All Products
Search
Document Center

NAT Gateway:Create an SNAT IP address pool

Last Updated:Aug 23, 2023

This topic describes how to add multiple elastic IP addresses (EIPs) to an SNAT IP address pool when you create an SNAT entry. After you create an SNAT IP address pool, Elastic Compute Service (ECS) instances in a virtual private cloud (VPC) can use the EIPs in the SNAT IP address pool to access the Internet.

Background information

Internet NAT gateways are enterprise-class gateways that support the SNAT feature. SNAT allows ECS instances in a VPC to access the Internet even if no public IP addresses are assigned to the ECS instances. When you create an SNAT entry, if you specify only one EIP for a VPC, vSwitch, or ECS instance, the EIP may not be able to withstand traffic spikes. As a result, your services may be interrupted.

To resolve this issue, you can add multiple EIPs to an SNAT IP address pool. This way, an ECS instance can randomly use an EIP in the IP address pool to access the Internet.

SNAT IP address pool

Prerequisites

Step 1: Create an Internet NAT gateway

  1. Log on to the NAT Gateway console.
  2. On the Internet NAT Gateway page, click Create NAT Gateway.
  3. When you create an Internet NAT gateway for the first time, click Create in the Notes on Creating Service-linked Roles section of the buy page to create a service-linked role. After the service-linked role is created, you can create Internet NAT gateways.

    创建角色 For more information, see Service-linked roles.

  4. On the buy page, set the following parameters and click Buy Now.

    Parameter

    Description

    Billing Method

    By default, Pay-As-You-Go is selected. You can pay for resources after you use them. For more information, see Billing of Internet NAT gateways.

    Resource Group

    Select the resource group to which the virtual private cloud (VPC) belongs. For more information, see Resource group overview.

    Tags

    • Tag Key: Select or enter a tag key.

      You can specify at most 20 tag keys. A tag key can be up to 128 characters in length. It cannot start with aliyun or acs:, and cannot contain http:// or https://.

    • Tag Value: Select or enter a tag value.

      You can specify at most 20 tag values. A tag value can be up to 128 characters in length. It cannot start with aliyun or acs:, and cannot contain http:// or https://.

    Region

    Select the region where you want to create the Internet NAT gateway.

    VPC

    Select the VPC where you want to create the Internet NAT gateway. After the Internet NAT gateway is created, you cannot change the VPC to which the Internet NAT gateway belongs.

    Associate vSwitch

    Select the vSwitch to which the Internet NAT gateway belongs.

    Metering Method

    By default, Pay-By-CU is selected. You are charged based on the resources that you use. For more information, see Billing of Internet NAT gateways.

    Billing Cycle

    By default, By Hour is selected. Bills are generated on an hourly basis. If you use an Internet NAT gateway for less than 1 hour, the usage duration is rounded up to 1 hour.

    Instance Name

    Enter a name for the Internet NAT gateway.

    The name must be 2 to 128 characters in length and can contain digits, underscores (_), and hyphens (-). The name must start with a letter.

    Access Mode

    Select the mode in which you want to create the Internet NAT gateway. The following modes are supported:

    • SNAT for All VPC Resources: If you select this value, the Internet NAT gateway is created in unified access mode. After the Internet NAT gateway is created, all resources in the VPC can access the Internet by using the SNAT feature of the NAT gateway.

      If you select SNAT for All VPC Resources, you must also specify an elastic IP address (EIP).

    • Configure Later: If you select this option, you can configure the Internet NAT gateway in the console after you complete the payment.

      If you select Configure Later, only the Internet NAT gateway is created. No SNAT entry is created.

    In this example, Configure Later is selected.

  5. On the Confirm page, confirm the information, select the Terms of Service check box, and then click Confirm.

    When the Purchased message appears, the Internet NAT gateway is created.

Step 2: Associate multiple EIPs with the Internet NAT gateway

  1. Log on to the NAT Gateway console.
  2. In the top navigation bar, select the region where the Internet NAT gateway is deployed.

  3. On the Internet NAT Gateway page, find the Internet NAT gateway that you want to manage and click Associate Now in the Elastic IP Address column.

  4. In the Associate EIP dialog box, set the following parameters and click OK.

    Parameter

    Description

    Resource Group

    Select the resource group of the EIP.

    Select EIP

    In this example, Select Existing EIP is selected, and a pay-as-you-go EIP is selected from the drop-down list.

  5. Repeat the preceding steps to associate more EIPs with the NAT gateway.

Step 3: Associate the EIPs with an Internet Shared Bandwidth

  1. Log on to the Elastic IP Address console .
  2. In the top navigation bar, select the region where the EIP is created.

  3. On the Elastic IP Addresses page, find the EIP that you want to manage and choose More > Add to Shared Bandwidth Plan in the Actions column.

  4. Select the Internet Shared Bandwidth with which you want to associate the EIP and click OK.

  5. Repeat the preceding steps to associate more EIPs with the Internet Shared Bandwidth.

Step 4: Create an SNAT entry

To create an SNAT entry and add multiple EIPs to an SNAT IP address pool, perform the following operations:

  1. Log on to the NAT Gateway console.
  2. In the top navigation bar, select the region where the Internet NAT gateway is deployed.

  3. On the Internet NAT Gateway page, find the Internet NAT gateway that you want to manage and click Configure SNAT in the Actions column.

  4. On the SNAT Management tab, click Create SNAT Entry.

  5. On the Create SNAT Entry page, set the following parameters and click Confirm.

    Parameter

    Description

    SNAT Entry

    In this example, Specify vSwitch is selected.

    Select VSwitch

    Select a vSwitch in the VPC. All ECS instances in the vSwitch can access the Internet by using SNAT.

    VSwitch CIDR Block

    After you select a vSwitch, the CIDR block of the vSwitch is displayed.

    Select Public IP Address

    Select one or more EIPs to access the Internet. In this example, Use Multiple IP Addresses is selected.

    Use Multiple IP Addresses

    Select the EIPs that are associated with the Internet Shared Bandwidth from the Public IP Address drop-down list.

    Entry Name

    Enter a name for the SNAT entry.

Step 5: Test the connectivity

  1. Log on to an ECS instance to which the SNAT entry applies. For more information, see Connection methods.

  2. Run the ifconfig command to query the private IP address of the ECS instance.

  3. Run the curl https://myip.ipip.net command to query the IP address that the ECS instance uses to access the Internet.

    The result shows that the ECS instance uses an EIP in the SNAT IP address pool to access the Internet. ECS1