Alibaba Cloud released enhanced NAT gateways that support all features of standard NAT gateways. Compared with standard NAT gateways, enhanced NAT gateways use an upgraded technical architecture. This ensures higher elasticity and stability and helps you better manage network traffic sent over the Internet.
Overview of enhanced NAT gateways
- Richer metrics for data transfer monitoring
Up to 22 metrics are collected for you to monitor data transfer in real time and ensure system stability. For more information, see View monitoring data.
- Multiple NAT gateways for one VPC network
You can create multiple enhanced NAT gateways for one VPC network to forward traffic to different IP addresses. Then, you can better manage traffic destined for the Internet. You can also use different services to protect each gateway based on your requirements.
You can also specify the same SNAT or DNAT entry on different NAT gateways, and configure routes to forward network traffic to a specific egress.
Notice To replace a standard NAT gateway with an enhanced NAT gateway, you must reconfigure the routes. This may cause transient connection errors. We recommend that you reconfigure the routes during off-peak hours. - Pay-by-data-transfer
Enhanced NAT gateways are billed on a pay-as-you-go basis instead of pay-by-specification. Therefore, you can choose enhanced NAT gateways to acquire higher performance with lower costs.Note Only enhanced NAT gateways in the Germany (Frankfurt) and UK (London) regions can be billed on a pay-by-usage basis.
Comparison between enhanced NAT gateways and standard NAT gateways
The following tables list differences and similarities in features and limits between enhanced NAT gateways and standard NAT gateways.
| Feature | Enhanced NAT gateway | Standard NAT gateway |
|---|---|---|
| Multiple NAT gateways for one VPC network | ✔ | — |
| Associate a NAT gateway with a VSwitch | ✔ | — |
| Pay-by-data-transfer | ✔ | — |
| Hourly billing cycle | ✔ | — |
| Process TCP, UDP, and ICMP segments | ✔ | — |
| Metric | 22 | 4 |
| Associate a NAT gateway with multiple elastic IP addresses (EIPs) | ✔ | ✔ |
| SNAT | ✔ | ✔ |
| Create multiple SNAT entries for a SNAT table | ✔ | ✔ |
| Associate a SNAT table with multiple EIPs | ✔ | ✔ |
| DNAT | ✔ | ✔ |
| Port mapping | ✔ | ✔ |
| IP mapping | ✔ | ✔ |
| Subscription | ✔ | ✔ |
| Daily billing cycle | — | ✔ |
| Item | Enhanced NAT gateway | Standard NAT gateway |
|---|---|---|
| The maximum number of NAT gateways that can be created for a VPC network | 5 (Submit a ticket to increase the quota) | 1 (Not adjustable) |
| Using a public IP address for both SNAT and DNAT | Not supported (Not adjustable) | Not supported (Not adjustable) |
| The maximum number of DNAT entries that can be added to a NAT gateway | 100 (To increase the quota, see Manage quotas) | 100 (To increase the quota, see Manage quotas) |
| The maximum number of SNAT entries that can be added to a NAT gateway | 40 (To increase the quota, see Manage quotas) | 40 (To increase the quota, see Manage quotas) |
| The maximum number of public IP addresses that can be associated with a SNAT entry | 64 (Not adjustable) | 64 (Not adjustable) |
| Creating a NAT gateway for a VPC network that contains a custom route entry whose destination CIDR block is 0.0.0.0/0 | Supported | No (You must delete the custom route entry 0.0.0.0/0 before you can create a NAT gateway for the VPC network) |
| Limits on VSwitch by the maximum bandwidth of the EIPs specified in the SNAT entry that is added to the VSwitch | Yes (If the EIP is added to an EIP bandwidth plan, the VSwitch is limited by the maximum bandwidth of the EIP bandwidth plan) | Yes (If the EIP is added to an EIP bandwidth plan, the VSwitch is limited by the maximum bandwidth of the EIP bandwidth plan) |
| The maximum number of EIPs that can be associated with a NAT gateway | 20 (To increase the quota, see Manage quotas) | 20 (To increase the quota, see Manage quotas) |
| The maximum number of pay-by-data-transfer EIPs that can be associated with a NAT gateway | 10 (To increase the quota, see Manage quotas) | 10 (To increase the quota, see Manage quotas) |
| The maximum bandwidth supported by a pay-by-data-transfer EIP that is associated with a NAT gateway | 200 Mbit/s (Not adjustable) | 200 Mbit/s (Not adjustable) |
| The maximum bandwidth of a NAT gateway | 5 Gbit/s (If the total bandwidth of the EIPs or EIP bandwidth plans that are associated with the VSwitch is greater than 5 Gbit/s, submit a ticket to increase the quota) | A NAT gateway does not have a bandwidth limit. The bandwidth limit depends on the
bandwidth of the EIPs that are associated with a SNAT entry or a DNAT entry, and the
bandwidth of the EIP bandwidth plans to which the EIPs are added.
For example, you create a SNAT entry for a NAT gateway, and associate the SNAT entry with five pay-by-data-transfer EIPs and two pay-by-bandwidth EIPs with 500 Mbit/s bandwidth each. The bandwidth of the NAT gateway is limited to 5 × 200 Mbit/s + 2 × 500 Mbit/s = 2,000 Mbit/s. If the seven EIPs are added to the same EIP bandwidth plan, and the bandwidth of the EIP bandwidth plan is limited to 1,000 Mbit/s, the bandwidth limit of the NAT gateway is 1,000 Mbit/s. |
| The maximum number of concurrent connections for an EIP is 55,000. | Yes | Yes |
| The maximum bandwidth of an EIP in an EIP bandwidth plan is 200 Mbit/s. | No | Yes |
| Users of NAT bandwidth plans are not allowed to associate EIPs with NAT gateways. | Yes | Yes |
| Transient connection errors occur when you change the maximum bandwidth of the EIP bandwidth plan that is associated with a NAT gateway. For example, you upgrade the maximum bandwidth from less than 1 Gbit/s to greater than 1 Gbit/s, or downgrade the maximum bandwidth from greater than 1 Gbit/s to less than 1 Gbit/s. | No | Yes |
| Transient connection errors occur because IP addresses in the existing SNAT entries are reduced. | Yes | Yes |
| Transient connection errors occur because IP addresses in the existing SNAT entries are increased. | No | Yes |
Configure an enhanced NAT gateway
