Help Center> Cloud Connect> Best Practices> Improving Web Delivery Across Regions Using Cloud Connect and DNAT

Updated on 2022-06-29 GMT+08:00

View PDF

Improving Web Delivery Across Regions Using Cloud Connect and DNAT

Scenarios

This practice provides detailed operations for improve web delivery across regions.

Components required in this practice include a NAT gateway, a cloud connection, and a web proxy server.

Figure 1 shows the networking topology.

Figure 1 Networking

In this practice, an HTTP proxy server used for browser-based web access is required, such as a Squid proxy server.

Proxy-Client: Use a Windows server with a web proxy installed as the client and set the proxy address to the EIP (114.119.xx.xx) in AP-Singapore.

NAT Gateway: Configure a DNAT rule to map the EIP (114.119.xx.xx) in AP-Singapore to the IP address (172.16.101.100) bound to the NIC (Eth 1) of the Squid proxy server in CN East-Shanghai1.

Prerequisites

Your cross-border permit has been approved.
You have deployed a proxy server based on your network conditions.

In this practice, you need to configure the HTTP proxy server by yourself.

Procedure

Create two VPCs and ensure that the VPC CIDR blocks do not conflict with each other.
For details, see Creating a VPC.

The VPC in CN East-Shanghai1 has two subnets:
- Subnet 1: 172.16.100.0/24
- Subnet 2: 172.16.101.0/24
Configure Cloud Connect.
Create a cloud connection, load the VPCs, and add a custom CIDR block.
1. Create a cloud connection.
  For details, see Creating a Cloud Connection.
2. Load the two VPCs.
  When you load the VPC in CN East-Shanghai1, select only subnet 2.
  
  For details, see Loading a Network Instance.
3. Add a custom CIDR block.
  When you load the VPC in AP-Singapore, you need to add the custom CIDR block 0.0.0.0/0.
  
  For details, see Adding a Custom CIDR block.
  
  You need to add the default route 0.0.0.0/0 to allow access from the NAT gateway.
4. Buy a bandwidth package.
  By default, the system allocates 10 kbit/s of bandwidth for testing network connectivity across regions. You need to buy a bandwidth package to ensure normal network communications across regions.
  
  For details, see Buying a Bandwidth Package.
5. Assign an inter-region bandwidth.
  For details, see Assigning Inter-Region Bandwidth.
Buy an ECS with two NICs in CN East-Shanghai1.
- Eth 0 (for accessing the Internet): 172.16.100.100
- Eth 1 (for communicating with the NAT Gateway): 172.16.101.100
For details, see Purchasing an ECS.

Bind an EIP to Eth 0 so that the ECS can access the Internet.
Configure the Squid proxy server.
1. To ensure normal routing, add a policy-based route for the ECS in CN East-Shanghai1.
```
ip rule add from 172.16.101.100 table 100
ip route add default via 172.16.101.1 table 100
```
1. Install and configure Squid proxy server based on your network requirements.
Buy two EIPs and configure a NAT gateway.
1. Buy an EIP in CN East-Shanghai1 and bind the EIP to Eth 0 (172.16.100.100).
  For details, see Assigning an EIP and Binding It to an ECS.
2. Buy an EIP in AP-Singapore, purchase a public NAT gateway, and add a DNAT rule. (Select Direct Connect/Cloud Connect when you add the DNAT rule.)
  For details, see Assigning an EIP and Binding It to an ECS and Adding a DNAT Rule.
Private IP address: 172.16.101.100 ( IP address of Eth 1)

EIP: 114.119.xx.xx used by Proxy-Client

Squid proxy server: Eth 0 is used for Internet access, and Eth 1 is used for communicating with the NAT gateway.

The DNAT rule enables the Squid proxy server to provide services accessible from Proxy-Client on the Internet.

Configure Proxy-Client.
Prepare a Windows server and configure it as the client.
1. Select Settings.
2. Choose Network and Internet > Proxy > Manual proxy setup.
3. Enable Use a proxy server.
4. Set Address and Port.
  Figure 2 Proxy configuration
  
  Address: Enter the EIP (114.119.xx.xx) bound to the DNAT rule.
5. Click Save.