ROS搭建SNAT网关使专有网络访问Internet
网络 搭建 访问 网关 ros Internet 专有
2023-09-14 09:04:38 时间
专有网络环境下,云服务器ECS实例不能直接访问公网,一种方法是给需要访问公网的ECS实例申请弹性IP,但是如果有大量的ECS实例同时需要访问公网,这种方法就不可行。今天将介绍一种SNAT网关访问公网的方式。如下图所示 :
这种方法需要申请一台额外的ECS实例绑定EIP做VPC网络的SNAT网关。首先这台ECS实例要在指定的VPC网络中,要绑定EIP,配置这台ECS实例上的iptables, 最后在指定VPC网络的路由表中添加下一跳是这台ECS的路由项。详细的手动配置过程请参考这里。
ROS资源介绍下面将介绍如何通过ROS自动化创建配置VPC SNAT网关。在模版中使用了ROS的如下资源:
InternetChargeType:计费方式,按带宽或者按照流量 Bandwidth: 带宽在[1~200]取值,单位是Mbps创建EIP资源
AllocationId:分配的EIP ID InstanceId: 需要绑定EIP的ECS instance ID本资源资源将绑定EIP到指定的ECS实例
RouteId: 指定VPC网络中的路由器ID RouteTableId: 指定VPC网络中路由表ID DestinationCidrBlock: 路由项的目标网段 NextHopId:路由项的下一跳本资源将会添加一条路由到指定VPC网络的路由表中,它的下一跳是SNAT网关
本例中主要使用了UserData属性,用户通过指定脚本给UserData,当ECS启动的时候,就会自动配置iptables。本资源就是创建SNAT网关
编写ROS模版在模版中,首先说明此stack需要一个EIP资源,一台ECS实例,并且把EIP绑定到ECS资源上,最终通过执行我们传给ECS的UserData脚本自动化的配置iptbales,最终把下一跳指向ECS的路由项添加到VPC路由器的路由表里面。最终的ROS模版如下:
{ "ROSTemplateFormatVersion": "2015-09-01", "Description": "一键创建SNAT网关", "Parameters": { "SecurityGroupId": { "Description": "安全组ID", "Type": "String" "RouteTableId": { "Description": "专有网络中路由器ID", "Type": "String" "RouteId": { "Description": "专有网络中路由器ID", "Type": "String" "EIPBandwidth": { "Default": 5, "MinValue": 1, "Description": "弹性公网IP的限速,默认为 5Mbps。", "Type": "Number", "MaxValue": 200 "ECSZoneId": { "Description": "可用区, , a href=#/product/cn-shenzhen/list/zoneList target=_blank 查看可用区 /a ", "Type": "String" "ECSPassword": { "NoEcho": true, "MaxLength": 30, "Description": "实例的密码", "Type": "String", "ConstraintDescription": "8-30个字符, 必须同时包含三项(大、小写字母,数字和特殊符号).", "MinLength": 8 "VSwitchId": { "Type": "String" "VpcId": { "Type": "String" "VSwitchCidrBlock": { "Description": "通过SNAT网关访问外网的VSwitch网段,此网段必须属于VPC", "Type": "String" "EIPInternetChargeType": { "Default": "PayByTraffic", "AllowedValues": [ "PayByBandwidth", "PayByTraffic" "Description": "弹性公网IP计费类型,PayByBandwidth(按固定带宽计费),PayByTraffic(按使用流量计费),固定带宽的费用以天计,使用流量的费用以小时计", "Type": "String" "ECSSysDiskSize": { "Default": 40, "MinValue": 40, "Description": "系统盘大小,40-500之间", "Type": "Number", "MaxValue": 500 "ECSDiskCategory": { "Default": "cloud_efficiency", "AllowedValues": [ "cloud", "cloud_efficiency", "cloud_ssd" "Description": "系统盘的磁盘种类, 普通云盘(cloud)、高效云盘(cloud_efficiency)或SSD云盘(cloud_ssd)", "Type": "String" "ECSInstanceType": { "Default": "ecs.s2.large", "AllowedValues": [ "ecs.t1.small", "ecs.s1.small", "ecs.s1.medium", "ecs.s1.large", "ecs.s2.small", "ecs.s2.large", "ecs.s2.xlarge", "ecs.s2.2xlarge", "ecs.s3.medium", "ecs.s3.large", "ecs.m1.medium", "ecs.m2.medium", "ecs.m1.xlarge", "ecs.c1.small", "ecs.c1.large", "ecs.c2.medium", "ecs.c2.large", "ecs.c2.xlarge", "ecs.n1.tiny", "ecs.n1.small", "ecs.n1.medium", "ecs.n1.large", "ecs.n1.xlarge" "Description": "实例规格, a href=#/product/cn-shenzhen/list/typeList target=_blank 查看实例规格 /a ", "Type": "String" "ECSImageId": { "Default": "ubuntu1404_64_40G_cloudinit_20160427.raw", "Description": "镜像文件 ID,表示启动实例时选择的镜像资源, a href=#/product/cn-shenzhen/list/imageList target=_blank 查看实例规格 /a ", "Type": "String" "ECSTag": { "Description": "ECS的标签", "Type": "String" "Resources": { "ElasticIpAssociation": { "Type": "ALIYUN::ECS::EIPAssociation", "Properties": { "InstanceId": { "Fn::Select": [ "0", "Fn::GetAtt": [ "ECSSnatGateWay", "InstanceIds" "AllocationId": { "Fn::GetAtt": [ "ElasticIp", "AllocationId" "VRoute": { "Type": "ALIYUN::ECS::Route", "Properties": { "NextHopId": { "Fn::Select": [ "0", "Fn::GetAtt": [ "ECSSnatGateWay", "InstanceIds" "RouteId": { "Ref": "RouteId" "RouteTableId": { "Ref": "RouteTableId" "DestinationCidrBlock": "0.0.0.0/0" "ECSSnatGateWay": { "Type": "ALIYUN::ECS::InstanceGroup", "Properties": { "SecurityGroupId": { "Ref": "SecurityGroupId" "ImageId": { "Ref": "ECSImageId" "Password": { "Ref": "ECSPassword" "MinAmount": "1", "InternetMaxBandwidthIn": 100, "UserData": { "Fn::Replace": [ "ros-notify": { "Fn::GetAtt": [ "ECSSnatGateWayConditionHandle", "CurlCli" "Fn::Join": [ "#!/bin/sh", "\n", "PostRouting=", "Ref": "VSwitchCidrBlock" "\n", "SourceRouting=`ifconfig eth0|grep inet|awk {print $2}|tr -d addr:`", "\n", "echo net.ipv4.ip_forward=1 /etc/sysctl.conf \n", "sysctl -p \n", "iptables -t nat -I POSTROUTING -s $PostRouting -j SNAT --to-source $SourceRouting \n", "apt-get update\n", "apt-get install -y curl\n", "ros-notify -d {\"data\" : \" docker swarm created\"}\n" "ZoneId": { "Ref": "ECSZoneId" "VSwitchId": { "Ref": "VSwitchId" "InternetChargeType": "PayByTraffic", "VpcId": { "Ref": "VpcId" "InstanceType": { "Ref": "ECSInstanceType" "SystemDisk_Category": { "Ref": "ECSDiskCategory" "IoOptimized": "optimized", "Tags": [ "Value": { "Ref": "ECSTag" "Key": "ECS_SNAT_GATEWAY" "InternetMaxBandwidthOut": 100, "SystemDisk_Size": { "Ref": "ECSSysDiskSize" "MaxAmount": "1" "ECSSnatGateWayConditionHandle": { "Type": "ALIYUN::ROS::WaitConditionHandle" "ECSSnatGateWayGroupWaitCondition": { "Type": "ALIYUN::ROS::WaitCondition", "DependsOn": "ECSSnatGateWay", "Properties": { "Handle": { "Ref": "ECSSnatGateWayConditionHandle" "Timeout": 600, "Count": 1 "ElasticIp": { "Type": "ALIYUN::ECS::EIP", "Properties": { "InternetChargeType": { "Ref": "EIPInternetChargeType" "Bandwidth": { "Ref": "EIPBandwidth" "Outputs": { "ECSSnatGateWay_INNER_IPS": { "Value": { "Fn::GetAtt": [ "ECSSnatGateWay", "PrivateIps" "Description": "Inner IP address of the ECS instance." "ECSSnatGateWay_InstanceIds": { "Value": { "Fn::GetAtt": [ "ECSSnatGateWay", "InstanceIds" "Description": "The instance id of created ecs instance" "EipAddress": { "Value": { "Fn::GetAtt": [ "ElasticIp", "EipAddress" "Description": "IP address of created EIP." "ECSSnatGateWay_ZoneIds": { "Value": { "Fn::GetAtt": [ "ECSSnatGateWay", "ZoneIds" "Description": "Zone id of created instance." }
阿里云专有网络RFC私网地址172、10和196网段选择攻略 2023阿里云专有网络RFC私网地址172、10和196网段选择攻略,阿里云专有网络VPC私网网段可选192.168.0.0/16、172.16.0.0/12或10.0.0.0/8,如何选择?阿里云百科来详细说下阿里云专有网络IPv4网段选择方法:
CEN+私网NAT实现DTS(需求目标端没有100.64网段路由)-cen企业版 本文为您介绍如何通过企业版云企业网+私网NAT配置跨地域DTS访问需求,实现云服务内网访问其他地域数据库资源。该办法避免跨地域配置云服务网段打通,可以有效避免出现管控异常等问题。
CEN+私网NAT实现云服务主动访问跨VPC需求-CEN企业版 本文为您介绍如何通过企业版云企业网+私网NAT配置跨地域DMS纳管ECS数据库,实现云服务内网访问其他地域ECS资源。该办法避免跨地域配置云服务网段打通,可以有效避免出现管控异常等问题。 该方法可以推广到其他云服务上配置,如DTS,API网关等。
相关文章
- [Qt教程] 第32篇 网络(二)HTTP
- 如何使用Flannel搭建跨主机互联的容器网络
- Episode 3:我们想要更好的社交网络
- 【Python3网络爬虫开发实战】1.5.2-PyMongo的安装
- 【Python3网络爬虫开发实战】1.3.4-tesserocr的安装
- iOS网络编程--ASIHTTPRequest框架安装和配置-图文解说
- 将海康大华等网络摄像机RTSP流进行网页Flash rtmp和H5 hls直播的技术方案
- Win7系统删除网络驱动器盘符
- Atitit 物联网之道 艾龙著 attilax著 1. 理论基础(控制理论 信息理论)2 2. 1.5 物联网的关键技术12 2 2.1. 1.5.1 网络与通信技术12 1.5.2 无线传感
- Android kotlin 进阶之用Retrofit+OkHttp+协程+LiveData搭建MVVM来实现网络请求(网络数据JSON解析)显示在RecyclerView
- 基于网络开放可编程技术构建新一代网络设备运管平台
- 基于U-Net网络的图像分割的MindStudio实践
- 基于LSTM深度学习网络的疾病发作检测算法matlab仿真
- DeepLabV3+:搭建Mobilenetv2网络
- DeepLabV3+:ASPP加强特征提取网络的搭建
- 网络实验之VTP协议
- 【java】网络编程入门、UDP通信程序、TCP通信程序
- 深度学习项目:搭建第一个卷积网络之手写数字识别【附完整源码】
- m基于马尔科夫随机场和Gardner环的WSN网络时间同步matlab仿真
- 深度学习基础:4.Pytorch搭建基础网络模型
- 2022陕西省网络搭建及应用技能大赛windows服务器搭建部分答案视频
- 2022年陕西省职业院校技能大赛“网络搭建与应用”赛项竞赛试题
- 2022年山东省职业院校技能大赛网络搭建与应用赛项正式赛题
- 2022年江苏省职业院校技能大赛网络搭建与应用赛项中职样卷
- 2022年宜昌市网络搭建与应用比赛样题
- 请听题!如何实现只用1个VN5640A搭建含2个交换机的车载以太网网络?|VN5640A新功能