&SignatureNonce=1ebae49c-2096-11e6-b781-2cf0ee28adf2&BandwidthPackage.1.Bandwidth=150&BandwidthPackage.1.Zone=cn-shanghai-a&Description=My+first+NAT+Gateway =====Request URL end====== ====== Got Response ====== { "BandwidthPackageIds": { "BandwidthPackageId": [ "bwp-11odxu2k7" ] }, "ForwardTableIds": { "ForwardTableId": [ "ftb-11tc6xgmv" ] }, "NatGatewayId": "ngw-112za33e4", "RequestId": "2315DEB7-5E92-423A-91F7-4C1EC9AD97C3" - 调用DescribeNatGateways接口查看NAT网关的详细信息。
[admin@tester:xxx]$ python api.py DescribeNatGateways RegionId=cn-shanghai VpcId=vpc-11af8lxxx =====Request URL====== https://ecs.aliyuncs.com/?SignatureVersion=1.0&VpcId=vpc-11af8lxxx&Format=json&TimeStamp=2016-05-23T03%3A27%3A14Z&RegionId=cn-shanghai&AccessKeyId=jZgi0oyrQ6ihgKp9&SignatureMethod=HMAC-SHA1&Version=2014-05-26&Signature=JvXErso9g0fZdRTgBtNLepe%2F1e4%3D&action=DescribeNatGateways&SignatureNonce=3e1424eb-2096-11e6-bc31-2cf0ee28adf2 =====Request URL end====== ====== Got Response ====== { "NatGateways": { "NatGateway": [ { "BandwidthPackageIds": { "BandwidthPackageId": [ "bwp-11odxu2k7" ] }, "BusinessStatus": "Normal", "CreationTime": "2016-05-23T03:26:23Z", "Description": "My first NAT Gateway", "ForwardTableIds": { "ForwardTableId": [ "ftb-11tc6xgmv" ] }, "InstanceChargeType": "PostPaid", "Name": "MyNatGW", "NatGatewayId": "ngw-112za33e4", "RegionId": "cn-shanghai", "Spec": "Small", "Status": "Available", "VpcId": "vpc-11af8lxxx" } ] }, "PageNumber": 1, "PageSize": 10, "RequestId": "FE4C442C-9778-449A-BF7F-7F36C3AF5611", "TotalCount": 1 } - 调用DescribeBandwidthPackages接口查看已创建的共享带宽包的详细信息。
[admin@tester:xxx]$ python api.py DescribeBandwidthPackages RegionId=cn-shanghai NatGatewayId=ngw-112za33e4 =====Request URL====== https://ecs.aliyuncs.com/?SignatureVersion=1.0&Format=json&TimeStamp=2016-05-23T03%3A33%3A30Z&RegionId=cn-shanghai&NatGatewayId=ngw-112za33e4&AccessKeyId=jZgi0oyrQ6ihgKp9&SignatureMethod=HMAC-SHA1&Version=2014-05-26&Signature=KN0C2Q4TUZtfECBn1c2lOdBzrb8%3D&action=DescribeBandwidthPackages&SignatureNonce=1e8941ae-2097-11e6-acbb-2cf0ee28adf2 =====Request URL end====== ====== Got Response ====== { "BandwidthPackages": { "BandwidthPackage": [ { "Bandwidth": "150", "BandwidthPackageId": "bwp-11odxu2k7", "BusinessStatus": "Normal", "CreationTime": "2016-05-23T03:26:24Z", "Description": "", "InstanceChargeType": "PostPaid", "InternetChargeType": "PayByBandwidth", "IpCount": "5", "Name": "", "NatGatewayId": "ngw-112za33e4", "PublicIpAddresses": { "PublicIpAddresse": [ { "AllocationId": "nateip-11iopy3sl", "IpAddress": "139.xxx.xx.107" }, { "AllocationId": "nateip-11pt1f9ph", "IpAddress": "139.xxx.xx.55" }, { "AllocationId": "nateip-111ul670c", "IpAddress": "139.xxx.xx.79" }, { "AllocationId": "nateip-11ogfjj85", "IpAddress": "139.xxx.xx.59" }, { "AllocationId": "nateip-11s2jempe", "IpAddress": "139.xxx.xx.58" } ] }, "RegionId": "cn-shanghai", "Status": "Available", "ZoneId": "cn-shanghai-a" } ] }, "PageNumber": 1, "PageSize": 10, "RequestId": "14406B86-7CA1-4907-9755-86096F476A4F", "TotalCount": 1 }
步骤二 配置DNAT
- 调用CreateForwardEntry接口添加如下转发条目。
公网IP 公网端口 私网IP 私网端口 协议 IP1 Any ecs-ip1 Any Any IP2 Any ecs-ip2 Any Any IP3 80 ecs-ip3 80 TCP IP3 443 ecs-ip4 443 TCP IP4 22 ecs-ip5 22 TCP [admin@tester:xxx]$ python api.py CreateForwardEntry RegionId=cn-shanghai ForwardTableId=ftb-11tc6xgmv ExternalIp=139.xxx.xx.107 ExternalPort=Any InternalIp=192.168.1.1 InternalPort=Any IpProtocol=Any =====Request URL====== https://ecs.aliyuncs.com/?ExternalIp=139.xxx.xx.107&SignatureVersion=1.0&Format=json&TimeStamp=2016-05-23T03%3A53%3A18Z&RegionId=cn-shanghai&ExternalPort=Any&InternalIp=192.168.1.1&Signature=iR4GSzhJQtowMJOj%2FRth3ABP4FA%3D&AccessKeyId=jZgi0oyrQ6ihgKp9&ForwardTableId=ftb-11tc6xgmv&SignatureMethod=HMAC-SHA1&Version=2014-05-26&IpProtocol=Any&action=CreateForwardEntry&SignatureNonce=e2ceae11-2099-11e6-b548-2cf0ee28adf2&InternalPort=Any =====Request URL end====== ====== Got Response ====== [admin@tester:xxx]$ python api.py CreateForwardEntry RegionId=cn-shanghai ForwardTableId=ftb-11tc6xgmv ExternalIp=139.xxx.xx.107 ExternalPort=Any InternalIp=192.168.1.1 InternalPort=Any IpProtocol=Any =====Request URL====== https://ecs.aliyuncs.com/?ExternalIp=139.xxx.xx.107&SignatureVersion=1.0&Format=json&TimeStamp=2016-05-23T03%3A53%3A18Z&RegionId=cn-shanghai&ExternalPort=Any&InternalIp=192.168.1.1&Signature=iR4GSzhJQtowMJOj%2FRth3ABP4FA%3D&AccessKeyId=jZgi0oyrQ6ihgKp9&ForwardTableId=ftb-11tc6xgmv&SignatureMethod=HMAC-SHA1&Version=2014-05-26&IpProtocol=Any&action=CreateForwardEntry&SignatureNonce=e2ceae11-2099-11e6-b548-2cf0ee28adf2&InternalPort=Any =====Request URL end====== ====== Got Response ====== { "ForwardEntryId": "fwd-119smw5tk", "RequestId": "A4AEE536-A97A-40EB-9EBE-53A6948A6928" } [admin@tester:xxx]$ [admin@tester:xxx]$ [admin@tester:xxx]$ [admin@tester:xxx]$ python api.py CreateForwardEntry RegionId=cn-shanghai ForwardTableId=ftb-11tc6xgmv ExternalIp=139.xxx.xx.55 ExternalPort=Any InternalIp=192.168.1.2 InternalPort=Any IpProtocol=Any =====Request URL====== https://ecs.aliyuncs.com/?ExternalIp=139.xxx.xx.55&SignatureVersion=1.0&Format=json&TimeStamp=2016-05-23T03%3A53%3A42Z&RegionId=cn-shanghai&ExternalPort=Any&InternalIp=192.168.1.2&Signature=mFBn%2BCd4LfHkKj53MwmWyMhzyfs%3D&AccessKeyId=jZgi0oyrQ6ihgKp9&ForwardTableId=ftb-11tc6xgmv&SignatureMethod=HMAC-SHA1&Version=2014-05-26&IpProtocol=Any&action=CreateForwardEntry&SignatureNonce=f09c1b38-2099-11e6-aa80-2cf0ee28adf2&InternalPort=Any =====Request URL end====== ====== Got Response ====== { "ForwardEntryId": "fwd-11dz3ly9l", "RequestId": "5DBC8F86-2D76-4BF4-B839-7FF31B61D516" } [admin@tester:xxx]$ [admin@tester:xxx]$ [admin@tester:xxx]$ [admin@tester:xxx]$ python api.py CreateForwardEntry RegionId=cn-shanghai ForwardTableId=ftb-11tc6xgmv ExternalIp=139.xxx.xx.79 ExternalPort=80 InternalIp=192.168.1.3 InternalPort=80 IpProtocol=TCP =====Request URL====== https://ecs.aliyuncs.com/?ExternalIp=139.xxx.xx.79&SignatureVersion=1.0&Format=json&TimeStamp=2016-05-23T03%3A54%3A10Z&RegionId=cn-shanghai&ExternalPort=80&InternalIp=192.168.1.3&Signature=OpTui3SKbAjKXy6gKRoJb%2B9Lazg%3D&AccessKeyId=jZgi0oyrQ6ihgKp9&ForwardTableId=ftb-11tc6xgmv&SignatureMethod=HMAC-SHA1&Version=2014-05-26&IpProtocol=TCP&action=CreateForwardEntry&SignatureNonce=01c41d5c-209a-11e6-905e-2cf0ee28adf2&InternalPort=80 =====Request URL end====== ====== Got Response ====== { "ForwardEntryId": "fwd-11r23r7p5", "RequestId": "67B7AAFD-E7AB-4EB8-AA5C-AA38CFFB4A95" } [admin@tester:xxx]$ [admin@tester:xxx]$ [admin@tester:xxx]$ [admin@tester:xxx]$ python api.py CreateForwardEntry RegionId=cn-shanghai ForwardTableId=ftb-11tc6xgmv ExternalIp=139.xxx.xx.79 ExternalPort=443 InternalIp=192.168.1.4 InternalPort=443 IpProtocol=TCP =====Request URL====== https://ecs.aliyuncs.com/?ExternalIp=139.xxx.xx.79&SignatureVersion=1.0&Format=json&TimeStamp=2016-05-23T03%3A55%3A22Z&RegionId=cn-shanghai&ExternalPort=443&InternalIp=192.168.1.4&Signature=X%2BZtHbTeKYf8xU%2FvWhPAmg%2B5scc%3D&AccessKeyId=jZgi0oyrQ6ihgKp9&ForwardTableId=ftb-11tc6xgmv&SignatureMethod=HMAC-SHA1&Version=2014-05-26&IpProtocol=TCP&action=CreateForwardEntry&SignatureNonce=2c3f2573-209a-11e6-be0f-2cf0ee28adf2&InternalPort=443 =====Request URL end====== ====== Got Response ====== { "ForwardEntryId": "fwd-11cdhpjlk", "RequestId": "260A9673-5522-4F66-844A-1F1AB47CD21C" } [admin@tester:xxx]$ [admin@tester:xxx]$ [admin@tester:xxx]$ [admin@tester:xxx]$ python api.py CreateForwardEntry RegionId=cn-shanghai ForwardTableId=ftb-11tc6xgmv ExternalIp=139.xxx.xx.59 ExternalPort=22 InternalIp=192.168.1.5 InternalPort=22 IpProtocol=TCP =====Request URL====== https://ecs.aliyuncs.com/?ExternalIp=139.xxx.xx.59&SignatureVersion=1.0&Format=json&TimeStamp=2016-05-23T03%3A55%3A44Z&RegionId=cn-shanghai&ExternalPort=22&InternalIp=192.168.1.5&Signature=%2FZWf5%2ForHr%2BUR446eEBLC4LNYe8%3D&AccessKeyId=jZgi0oyrQ6ihgKp9&ForwardTableId=ftb-11tc6xgmv&SignatureMethod=HMAC-SHA1&Version=2014-05-26&IpProtocol=TCP&action=CreateForwardEntry&SignatureNonce=39863cf3-209a-11e6-8f6d-2cf0ee28adf2&InternalPort=22 =====Request URL end====== ====== Got Response ====== { "ForwardEntryId": "fwd-11iv34uj7", "RequestId": "0884BC12-8EAD-4AAA-826E-30E5435D7C27" } - 调用DescribeForwardTableEntries接口查看已添加的DNAT条目。
[admin@tester:xxx]$ python api.py DescribeForwardTableEntries RegionId=cn-shanghai ForwardTableId=ftb-11tc6xgmv =====Request URL====== https://ecs.aliyuncs.com/?SignatureVersion=1.0&Format=json&TimeStamp=2016-05-23T03%3A56%3A18Z&RegionId=cn-shanghai&AccessKeyId=jZgi0oyrQ6ihgKp9&ForwardTableId=ftb-11tc6xgmv&SignatureMethod=HMAC-SHA1&Version=2014-05-26&Signature=x4%2B6oNYxIRBmND8rcIbJM9EJ8ts%3D&action=DescribeForwardTableEntries&SignatureNonce=4db93223-209a-11e6-81eb-2cf0ee28adf2 =====Request URL end====== ====== Got Response ====== { "ForwardTableEntries": { "ForwardTableEntry": [ { "ExternalIp": "139.xxx.xx.107", "ExternalPort": "any", "ForwardEntryId": "fwd-119smw5tk", "ForwardTableId": "ftb-11tc6xgmv", "InternalIp": "192.168.1.1", "InternalPort": "any", "IpProtocol": "any", "Status": "Available" }, { "ExternalIp": "139.xxx.xx.79", "ExternalPort": "443", "ForwardEntryId": "fwd-11cdhpjlk", "ForwardTableId": "ftb-11tc6xgmv", "InternalIp": "192.168.1.4", "InternalPort": "443", "IpProtocol": "tcp", "Status": "Available" }, { "ExternalIp": "139.xxx.xx.55", "ExternalPort": "any", "ForwardEntryId": "fwd-11dz3ly9l", "ForwardTableId": "ftb-11tc6xgmv", "InternalIp": "192.168.1.2", "InternalPort": "any", "IpProtocol": "any", "Status": "Available" }, { "ExternalIp": "139.xxx.xx.59", "ExternalPort": "22", "ForwardEntryId": "fwd-11iv34uj7", "ForwardTableId": "ftb-11tc6xgmv", "InternalIp": "192.168.1.5", "InternalPort": "22", "IpProtocol": "tcp", "Status": "Available" }, { "ExternalIp": "139.xxx.xx.79", "ExternalPort": "80", "ForwardEntryId": "fwd-11r23r7p5", "ForwardTableId": "ftb-11tc6xgmv", "InternalIp": "192.168.1.3", "InternalPort": "80", "IpProtocol": "tcp", "Status": "Available" } ] }, "PageNumber": 1, "PageSize": 10, "RequestId": "C84FDDCF-8550-4024-B89C-01E7459D7CF9", "TotalCount": 5 }
在文档使用中是否遇到以下问题
更多建议
匿名提交