<p><strong>Create a VPC and Connect it to Internet through NAT Gateway</strong></p> <p>This article describes how to quickly deploy a network that is needed by the cloud host and that can connect to the Internet, including creating a VPC, deploying ECS instances in the VPC, purchasing a NAT Gateway, and controlling the traffic of ECS instances by configuring a security group.</p> <p><strong>Restrictions</strong></p> <p>&bull;&nbsp;&nbsp;&nbsp;Only DMZ network can connect to the Internet.</p> <p>&bull;&nbsp;&nbsp;&nbsp;The network should include at least one subnet. When creating the network, you need to create a subnet, as cloud host resources can only be added in a subnet.</p> <p>&bull;&nbsp;&nbsp;&nbsp;A NAT Gateway cannot be created in the region of East China. To connect the VPC in the region of East China to the Internet, you can use an IGW Gateway.</p> <p><strong>Step 1</strong><strong>：</strong><strong>Create a VPC, DMZ network domain, and a subnet</strong></p> <p>1. Log in to the <a href="https://www.pinganyun.com/console/vpc/overview" target="_blank">VPC Console</a>.</p> <p>2. Click <strong>VPC </strong>in the left navigation tree to enter the <strong>VPC</strong> page.</p> <p>3. Click <strong>Create </strong>in the upper-right corner of the page to enter the<strong> Create VPC</strong> page.</p> <p>4. Create a VPC as described in the following table:</p> <p><img src="https://obs-cn-shanghai.yun.pingan.com/pcp-portal/20210206102441-1c40d9d19ca0.png" style="height:469px; width:460px" /></p> <table border="1" cellpadding="0" cellspacing="0"> <tbody> <tr> <td style="width:185px"> <p><strong>Configuration item</strong></p> </td> <td style="vertical-align:top; width:597px"> <p><strong>Description</strong></p> </td> </tr> <tr> <td style="width:185px"> <p>VPC Description</p> </td> <td style="vertical-align:top; width:597px"> <p>Name of the private network.</p> </td> </tr> <tr> <td style="width:185px"> <p>Region</p> </td> <td style="vertical-align:top; width:597px"> <p>Select the region where the VPC is to be created. It is recommended to&nbsp;create a VPC that is the closest to&nbsp;your&nbsp;client.</p> </td> </tr> <tr> <td style="width:185px"> <p>VPC Types</p> </td> <td style="vertical-align:top; width:597px"> <p>Select the type of the VPC. Currently, only financial type is available.</p> </td> </tr> </tbody> </table> <p>5. Click<strong> Create</strong> to display the <strong>Create </strong><strong>Result</strong> page as shown below, and the VPC status is displayed as <strong>Available</strong>.</p> <p><img src="https://obs-cn-shanghai.yun.pingan.com/pcp-portal/20210206101541-1767762f9ef4.png" style="height:458px; width:387px" /></p> <p>6. Click <strong>Confirm</strong>.</p> <p>7.&nbsp;Click the VPC name on the VPC page, and then click the <strong>Network</strong> tab on the <strong>Instance Information</strong> that opens.</p> <p>8.&nbsp; Click <strong>Create</strong> in the upper-right corner of the <strong>Network</strong> tab.</p> <p>9.&nbsp; Create a DMZ network as described in the following table:</p> <p><img src="https://obs-cn-shanghai.yun.pingan.com/pcp-portal/20210206101258-11d646949359.png" style="height:635px; width:449px" /></p> <table border="1" cellpadding="0" cellspacing="0"> <tbody> <tr> <td> <p><strong>Configuration item</strong></p> </td> <td style="vertical-align:top"> <p><strong>Description</strong></p> </td> </tr> <tr> <td> <p>Network Description</p> </td> <td style="vertical-align:top"> <p>Name of the network.</p> </td> </tr> <tr> <td> <p>Objective Product</p> </td> <td style="vertical-align:top"> <p>Select ECS to be the objective product of the network.</p> </td> </tr> <tr> <td> <p>Partition</p> </td> <td style="vertical-align:top"> <p>Select DMZ.</p> </td> </tr> <tr> <td> <p>VPC Subnets List</p> </td> <td style="vertical-align:top"> <p>&bull;&nbsp;&nbsp;Fill in custom subnet description.</p> <p>&bull;&nbsp;&nbsp;Select an availability zone.</p> <p>&bull;&nbsp;&nbsp;Select the length of the network mask.</p> </td> </tr> </tbody> </table> <p>10. Click <strong>Create</strong> to display the following <strong>Create </strong><strong>Result</strong> page, and the status of the network is <strong>Available</strong>. The creation of a VPC, a network and a subnet is completed.</p> <p><img src="https://obs-cn-shanghai.yun.pingan.com/pcp-portal/20210206101320-17edcaad91de.png" style="height:560px; width:451px" /></p> <p><strong>Step 2</strong>：<strong>Create an ECS instance&nbsp;&nbsp;</strong></p> <p>1. Log in to the <a href="https://www.pinganyun.com/console/ecs/overview" target="_blank">ECS Console</a>.</p> <p>2. Click <strong>Instance </strong>in the left navigation tree to enter the <strong>Instance Management</strong> page.</p> <p>3. Click <strong>Create </strong>in the upper-right corner of the page to enter the<strong> Create Instance</strong> page.</p> <p>4. Configure an ECS instance according to your needs. For detailed information, see ECS Operation Guide.</p> <p><strong>Note: </strong>During the process of creating an ECS instance, please select the VPC and subnet created in step 1 for network configuration.</p> <p><img src="https://obs-cn-shanghai.yun.pingan.com/pcp-portal/20212704184136-10d495799f3f.png" style="height:441px; width:830px" /></p> <p>5. Click <strong>Purchase</strong>.</p> <p>6. On the page that opens, check the order, and then click<strong> Confirm Open</strong> to complete payment.</p> <p><strong>Step 3: Purchase a NAT gateway and configure an SNAT rule and a DNAT rule</strong></p> <p>1. Log in to the <a href="https://www.pinganyun.com/console/vpc/overview" target="_blank">VPC Console</a>.</p> <p>2. Click <strong>NAT Gateway </strong>in the left navigation tree to enter the <strong>NAT Gateway </strong>page.</p> <p>3. Click <strong>Create </strong>in the upper-right corner of the page to enter the<strong> Create NAT Gateway</strong> page.</p> <p>4. If you need to configure the NAT gateway, see NAT gateway Operation Guide for detailed information.</p> <p><strong>Note: </strong>When you are configuring NAT Gateway, please select the VPC created in step 1.</p> <p><img src="https://obs-cn-shanghai.yun.pingan.com/pcp-portal/20210206102212-1b5c834e962f.png" style="height:481px; width:586px" /></p> <p>5. Click <strong>Purchase</strong> to enter the <strong>Order Confirmation </strong>page.</p> <p>6. After checking the order, click <strong>Confirm Open </strong>to complete payment.</p> <p>7. Return to the <strong>NAT Gateway</strong> page, and click the host name of the NAT Gateway just created to enter the<strong> NAT Detail </strong>page.</p> <p>8. Click the tab <strong>Bandwidth</strong>, and click <strong>Create</strong> in the upper-right corner to enter the <strong>Create Broadband</strong> page.</p> <p>9. Set the total bandwidth and the number of public IP addresses, and then click <strong>Purchase</strong> to enter <strong>Order Confirmation</strong> page.</p> <p><img src="https://obs-cn-shanghai.yun.pingan.com/pcp-portal/20212704184302-1560bb229fa5.png" style="height:373px; width:800px" /></p> <p>10. After checking the order, click <strong>Confirm Open</strong> to complete payment.</p> <p>11. On the <strong>NAT Detail</strong> page, select the <strong>SNAT Rule </strong>tab. Then click <strong>Create</strong> in the upper-right corner to enter the <strong>Create SNAT</strong> <strong>Rule</strong> page.</p> <p>12. Configure SNAT rule: <strong>Source CIDR</strong> is the subnet network segment where the ECS instance created in Step 2 is located. <strong>Internet IP</strong> refers to the Internet IP applied when the broadband is created. Then click <strong>Create</strong> to complete the creation of SNAT rule.</p> <p>13. On the <strong>NAT Detail</strong> page, select the <strong>DNAT Rule </strong>tab. Then click <strong>Create</strong> in the upper-right corner to enter the <strong>Create DNAT</strong> <strong>Rule</strong> page.</p> <p>14. Configure DNAT rule according to your needs: <strong>Internet IP</strong> refers to the Internet IP applied when the broadband is created, and <strong>VPC IP </strong>is the<strong> </strong>ECS instance created in Step 2. Then click<strong> Create </strong>to complete the creation DNAT rule.</p> <p><img src="https://obs-cn-shanghai.yun.pingan.com/pcp-portal/20212704184347-1329f09e9518.png" style="height:494px; width:656px" /></p> <p><strong>Step 4: Configure Security Group</strong></p> <p>1. Log in to the <a href="https://www.pinganyun.com/console/ecs/overview" target="_blank">ECS Console</a>.</p> <p>2. In the left navigation tree, click <strong>Networks</strong>&gt;<strong>Security Group</strong> to enter the <strong>Security Group</strong> page.</p> <p>3. Click <strong>Create</strong> in the upper-right corner, and the <strong>Create Security Group</strong> page will pop up.</p> <p>4. Select the VPC and DMZ network created in Step 1, and click <strong>Confirm</strong> to create a security group.</p> <p><img src="https://obs-cn-shanghai.yun.pingan.com/pcp-portal/20212704184500-1ce3336b9cb7.png" style="height:348px; width:701px" /></p> <p>5. Click the name of the security group just created to enter the <strong>Security Group Information</strong> page.</p> <p>6. On the <strong>Instance</strong> tab, click <strong>Create</strong> in the upper-right corner, and pop up the <strong>Binding </strong>page.</p> <p>7. Select the ECS instance created in Step 2, and click <strong>Confirm</strong> to add the ECS instance to the security group.</p> <p><img src="https://obs-cn-shanghai.yun.pingan.com/pcp-portal/20212704184632-107de7de943d.png" style="height:510px; width:830px" /></p> <p>8. Click the <strong>Security Group Rules</strong> tab on the Security Group Information page, then click <strong>Create</strong> in the upper-right corner on the tab, and the dialogue box of <strong>Create Security Group Rules </strong>will pop up.</p> <p>9. Configure the Out and In directions for the security group rules.&nbsp; &nbsp;&nbsp;</p>