×
Community Blog Network Address Translation (NAT) Gateway: Enterprise-class Public Network Gateway Product

Network Address Translation (NAT) Gateway: Enterprise-class Public Network Gateway Product

Alibaba Cloud Network Address Translation (NAT) Gateway is a public Internet gateway for flexible usage of network resources and access to VPC.

Alibaba Cloud Network Address Translation (NAT) Gateway Overview

Alibaba Cloud Network Address Translation (NAT) gateways are enterprise-class gateways that provide the Source Network Address Translation (SNAT) and Destination Network Address Translation (DNAT) features. Each NAT gateway provides a throughput capacity of up to 10 Gbit/s. NAT gateways also support cross-zone disaster recovery.

The Features of Alibaba Cloud NAT Gateway

Alibaba Cloud NAT Gateway provides Source Network Address Translation (SNAT), Destination Network Address Translation (DNAT), and bandwidth sharing features.

Source Network Address Translation (SNAT)

SNAT allows ECS instances without public IP addresses in a VPC to access the Internet. SNAT can also be used as a firewall to prevent unwanted access to backend servers. After you configure SNAT entries to allow backend servers to initiate connections with specific external terminals, only these external terminals will be able to access the backend servers.

Destination Network Address Translation (DNAT)

DNAT maps a public IP address of a NAT gateway to an ECS instance so that the ECS instance can be accessible from the Internet. DNAT supports port mapping and IP mapping.

EIP bandwidth plans

You can associate an EIP with a NAT gateway, and then add the EIP to an EIP bandwidth plan. After the EIP is added to an EIP bandwidth plan, the original billing method of the EIP is no longer effective and the EIP incurs only instance fees.

The Benefits of Alibaba Cloud NAT Gateway

Alibaba Cloud NAT Gateway is flexible and easy to use, has high performance and high availability, and supports Pay-As-You-Go billing.

Flexible and easy-to-use

As an enterprise-class public network gateway for VPC, NAT Gateway provides SNAT and DNAT functions, which means you do not have to build your own SNAT gateway for your servers. NAT Gateway features high flexibility, stability, and reliability, and is easy to use.

High performance

NAT Gateway, virtual network hardware, is based on Alibaba Cloud's self-developed distributed gateway and is supported by SDN virtualization technology. With the forwarding capacity of up to 10 Gbps, NAT Gateway supports large-scale Internet applications.

High availability

NAT Gateway supports the cross-zone disaster recovery. Failure in a single zone does not affect the service of NAT Gateway.

Pay-AS-You-Go billing

You can change the gateway specification and the number of EIPs at any time to meet changing service requirements.

The Scenarios of Alibaba Cloud NAT Gateway

You can use NAT gateways to enable Elastic Compute Service (ECS) instances in virtual private clouds (VPCs) to access the Internet and receive requests from the Internet.

Create a SNAT gateway to enable ECS instances to access the Internet

You can create a NAT gateway for a VPC, associate an elastic IP address (EIP) with the NAT gateway, and then create a Source Network Address Translation (SNAT) entry on the NAT gateway. This way, the ECS instances in the VPC can access the Internet by sharing the EIP. This saves public IP resources. For more information, see Enable ECS instances to access the Internet through SNAT.

You can also associate multiple EIPs with the NAT gateway. When an ECS instance needs to access the Internet, it randomly selects an EIP from the SNAT IP address pool. If one of the EIPs is under attack, the ECS instance can randomly select another EIP from the SNAT IP address pool to access the Internet. This ensures the high availability of your workloads. We recommend that you associate multiple EIPs with a NAT gateway to avoid service interruption caused by EIP failures.

nat_gateway_1

Create a DNAT gateway to enable ECS instances to receive requests from the Internet

You can create a NAT gateway for a VPC, associate EIPs with the NAT gateway, and then create a Destination Network Address Translation (DNAT) entry on the NAT gateway. This way, ECS instances in the VPC can receive requests from the Internet through port mapping or IP mapping.

nat_gateway_2

EIP bandwidth plan

To allow an application that is deployed on an ECS instance to provide services over the Internet, you must purchase Internet bandwidth for the application. Make sure that you have sufficient bandwidth resources to handle traffic fluctuations. When more than one application needs to provide services over the Internet, you may need to purchase Internet bandwidth for each application. However, this increases the cost and causes resource wastes.

To reduce bandwidth cost and optimize bandwidth usage, you can associate EIPs with your NAT gateway and then add the EIPs to an EIP bandwidth plan. This way, you can centrally manage and monitor Internet traffic.

nat_gateway_3

Related Product

Alibaba Cloud NAT Gateway

NAT Gateway is an enterprise-class public network gateway, providing proxy services (SNAT and DNAT), up to 10 Gbps forwarding capacity, and cross-zone disaster recovery. NAT Gateway helps you establish an Internet gateway for a VPC by configuring SNAT and DNAT entries, allowing more flexible use of network resources.

0 0 0
Share on

Alibaba Clouder

2,630 posts | 644 followers

You may also like

Comments