It demos on how to setup CEN+VPC+SAG and connect to Dataworks IP for cross region network acceleration.
It aims to let Shanghai user can visit Alibaba Cloud managed service (e.g. Dataworks) via CEN with network speed accelerated.
- create a VPC in London region
- create a VPC in Shanghai region
- create a ECS in London region with London VPC attached (with EIP assigned)
- create a ECS in Shanghai region with Shanghai VPC attached (with no EIP assigned)
- create a CEN with one end connecting to London VPC
- connect CEN the other end to Shanghai VPC
- buy bandwidth to enable CEN
- create regions connection between UK and Shanghai
- setup London VPC to next jump into Dataworks IPV4
- ssh into London ECS and configure POSTROUTING SNAT. See bellow for ECS SNAT configuration.
- ssh into Shanghai ECS from London ECS to test if can ping to Dataworks via IPV4
- buy SAG APP
- buy CCN instance
- bind CCN with CEN
- bing CCN with SAG
- create SAG APP connection account. You should receive a email for detailed connection configiration.
- download and install SAG app client (https://www.alibabacloud.com/help/doc-detail/102544.htm)
- configure SAG with (SAG Instance ID, Username, Password)
- Connect SAG
- Try to ping ide-eu-west-1.data.aliyun.com and see if it return resolved ip
- You should be able to visit any UK traffic and will automatically direct to Datawork IP via CEN.
# from a freshly created ECS
# check if ipv4 ip_forwarding is enabled, 1 = enabled
more /proc/sys/net/ipv4/ip_forwarding
echo "1">/proc/sys/net/ipv4/ip_forwarding
# check if ip_forward is enabled, 1 = enabled
vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
# check if new configure has been effected, if it is enabled, you should see "net.ipv4.ip_forward = 1"
sysctl -p
# check if iptable POSTROUTING is clean, POSTROUTING rules may conflict SNAT.
iptables -t nat -v -L POSTROUTING -n --line-number
# delete incorrect POSTROUTING rule if any conflicts
iptables -t nat --delete POSTROUTING <line number, e.g. 1>
# add correct SNAT
iptables -t nat -I POSTROUTING -s <Dataworks internal IP, e.g. 8.208.18.3> -j SNAT --to-source <your london ECS internal IP, e.g. 172.16.10.44>
# if you have add correct SNAT, you should see bellow
# $ iptables -t nat -v -L POSTROUTING -n --line-number
# Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
# num pkts bytes target prot opt in out source destination
# 1 0 0 SNAT all -- * * 8.208.18.3 0.0.0.0/0 to:172.16.10.44
# ping dataworks IP from Shanghai ECS, you can see IP have been forwarded to London ECS.
# $ ping ide-eu-west-1.data.aliyun.com
# PING tyjr-eu-west-1.aliyun.com (8.208.18.3) 56(84) bytes of data.
# From 172.16.10.44 (172.16.10.44) icmp_seq=1 Time to live exceeded
# From 172.16.10.44 (172.16.10.44) icmp_seq=2 Time to live exceeded
# From 172.16.10.44 (172.16.10.44) icmp_seq=3 Time to live exceeded
# ...