Scenario 5: Accessing the Public Network from CAE Components

Scenario

In cloud native application scenarios, CAE components (such as service and data synchronization components) access external resources via the public network. They can proactively connect to public network resources such as open-source dependency packages, third-party APIs, and public network storage services using configured outbound rules (such as NAT gateways and EIPs). This allows them to interact with external services over public networks.

This section describes how the CAE components access the public network.

Restrictions

This function is available only in CN North-Beijing4, CN South-Guangzhou, CN East-Shanghai1, ME-Riyadh, TR-Istanbul, AF-Johannesburg, LA-Mexico City2, and LA-Sao Paulo1.

Prerequisites

• You have created a component. In this practice, the component name is cae-test.
• You have created an EIP. For details about how to create an EIP, see Assigning an EIP. You have created two EIPs, for example, 100.95.147.xx and 100.93.10.xx.
• You have purchased an ECS and bound an EIP to it. In this practice, the EIP bound to the ECS is 203.0.113.xx.

  For details about how to purchase an ECS, see Introducing ECS Purchase Options. For details about how to bind an EIP to an ECS, see Binding an EIP.

Step 1: Configure Outbound Access

1. Log in to CAE.
2. Choose System Settings.
3. Click Edit under System Networks.
4. Click the Outbound Configuration tab.
5. Set the outbound configuration by referring to Table 1.

   Table 1 Outbound configuration parameters

   Parameter	Description	Example Value
   Virtual Private Cloud	VPC is used to build an isolated and private virtual network environment. This VPC is the one you selected when creating the environment and cannot be changed.	Retain the default value.
   Subnet	The subnet is the outbound subnet specified when you create the environment and cannot be changed.	Retain the default value.
   Internet Access	You can select an EIP from the drop-down list. This parameter is optional and can be updated or unbound later. Note that you must comply with the following rules when selecting EIPs: You can only select two EIPs or do not select any EIP. You can configure multiple load balancers if you have multiple components and each component requires a different point of entry. Only network load balancers (TCP/UDP) are supported. Application load balancers (HTTP/HTTPS) are not supported. If the components in the CAE environment do not need to access the Internet, or SNAT has been configured for the VPC, you do not need to configure Internet access. If you have not created an EIP, click Create EIP to create one on the EIP console. For details, see Assigning an EIP.	100.95.147.xx 100.93.10.xx

Step 2: Obtain the Public IP Address of the ECS

1. Log in to the ECS console.
2. Locate the ECS that has an EIP bound and copy its EIP. The example value is 203.0.113.xx.

Step 3: Access the Public Network Using CloudShell

1. Choose Instance List.
2. On the Component Configurations page, select the target component cae-test from the drop-down list in the upper part of the page.
3. Click Remote Login on the right of any instance, select /bin/sh, and click Confirm.
4. Run the following command to check the network connectivity:

   ping 203.0.113.xx  # Check the network connectivity between the CAE component and the target IP address.

5. Press Enter. If the network is connected, the response data packet is returned, and the round-trip time (RTT) and packet loss rate are displayed.