百度智能云

All Product Document

          Express Tunnel

          ET Gateway

          Overview

          Introduction

          The ET gateway is the interface between local VPC and physical ET. When users configure the route table for the physical ET connection in the local VPC, the next hop needs to point to corresponding ET gateway. The ET gateway has the following properties:

          Attribute Value Specification Description
          Gateway name String form User-defined ET gateway name
          ID String form System generated ET gateway identification, which is unique in the local VPC.
          Status Available/not configured Current status of ET gateway
          Local region North China-Beijing/South China-Guangzhou/East China-Suzhou Region of ET gateway
          Local network Local VPC ID/name Local private network
          Binding physical ET Physical ET ID and ET ID At present, only one physical ET can be bound.

          Use Constraints

          If the physical ET is used to realize the traffic interworking, the following constraints shall be met:

          • After establishment of physical ET and configuration of ET gateway, to use the end traffic interworking, you must configure the route entry pointing to the peer network in the end route table, and the next hop of local VPC route table points to corresponding ET gateway.
          • One tunnel of a physical ET can only connect to one ET gateway of a VPC.
          • The ET gateway and the local access point of physical ET must be in the same region.
          • The overlapping of ET peer network and local VPC CIDR is not allowed.

          Creating ET Gateway

          Creating ET Gateway

          1. Select the VPC instance created on the VPC Instance List page, and click to enter the Details page.

          2. Select "ET Gateway" in the navigation bar, and click the "Create ET Gateway" button.

          3. Fill in the following configuration information:

          Basic Configuration

          Configuration Item Description
          Whether to enable Link detection switch, Off by default
          Detection method The detection method is PING (ICMP)
          Source IP The source IP is automatically assigned by default. If it is selected as custom, the custom IP must be an idle IP in VPC.
          Destination IP The destination IP is the IP that binds the tunnel IDC for interworking, which is automatically obtained after ET is bound. The whitelist of the target IP of the link detection is featured with the user customization function, which is used to detect the remote IP availability under the indirectly connected physical ET. Please note that this function cannot generate any routing automatically, so you need to write the routing on the network device where the target IP of the detection is located to the cloud network interconnection IP of Baidu AI Cloud where the ET is located.
          Health check interval Time interval for checking path, whose input range is an integer between 1 and 60. It is recommended to set as 3 seconds.
          Unhealthy threshold If the number of failed consecutive health checks exceeds the threshold, this path is considered unhealthy. The input range is 2-5, 3 by default
          Healthy threshold If the number of successful consecutive health checks for an unhealthy path exceeds the threshold, this path is considered healthy. The input range is 2-5, 3 by default.
          Automatic route generation It is enabled by default to automatically generate a route for connectivity detection for users. If it is disabled, users need to manually add it to the route of IDC interconnection IP for connectivity detection.
          > **Notes:** > > - If ET is not bound, the link detection cannot be configured. > - The ET gateway that disables the link detection is always available after successful binding of physical ET. > - The target IP of the link detection can be customized. Currently, this function is covered by the whitelist. If you need to use it, please submit a [ticket](http://ticket.bce.baidu.com) to apply for it.

          Link Detection Usage Restrictions

          • Under the normal condition that no ET association function is enabled, you can only create one link detection with one ET gateway.
          • When the ET association function is enabled, you can add multiple link detection. You need to follow the rule that you can only select one ET as the link detection for one physical ET.

          4. Fill in the configuration information, and then click "OK" to complete the creation steps of ET gateway.

          (Optional) Binding Physical ET

          Application scenarios:

          When an ET gateway of user does not bind any physical ET, you need to perform this operation.

          1. Select the ET gateway name on the ET Gateway List page, and click "Bind" in the action bar.
          2. Pop up the configuration box, and enter the following configuration information:

            Configuration Item Note
            Binding physical ET Bound physical ET ID and ET ID
            Cloud network Users can select this VPC network segment or customize one or more network segments.

          Notes:

          Each VPC supports the creation of up to 10 ET gateways. If you need to create more quotas, you can submit the ticket for application.

          Editing ET Gateway

          Click the "Edit" button behind the ET gateway to enter the Edit ET Gateway page.

          1. In the basic configuration, the gateway name, egress bandwidth, cloud network and description can be edited, while the bound physical ET and ET cannot be edited.
          2. If link detection has been configured in the link detection, the switch, healthy check interval, unhealthy check threshold and healthy check threshold can be edited, while the detection method, source IP and destination IP cannot be edited. If link detection has not been configured previously, it is the same as the creation page.
          3. On/Off: "On" indicates that the link detection is enabled, "Delete" indicates that the link detection configuration is deleted, and "Pause" indicates that the link detection configuration is not deleted, but the link detection is paused.

          Configuring ET Gateway Route

          After successful ET connection, you need to configure the route table to realize the traffic interworking between the cloud environment and the user network. Current ET supports the load balance and active/standby switching.

          The steps to configure the route table in Baidu AI Cloud are shown as follows:

          1. Select "Route Table" in the navigation bar, and click "Add Route" in the Route Table list.
          2. Enter the route table associated with the user network access.

            Configuration Item Note
            Source IP address range Enter the source network segment.
            Destination network segment Enter the destination network segment.
            Route type Select "ET Gateway" to configure single route and multiple routes. The multiple routes support the active/standby mode and load balance mode.
            Next hop instance Select an ET gateway created.
            Description Edit the description information related to the route entry.
          3. Click "OK" to complete the route table configuration. When BCC in the subnet of this route table accesses the user network, the traffic points to this ET gateway.
          4. The ET gateway routing table is featured with the “Main path preemption function”, which is disabled by default.

          Operation: You can enable the main path preemption function through following the path as follows, Routing Table -> Add Routing -> Routing Type “ET Gateway” -> Multi-path Routing -> Multi-path Mode “Master/Slave” -> Edit 2 Different Paths in the Next Hop.

          As shown in the figure:

          image.png

          Notes:

          • When you access the two physical ETs to enable the main path preemption function, it is preferred to contact the Baidu AI Cloud staff to allocate 2 different availability zones in the same region for you.
          • Select the master/slave from the multi-path mode or the load balance mode. You need to set the same output bandwidth rate for two ET gateways of the next hop instance. You need to avoid any incorrect settings, which may cause a business traffic jam for users.
          • After the main path preemption function is enabled, when the traffic of the master/slave path switches with each other, the master/slave identity will be kept unchanged.
          • Routing Table -> “Master/Slave Switching” Operation only refers to the switching of the master/slave identities, regardless of whether the “Main path preemption function” is enabled.

          image.png

          CPE Configuration of Local IDC

          The configuration between the ET gateway and the local IDC is of static route configuration. CPE in the local IDC needs to be configured with the following static routes:

          • For CPE in local IDC, the next hop of link detection source IP configured to the first ET gateway is the IP address of the first ET in the cloud.
          • For CPE in local IDC, the next hop of link detection source IP configured to the second ET gateway is the IP address of the second ET in the cloud.

          NAT (Network Address Translation) Configuration of ET Gateway

          NAT is a solution to the IP address conflict in hybrid cloud scenarios. The ET gateway supports three NAT rules to solve the IP address conflict, i.e., cloud static NAT, IDC static NAT and IDC DNAT.

          Notes:

          • Only the available ET gateway can add NAT rules.
          • At present, the NAT function supported by the ET gateway is at the open beta test stage. If you need to use it, submit the ticket for application (http: //ticket.bce.baidu.com).

          Cloud Static NAT

          The cloud static NAT means that the original IP in VPC is mapped to a new IP and accesses the ET peer with the new IP identity.

          The cloud static NAT does not limit the direction of network request, which can be that VPC accesses the ET peer actively or the ET peer accesses VPC actively.

          image.png

          The steps to configure the cloud static NAT in Baidu AI Cloud are shown as follows:

          1. Click "VPC" on the Console platform to enter the "VPC Product Console" -> "ET Gateway" in the left navigation bar, and click a gateway name to enter the Gateway Details page, and then click "Cloud Static NAT" in the left navigation bar to enter the Cloud Static NAT Rules List page.

          2. Click "Add Rules" on the Cloud Static NAT Rules List page.

          image.png

          Note: Only the available ET gateway can add the cloud static NAT rules.

          3. Fill in the original IP and mapping IP in the Cloud Static NAT Rules list, and click "Save" to complete the addition of rules.

          image.png

          Notes:

           * The original IP cannot be duplicated. The mapping IP cannot be duplicated. If it is duplicated, please re-enter it.
           * The mapping IP cannot be in the VPC CIDR range of ET gateway.

          4. You can uniformly view, edit and delete rules on the Cloud Static NAT Rules List page.

          image.png

          IDC Static NAT

          The IDC static NAT means that the original IP in the user IDC is mapped to a new IP and accesses the IP in VPC with the new IP identity.

          The IDC static NAT does not limit the direction of network request, which can be that VPC accesses the ET peer actively or the ET peer accesses VPC actively.

          image.png

          The steps to configure the IDC static NAT in the Baidu AI Cloud are as follows:

          1. Click "VPC" on the Console platform to enter the "VPC Product Console" -> "ET Gateway" in the left navigation bar, and click a gateway name to enter the Gateway Details page, and then click "IDC Static NAT" in the left navigation bar to enter the IDC Static NAT Rules List page.

          2. Click "Add Rules" on the IDC Static NAT Rules List page.

          image.png

          Note: Only the available ET gateway can add the IDC static NAT rules.

          3. Fill in the original IP and mapping IP in the IDC Static NAT Rules list, and click "Save" to complete the addition of rules.

          image.png

          Notes:

          • The original IP cannot be duplicated. The mapping IP cannot be duplicated. If it is duplicated, please re-enter it.
          • The mapping IP cannot be in the VPC CIDR range of ET gateway.

          4. You can uniformly view, edit and delete rules on the IDC Static NAT Rules List page.

          image.png

          Cloud IP Port Static NAT

          The Cloud IP Port Static NAT is a method for the ET peer to access VPC actively, which maps the specified port of specified IP in VPC to a new IP and port. The ET peer can only communicate with the specified IP port in VPC by accessing the mapped IP port, and other IP ports are not exposed to the ET peer.

          image.png

          The steps to configure the Cloud IP Port Static NAT in Baidu AI Cloud are shown as follows:

          1. Click "VPC" on the Console platform to enter the "VPC Product Console" -> "ET Gateway" in the left navigation bar, and click a gateway name to enter the Gateway Details page, and then click "Cloud IP Port Static NAT" in the left navigation bar to enter the Cloud Static NAT Rules List page.

          2. Click "Add Rules" on the Cloud IP Port Static NAT Rules List page.

          image.png

          Note: Only the available ET gateway can add the Cloud IP Port Static NAT rules.

          3. Specify the protocol in the Cloud IP Port Static NAT Rules list, fill in the original IP and mapping IP, and click "Save" to complete the addition of rules.

          image.png

          Notes:

          • The original IP cannot be duplicated. The mapping IP cannot be duplicated. If it is duplicated, please re-enter it.
          • The original IP must be within the VPC CIDR range of ET gateway.
          • The mapping IP cannot be in the VPC CIDR range of ET gateway.

          4. You can view, edit, and delete rules on the Cloud IP Port Static NAT Rules List page in a unified manner.

          Previous
          Physical Express Tunnel
          Next
          Express Tunnel