This topic describes how to create a Source Network Address Translation (SNAT) entry. SNAT allows Elastic Compute Service (ECS) instances in a Virtual Private Cloud (VPC) network to access the Internet when the ECS instances are not assigned static public IP addresses or elastic IP addresses (EIPs).

Prerequisites

Before you create a SNAT entry, make sure that the following requirements are met:
  • A NAT gateway is created and associated with an EIP. For more information, see Create a NAT gateway and Associate an EIP with the a NAT gateway.
    Note If your NAT service plan is purchased before January 26, 2018, make sure that the NAT service plan has unused public IP addresses.
  • To create a SNAT entry for a VSwitch, make sure that the VSwitch is created in the VPC network that is associated with the NAT gateway. For more information, see Create a VSwitch.
  • To create a SNAT entry for an ECS instance, make sure that the ECS instance is created in the VPC network that is associated with the NAT gateway. For more information, see Create an instance by using the provided wizard.

Procedure

  1. Log on to the NAT Gateway console.
  2. In the top navigation bar, select the region where the NAT gateway is created.
  3. On the NAT Gateway page, find the NAT gateway that you want to manage, and click Configure SNAT in the Actions column.
  4. In the Used in SNAT Entry section, click Create SNAT Entry.
  5. In the Create SNAT Entry dialog box, set the following parameters, and click OK.
    Parameter Description
    VSwitch Granularity: All ECS instances attached to the VSwitch use the specified EIP to access the Internet.
    VSwitch Select the VSwitch that is used to forward traffic destined for the Internet. All ECS instances attached to the VSwitch can access the Internet by using SNAT.
    Note For example, if an ECS instance is assigned a static public IP address, associated with an EIP, or configured with DNAT IP mapping, such an ECS instance uses the preceding methods to access the Internet instead of SNAT. For more information about how to set ECS instances in a VPC network to use the same public IP address, see Attach an ENI to an ECS that is allocated with an public IP address, Attach an ENI to an ECS instance associated with an EIP and Attach an ENI to an ECS instance configured with DNAT IP mapping.
    VSwitch CIDR Block The CIDR block of the VSwitch.
    Public IP Address Select the EIP that is used to access the Internet.
    You can select multiple EIPs to create a SNAT address pool. When an ECS instance in a VPC network needs to access the Internet, an EIP in the SNAT address pool is randomly assigned to the ECS instance.
    Note If you select multiple EIPs to create a SNAT address pool, make sure that you have added all EIPs to one EIP service plan.
    The following limits apply to the EIPs in the SNAT address pool:
    • The maximum bandwidth of each EIP is 200 Mbit/s.
    • The maximum concurrent connections of each EIP are 55,000.
    To make full use of your EIP service plan and avoid port conflicts caused by insufficient EIPs, we recommend that you add EIPs to the SNAT address pool based on the following considerations:
    • If the maximum bandwidth of the EIP service plan is 1,024 Mbit/s, configure at least five EIPs for each SNAT entry.
    • If the maximum bandwidth of the EIP service plan exceeds 1,024 Mbit/s, configure one more EIP for each SNAT entry for each additional 200 Mbit/s.
    Note An EIP that has been used in a DNAT entry cannot be used in a SNAT entry.
    Entry Name Enter a name for the SNAT entry.

    The name must be 2 to 128 characters in length, and can contain digits, underscores (_), and hyphens (-). It must start with a letter or Chinese character.

    ECS granularity: The ECS instances access the Internet by using the public IP addresses specified for the SNAT entry.
    Available ECS Instances Select the ECS instance that needs to access the Internet.
    The selected ECS instance accesses the Internet by using the specified EIP. Make sure that the following requirements are met:
    • The ECS instance is in the Running state.
    • The ECS instance is not assigned an EIP or static public IP address.
    ECS CIDR Block The CIDR block of the ECS instance.
    Public IP Address Select the EIP that is used to access the Internet.
    You can select multiple EIPs to create a SNAT address pool. When an ECS instance in a VPC network needs to access the Internet, an EIP in the SNAT address pool is randomly assigned to the ECS instance.
    Note If you select multiple EIPs to create a SNAT address pool, make sure that you have added all EIPs to one EIP service plan.
    The following limits apply to the EIPs in the SNAT address pool:
    • The maximum bandwidth of each EIP is 200 Mbit/s.
    • The maximum concurrent connections of each EIP are 55,000.
    To make full use of your EIP service plan and avoid port conflicts caused by insufficient EIPs, we recommend that you add EIPs to the SNAT address pool based on the following considerations:
    • If the maximum bandwidth of the EIP service plan is 1,024 Mbit/s, configure at least five EIPs for each SNAT entry.
    • If the maximum bandwidth of the EIP service plan exceeds 1,024 Mbit/s, configure one more EIP for each SNAT entry for each additional 200 Mbit/s.
    Note An EIP that has been used in a DNAT entry cannot be used in a SNAT entry.
    Entry Name Enter a name for the SNAT entry.

    The name must be 2 to 128 characters in length, and can contain digits, underscores (_), and hyphens (-). It must start with a letter or Chinese character.