Help Center/ Cloud Connect/ Best Practices/ Improving Web Delivery Across Regions Using a Cloud Connection and DNAT

Updated on 2024-10-25 GMT+08:00

View PDF

Improving Web Delivery Across Regions Using a Cloud Connection and DNAT

Scenarios

This practice provides detailed operations for improve web delivery across regions.

Components required in this practice include a NAT gateway, a cloud connection, and a web proxy server.

For details about the regions where cloud connections are available, see Region Availability.

Figure 1 shows an example.

Figure 1 Improving web delivery across regions

In this practice, an HTTP proxy server used for browser-based web access is required, such as a Squid proxy server.

Proxy-Client: Use a Windows server with a web proxy installed as the client and set the proxy address to the EIP (114.119.xx.xx) in AP-Singapore.

NAT Gateway: Configure a DNAT rule to map the EIP (114.119.xx.xx) in AP-Singapore to the IP address (172.16.101.100) bound to the network interface (Eth 1) of the Squid proxy server in CN East-Shanghai1.

Prerequisites

Your cross-border permit has been approved.
You have deployed a proxy server based on your network conditions.

In this practice, you need to configure the HTTP proxy server by yourself.

Procedure

Create two VPCs and ensure that the VPC CIDR blocks do not conflict with each other.

For details, see Creating a VPC.

The VPC in CN East-Shanghai1 has two subnets:
- Subnet 1: 172.16.100.0/24
- Subnet 2: 172.16.101.0/24
Create a cloud connection.
1. Create a cloud connection.
  For details, see Creating a Cloud Connection.
2. Load the two VPCs.
  When you load the VPC in CN East-Shanghai1, select only subnet 2.
  
  For details, see Loading a Network Instance.
3. Add custom CIDR blocks.
  When you load the VPC in AP-Singapore, you need to add the custom CIDR block 0.0.0.0/0.
  
  For details, see Adding Custom CIDR Blocks for a Cloud Connection.
  
  You need to add the default route 0.0.0.0/0 to allow access from the NAT gateway.
4. Buy a bandwidth package.
  By default, a cloud connection provides 10 kbit/s of bandwidth for testing cross-region network connectivity. You need to buy a bandwidth package to ensure normal communication across regions.
  
  For details, see Buying a Bandwidth Package.
5. Assign an inter-region bandwidth.
  For details, see Assigning an Inter-Region Bandwidth.
Buy an ECS with two network interfaces in CN East-Shanghai1.
- Eth 0 (for accessing the Internet): 172.16.100.100
- Eth 1 (for communicating with the NAT Gateway): 172.16.101.100
For details, see Purchasing an ECS.

Bind an EIP to Eth 0 so that the ECS can access the Internet.
Configure the Squid proxy server.
1. To ensure normal routing, add a policy-based route for the ECS in CN East-Shanghai1.
```
ip rule add from 172.16.101.100 table 100
ip route add default via 172.16.101.1 table 100
```
1. Install and configure the proxy service.
  Configure the proxy server in a secure and reliable manner based on network requirements.
Buy two EIPs and configure a NAT gateway.
1. Buy an EIP in CN East-Shanghai1 and bind the EIP to Eth 0 (172.16.100.100).
  For details, see Assigning an EIP and Binding It to an ECS.
2. In AP-Singapore, buy an EIP and a public NAT gateway, and add a DNAT rule. Select Direct Connect/Cloud Connect when you add the DNAT rule.
  For details, see Assigning an EIP and Binding It to an ECS and Adding a DNAT Rule.
Private IP address: 172.16.101.100 (IP address of Eth 1)

EIP: 114.119.xx.xx used by Proxy-Client

Squid proxy server: Eth 0 is used for Internet access, and Eth 1 is used for communicating with the NAT gateway.

The DNAT rule enables the Squid proxy server to provide services accessible from Proxy-Client on the Internet.

Configure Proxy-Client.

Prepare a Windows server and configure it as the client.
1. Select Settings.
2. Choose Network and Internet > Proxy > Manual proxy setup.
3. Enable Use a proxy server.
4. Set Address and Port.
  Figure 2 Proxy configuration
  
  Address: Enter the EIP (114.119.xx.xx) bound to the DNAT rule.
5. Click Save.