How to Deploy Web Services on VPC Networks
I. Experiment Introduction
1.1 Experiment knowledge points
- Create and configure Alibaba Cloud VPC (private network)
- Create and use Alibaba Cloud ECS
- Create and use Alibaba Cloud Elastic IP (EIP)
1.2 Experiment process
This experiment is to build cloud server ECS Web services based on Alibaba Cloud’s private network VPC. During the experiment, you will do the following:
- Understand the background of VPC
- Learn to create a private network VPC in the management console
- Learn to create a cloud server instance ECS under the private network
- Bind EIP to the ECS
- Log in to ECS to deploy Web services remotely
1.3 Experiment resources
To complete this experiment, you need the following system resources:
- VPC private network
- ECS cloud server
- Elastic IP (EIP)
1.4 Start the experiment environment
Click Start Lab in the upper right corner of the page to start the experiment.
After the experiment environment is successfully started, the system has deployed resources required by this experiment in the background, including the ECS instance, RDS instance, Server Load Balancer instance, and OSS bucket. An account consisting of the username and password for logging on to the Web console of Alibaba Cloud is also provided.
After the experiment environment is started and related resources are properly deployed, the experiment starts a countdown. You have two hours to perform experimental operations. After the countdown ends, the experiment stops, and related resources are released. During the experiment, pay attention to the remaining time and arrange your time wisely. Next, use the username and password provided by the system to log on to the Web console of Alibaba Cloud and view related resources:
Go to the logon page of Alibaba Cloud console.
Fill in the sub-user account and click Next.
Fill in the sub-user password and click Log on.
After you successfully log on to the console, the following page is displayed.
II. Experiment Content
2.1 What is a VPC?
A private network VPC (Virtual Private Cloud) is an isolated network environment built by users based on Alibaba Cloud. Private networks are logically isolated from each other. Users can use Alibaba Cloud resources in their own defined virtual networks.
Users have total control over their virtual networks. For example, they can choose their own IP address range, arrange network segments, configure routing tables and gateways, etc. This provides users with secure, customizable and simple access to resources and applications. In addition, users can also connect their private networks with a traditional data center through dedicated lines or VPN connections to form an on-demand network environment, enabling the smooth migration of applications to the cloud and the expansion of data centers. In addition, users can create and manage cloud product instances within their own private networks, e.g., ECS, SLB, and RDS.
2.2 VPC features
The private network VPC (Virtual Private Cloud) helps you build an isolated network environment based on Alibaba Cloud. In addition to providing you with a standalone virtualized network, Alibaba Cloud also provides separate router and switch components for each VPC. You have total control of your virtual networks, including private IP address ranges, subnet segments, and routing configurations.
It is a custom private network created based on Alibaba Cloud. Private networks are logically isolated from each other. When creating a private network, you need to specify a private network segment used within your private network in the form of a CIDR block. For information about CIDR block, see Classless Inter-Domain Routing on Wikipedia.
You can use standard private network segments and their subnets in the following table as the private network address of the VPC.
Private IP addresses available for VPC
|Number of available private IPs (excluding those reserved by the system)
Once a private network is created, its network segment cannot be modified. It is recommended to use a large segment and try to avoid subsequent expansion. The system does not create a system route based on the network segment of the VPC. Therefore, creating a VPC with a large address range will not affect the normal service usage.
Switch (VSwitch) It is a basic network device that makes up a private network. It is used to connect different cloud product instances. Once a private network is created, you can add one or more subnets to the private network by adding a switch. The number of switches for a private network must not exceed 24.
When creating a switch in a private network, you must also assign it a network segment in the form of a CIDR block. The size of the switch’s network segment is between the 16-bit netmask and the 29-bit netmask.
Router (VRouter) It is the hub of a private network. As an important functional component in a private network, it can connect each switch in a VPC. It is also a gateway device for connecting a VPC with other networks.
When creating a VPC, the system automatically creates a router and a routing table for the VPC. You cannot delete a private network router or routing table directly, but add new routing entries in the routing table to forward traffic. When the VPC is deleted, the associated routers and routing tables are also deleted.
2.3 Create a VPC
<font color="#dd0000">Note: The resources that need to be created in this experiment have been created automatically. The creation process in Section 2.3 below is for reference only. Users do not need to create them themselves</font><br />
Log in and enter the Alibaba Cloud console page, click on the link:
Virtual Private Cloud It is as shown below:
Select VPC in the tab on the left, the region for VPC in the middle or upper part of the page. Here
US West 1 (Silicon Valley) is taken for example. The bottom part of the page is the VPC creation record. currently, no VPC is created. Click the Create VPC button on the top right to create a private network VPC, as shown below:
Fill in VPC name, VSwitch name, Zone, CIDR with reference to the figure below.
Now you have created a VSwitch.
You can now see the created VPC network on the VPC console.
Go to the management page to view more VPC network details:
2.4 Create an ECS instance
<font color="#dd0000">Note: The resources that need to be created in this experiment have been created automatically. The creation process in Section 2.4 below is for reference only. Users do not need to create them themselves.</font><br />
Click on the top right product, select Elastic Compute Service
select Instances and the United States - Silicon Valley’s region，click on Create Instance
Go to the page for creating an ECS instance and select the ECS configuration information as shown in the figure.
|Datacenter Region and Zone
||US West 1 (Silicon Valley)/ US West 1 Zone A
||General Type n1/ ecs.n1.medium ( 2-core, 4 GB)
||Default Securit Group 2（customized port）
|Network Billing Type
|Network Bandwidth Peak
||Public Image/ Ubuntu 16.04 64bit
In the configuration parameters, there are a few points you need to pay attention to.
When selecting network type, only select the private network, and the network aliyun_vpc we just created, rather than the default private network. Also select the switch VSwitch-1 we just created, rather than the default switch.
When selecting a security group, check the option HTTP Port 80 to access the web services provided by ECS.
2.5 Use an EIP
An Elastic IP address (EIP) is a public IP address that can be bought and held independently. Currently, EIPs can be bound to private network ECS instances, private network SLB instances, and NAT gateways.
An EIP is a NAT IP. Actually located on Alibaba Cloud’s public network gateway, it is mapped to the private network NIC where bound ECS instances are located through NAT. Therefore, an ECS instance bound to an EIP address can use this IP directly for public network communications. However, this IP address cannot be seen on the NIC for this ECS instance.
By default, the private network does not provide any IP for public network access. To realize external services, you can buy EIPs and bind them to ECS that need to provide external services.
We have created the ECS instances
ecs-1, To access them from outside, the only way is to dynamically bind public IP addresses to the ECS instances in the form of EIP.
Now go to the console home page, click on Elastic IP Address:
Go to the EIP management page and you’ll see the EIP
The current status of this EIP is Available. Click Bind on the right to bind the EIP to an ECS instance.
In the dialog box that is displayed, select the ECS instance to be bound by the EIP. Here select ecs-1, and click OK in the lower right corner to perform the binding operation.
Once the above operation is completed, it can be seen that the status of the current EIP has changed to Allocated, and it has been bound to the ECS instance ecs-1.
Enter the ECS instance management page to view the list of current ECS instances:
You need to remember the EIP address, which we will later use to log in to ecs-1 remotely and deploy Web services.
2.6 Deploy Web services with subnet ECS
We have an ECS instances ecs-1 to deploy Nginx Web Server separately. Follow the previous steps.
Deploy Nginx first on the ecs-1 instance.
Telnet account for ecs-1
If you are using a <font size=4>Windows</font> computer, please download the SSH tool putty。
If you are using <font size=4>Linux</font> or <font size=4>Mac OS</font>, you can open the client application on your local computer and run the following command to log on to the ECS instance with the default account:
If you need to see the detailed login method, you can open the login link for further viewing.
Execute these few commands in succession to deploy the Nginx server.
apt-get install nginx -y
service nginx start
Open your browser and enter EIP address to see page results:
Through the above steps, we have deployed Nginx web servers respectively on ECS instances of subnets under the VPC. It can provide normal web services.
Go back to the ECS management page, and click on the tab Virtual Private Cloud on the right to manage the created VPC:
As you can see, we have one switch, one subnet, and one ECS instance under the switch.
2.7 Release an Elastic IP
Through the binding between EIP and ECS instances, we have realized remote login to the ecs-1 instance. Nginx Web services have been deployed separately. Now we do not need EIP because it is charged on an hourly basis. It should be promptly released.
Select the corresponding tab on the left to switch to Elastic IP Address.
You first need to unbind the EIP from the ECS instance. Click the unbinding button Unbind on the right.
In the pop-up dialog box, click OK in the lower right corner:
Once unbinding is complete, the status of this EIP changes to Available. Click More on the right and select the option Release in the pop-up box:
When you no longer use the EIP, release it through the above steps.
Before you leave this lab, remember to log out your Alibaba RAM account before you click the ‘stop’ button of your lab. Otherwise you’ll encounter some issue when opening a new lab session in the same browser:
III. Experiment Summary
Experiment Process Flow:
- First, We learned how to create an Ali cloud VPC private network and a new switch, equivalent to a subnet under the VPC network.
- Next, We learned how to create the ECSs ecs-1 under the switch respectively, and dynamically bound them to the server instances through EIPs
- And then we logged in and managed the ECS instances remotely, and deployed Nginx Web services on the ECS instances respectively.
Through this experiment, we learned what a VPC is and how to create and use it. We also learned what is an Elastic IP (EIP), how to create and bind it to an ECS instance, and how to unbind and release an EIP.