AlibabaCloud_Demo_CEN-SAG

Purpose

It demos on how to setup CEN+VPC+SAG and connect to Dataworks IP for cross region network acceleration.

It aims to let Shanghai user can visit Alibaba Cloud managed service (e.g. Dataworks) via CEN with network speed accelerated.

CEN+SAG Configuration Steps:

create a VPC in London region
create a VPC in Shanghai region
create a ECS in London region with London VPC attached (with EIP assigned)
create a ECS in Shanghai region with Shanghai VPC attached (with no EIP assigned)
create a CEN with one end connecting to London VPC
connect CEN the other end to Shanghai VPC
buy bandwidth to enable CEN
create regions connection between UK and Shanghai
setup London VPC to next jump into Dataworks IPV4
ssh into London ECS and configure POSTROUTING SNAT. See bellow for ECS SNAT configuration.
ssh into Shanghai ECS from London ECS to test if can ping to Dataworks via IPV4
buy SAG APP
buy CCN instance
bind CCN with CEN
bing CCN with SAG
create SAG APP connection account. You should receive a email for detailed connection configiration.

SAG APP install and configuration

download and install SAG app client (https://www.alibabacloud.com/help/doc-detail/102544.htm)
configure SAG with (SAG Instance ID, Username, Password)
Connect SAG
Try to ping ide-eu-west-1.data.aliyun.com and see if it return resolved ip
You should be able to visit any UK traffic and will automatically direct to Datawork IP via CEN.

SNAT configuration for DataWork next jump in CEN and VPC

# from a freshly created ECS

# check if ipv4 ip_forwarding is enabled, 1 = enabled
more /proc/sys/net/ipv4/ip_forwarding
echo "1">/proc/sys/net/ipv4/ip_forwarding

# check if ip_forward is enabled, 1 = enabled
vim  /etc/sysctl.conf
net.ipv4.ip_forward = 1

# check if new configure has been effected, if it is enabled, you should see "net.ipv4.ip_forward = 1"
sysctl -p

# check if iptable POSTROUTING is clean, POSTROUTING rules may conflict SNAT.
iptables -t nat -v -L POSTROUTING -n --line-number

# delete incorrect POSTROUTING rule if any conflicts
iptables -t nat --delete POSTROUTING <line number, e.g. 1>

# add correct SNAT
iptables -t nat -I POSTROUTING -s <Dataworks internal IP, e.g. 8.208.18.3> -j SNAT --to-source <your london ECS internal IP, e.g. 172.16.10.44>

# if you have add correct SNAT, you should see bellow 
# $ iptables -t nat -v -L POSTROUTING -n --line-number
# Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
# num   pkts bytes target     prot opt in     out     source               destination
# 1        0     0 SNAT       all  --  *      *       8.208.18.3           0.0.0.0/0            to:172.16.10.44

# ping dataworks IP from Shanghai ECS, you can see IP have been forwarded to London ECS. 
# $ ping ide-eu-west-1.data.aliyun.com
# PING tyjr-eu-west-1.aliyun.com (8.208.18.3) 56(84) bytes of data.
# From 172.16.10.44 (172.16.10.44) icmp_seq=1 Time to live exceeded
# From 172.16.10.44 (172.16.10.44) icmp_seq=2 Time to live exceeded
# From 172.16.10.44 (172.16.10.44) icmp_seq=3 Time to live exceeded
# ...

zjzhangyan / alibabacloud_demo_cen-sag Goto Github PK

alibabacloud_demo_cen-sag's Introduction

AlibabaCloud_Demo_CEN-SAG

Purpose

CEN+SAG Configuration Steps:

SAG APP install and configuration

SNAT configuration for DataWork next jump in CEN and VPC

alibabacloud_demo_cen-sag's People

Contributors

Watchers

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent