Help Center> Cloud Container Instance (CCI)> User Guide> Workload Network Access> Accessing Public Networks from a Container
View PDF

Accessing Public Networks from a Container

You can use the NAT Gateway service to enable pods in a VPC to access public networks. The NAT Gateway service provides source network address translation (SNAT), which translates private IP addresses to a public IP address by binding an elastic IP address (EIP) to the gateway, providing secure and efficient access to the Internet. Figure 1 shows the SNAT architecture. The SNAT function allows the pods in a VPC to access the Internet without being bound to an EIP. SNAT supports a large number of concurrent connections, which makes it suitable for applications involving a large number of requests and connections.

Figure 1 SNAT

To enable pods to access the Internet, perform the following steps:

  1. Buy an EIP.

    1. Log in to the management console.
    2. Click in the upper left corner to select the desired region and project.
    3. Choose Service List > Network > Virtual Private Cloud.
    4. In the navigation pane, choose Elastic IP and Bandwidth > EIPs.
    5. On the EIPs page, click Buy EIP.
    6. Set the parameters.

      Set Region to the region where pods are located.

    Figure 2 Buying an EIP

  2. Buy a NAT gateway. For details, see Buying a NAT Gateway.

    1. Log in to the management console.
    2. Click in the upper left corner to select the desired region and project.
    3. Choose Service List > Network > NAT Gateway.
    4. On the NAT Gateway page, click Buy NAT Gateway.
    5. Set the parameters.

      Select the VPC and subnet that you have configured for the namespace of pods.

      Figure 3 Buying a NAT gateway

  3. Configure an SNAT rule and bind the EIP to the subnet. For details, see Adding an SNAT Rule.

    1. Log in to the management console.
    2. Click in the upper left corner to select the desired region and project.
    3. Choose Service List > Network > NAT Gateway.
    4. On the displayed page, click the name of the NAT gateway for which you want to add the SNAT rule.
    5. On the SNAT Rules tab page, click Add SNAT Rule.
    6. Set the parameters.

    Select the subnet that you have configured for the namespace of pods.

    Figure 4 Adding an SNAT rule

    After the SNAT rule is configured, public networks can be accessed from the container. As shown in the following figure, public networks can be pinged from the container.

    Figure 5 Accessing public networks from a container

Parent topic: Workload Network Access