Help Center/ Cloud Container Instance (CCI)_Cloud Container Instance 1.0 (CCI 1.0)/ User Guide/ Using CCI Through the CCI Console and APIs/ Network Management/ Accessing Public Networks from a Container
Updated on 2025-07-26 GMT+08:00
View PDF
Share

Accessing Public Networks from a Container

You can use NAT Gateway to enable containers in a VPC to access the public network. NAT Gateway provides source network address translation (SNAT), which translates private IP addresses to an EIP, providing secure and efficient access to the public network. Figure 1 shows the SNAT architecture. SNAT makes it unnecessary to bind an EIP to each pod in a VPC. SNAT supports a large number of concurrent connections, so it is a good fit for applications involving a large number of requests and connections.

Figure 1 SNAT

To enable pods to access the public network, take the following steps:

  1. Buy an EIP.

    1. Log in to the management console.
    2. Click in the upper left corner to select the desired region and project.
    3. Choose Service List > Networking > Virtual Private Cloud.
    4. In the navigation pane, choose Elastic IP and Bandwidth > EIPs.
    5. On the EIPs page, click Buy EIP.
    6. Configure the parameters.

      Set Region to the region where pods are located.

    Figure 2 Buying an EIP

  2. Buy a NAT gateway. For details, see Buy a Public NAT Gateway.

    1. Log in to the management console.
    2. Click in the upper left corner to select the desired region and project.
    3. Choose Service List > Networking > NAT Gateway.
    4. On the displayed page, click Buy NAT Gateway.
    5. Configure the parameters.

      Select the VPC and subnet you have configured for the namespace where the pods are located.

      Figure 3 Buying a NAT gateway

  3. Configure an SNAT rule and bind the EIP to the subnet. For details, see Adding an SNAT Rule.

    1. Log in to the management console.
    2. Click in the upper left corner to select the desired region and project.
    3. Choose Service List > Networking > NAT Gateway.
    4. On the displayed page, click the name of the NAT gateway for which you want to add the SNAT rule.
    5. On the SNAT Rules tab, click Add SNAT Rule.
    6. Configure the parameters.

    Select the subnet you have configured for the namespace where the pods are located.

    Figure 4 Adding an SNAT rule

    After the SNAT rule is configured, containers can access the public network.

    Figure 5 Accessing the public network from a container

Parent topic: Network Management