Enhanced Internet NAT gateways are an upgrade from standard Internet NAT gateways and use a more advanced architecture. Compared with standard Internet NAT gateways, enhanced Internet NAT gateways provide higher elasticity and stability. This helps you manage data transfer in a more efficient manner. The term "enhanced NAT gateway" in this topic refers to an enhanced Internet NAT gateway.


Enhanced NAT gateways are upgraded from the technical architecture of standard NAT gateways and have the following features: higher performance, higher elasticity, flexible billing, and fine-grained maintenance. Features


Enhanced NAT gateways and standard NAT gateways support basic features such as DNAT and SNAT for Internet access. Enhanced NAT gateways provide new features in addition to the features of standard NAT gateways. The new features include:
  • More metrics for data transfer monitoring

    Up to 22 metrics are collected to monitor data transfer in real time. This helps you ensure system stability. For more information, see Monitor and maintain Internet NAT gateways.

  • Multiple NAT gateways in one virtual private cloud (VPC)

    You can create multiple enhanced NAT gateways in one VPC to forward traffic to different IP addresses. This way, you can better manage traffic that is destined for the Internet. You can also use security services to protect each NAT gateway based on your business requirements.

    You can add the same SNAT entry to multiple NAT gateways to access the Internet, or add the same DNAT entry to multiple NAT gateways to provide Internet-facing services. You can also configure routes to forward network traffic to a specified egress.

    • To replace a standard NAT gateway with an enhanced NAT gateway, you must reconfigure the routes. This may cause transient connections. To minimize the impact of transient connections on your business, we recommend that you reconfigure the routes during off-peak hours.
    • If you create both SNAT and DNAT entries on an enhanced NAT gateway, the Elastic Compute Service (ECS) instances cannot use SNAT to access services that use DNAT of the same enhanced NAT gateway to provide external access in the same VPC. If you want the ECS instances to access the services that use DNAT to provide external access in the same VPC, we recommend that you create another enhanced NAT gateway. Then, create DNAT entries on one NAT gateway and create SNAT entries on the other NAT gateway.
  • High and guaranteed performance to withstand traffic spikes (pay-as-you-go NAT gateways)
    Specification Maximum number of connections Maximum number of new connections Throughput
    Default 2,000,000 100,000 5 Gbps
    Maximum quota that you can apply for by submitting a ticket 10,000,000 1,000,000 100 Gbps

Manage enhanced NAT gateways

Enhanced NAT gateways are used in the same way as standard NAT gateways. However, when you create an enhanced NAT gateway, you must specify the gateway type, and the virtual private cloud (VPC) and vSwitch that you want to associate with the enhanced NAT gateway. After the enhanced NAT gateway is created, the system assigns an idle private IP address from the vSwitch to the enhanced NAT gateway.

For more information about how to create an enhanced NAT gateway, see Purchase an Internet NAT gateway.