This topic provides answers to some frequently asked questions (FAQ) about how to upgrade standard Internet NAT gateways to enhanced Internet NAT gateways.

Does Alibaba Cloud charge an upgrade fee if I upgrade a standard Internet NAT gateway to an enhanced Internet NAT gateway?

You can upgrade a standard Internet NAT gateway to an enhanced Internet NAT gateway free of charge.
  • After a pay-as-you-go Internet NAT gateway is upgraded, the billing cycle changes from daily to hourly. However, the total cost does not change. For example, before a small-sized Internet NAT gateway is upgraded, the unit price is CNY 12/day. After the small-sized NAT gateway is upgraded, the unit price is CNY 0.5/hour (CNY 0.5/hour × 24 hours = CNY 12/day).
  • After a subscription Internet NAT gateway is upgraded, the billing remains unchanged.

Does the upgrade have negative impacts on my workloads?

It takes approximately 5 minutes to upgrade a standard Internet NAT gateway to an enhanced Internet NAT gateway. During the upgrade process, the NAT gateway may experience one or two transient connections that last a few seconds. The service resumes after your workloads are reconnected.

Can I roll back an upgrade?

  • The system monitors the process when you upgrade a standard Internet NAT gateway to an enhanced Internet NAT gateway. If an exception occurs during the upgrade, the system rolls back the upgrade.
  • If an exception occurs after the upgrade is completed, you can contact technical support to downgrade the enhanced Internet NAT gateway to a standard Internet NAT gateway. For more information, see Contact us.

After a standard Internet NAT gateway is upgraded to an enhanced Internet NAT gateway, are the configurations and public IP addresses of the standard Internet NAT gateway changed?

The configurations of the elastic IP addresses (EIPs), SNAT rules, and DNAT rules of the standard Internet NAT gateway remain unchanged during the upgrade. You do not need to modify the configurations after the Internet NAT gateway is upgraded.

If the standard Internet NAT gateway to be upgraded is associated with NAT service plans, the public IP addresses provided by the NAT service plans are converted to EIPs. The bandwidth limit and billing method remain unchanged after the NAT service plans are converted to EIP bandwidth plans. Only the NAT service plans are converted to EIP bandwidth plans. The IP addresses, SNAT rules, and DNAT rules remain unchanged. For more information, see Upgrade notes for standard Internet NAT gateways that are associated with NAT service plans.

When does Alibaba Cloud discontinue standard Internet NAT gateways? Can I continue to use my standard Internet NAT gateways after Alibaba Cloud discontinues them?

Alibaba Cloud discontinued standard Internet NAT gateways in November 2020. Standard Internet NAT gateways are no longer updated. However, you can continue to use your purchased standard Internet NAT gateways. Enhanced Internet NAT gateways are highly scalable and provide advanced features. To improve how you can manage your services, we recommend that you use the following methods to upgrade your standard Internet NAT gateways:

If you encounter problems during the upgrade process, see Contact us.

How can I upgrade a standard Internet NAT gateway to an enhanced Internet NAT gateway?

You can use one of the following methods:

What are the differences between enhanced Internet NAT gateways and standard Internet NAT gateways?

Feature Enhanced Internet NAT gateway Standard Internet NAT gateway References
Whether a vSwitch must be associated when you create or upgrade an Internet NAT gateway Yes No Create an Internet NAT gateway
Whether an IP address must be assigned from a vSwitch to an Internet NAT gateway Yes No
Associating a vSwitch with an Internet NAT gateway Supported Not supported
Deploying multiple Internet NAT gateways in the same VPC Supported Not supported Deploy multiple NAT gateways in one VPC
Pay-as-you-go Supported Not supported Pay-as-you-go
Billing on an hourly basis Supported Not supported
Billing on a daily basis Not supported Supported
Processing TCP, UDP, and ICMP segments Supported Not supported
Number of metrics 22 4 Monitor and maintain Internet NAT gateways
Network traffic monitoring (TOP ECS) Supported Not supported View traffic monitoring data collected by NAT gateways
Elastic Compute Service (ECS) instances using SNAT to access services that use DNAT on the same Internet NAT gateway Not supported Supported N/A
Using an EIP for both SNAT and DNAT Supported Not supported Associate an EIP with a NAT gateway

Do enhanced Internet NAT gateways support zone-disaster recovery?

Yes, enhanced Internet NAT gateways support zone-disaster recovery.

When you create an enhanced Internet NAT gateway or upgrade a standard Internet NAT gateway to an enhanced Internet NAT gateway, you need to specify only the vSwitch for the primary zone. You do not need to specify the vSwitch for the secondary zone. When the primary zone is down, the enhanced Internet NAT gateway automatically performs zone-disaster recovery.

How can I upgrade a standard Internet NAT gateway that is associated with NAT service plans?

NAT service plans cannot be associated with enhanced Internet NAT gateways. You can create a schedule to upgrade a standard Internet NAT gateway that is associated with NAT service plans in the console. You can also convert the NAT service plans to EIP bandwidth plans before you upgrade the standard Internet NAT gateway. For more information, see How can I upgrade a standard NAT gateway to an enhanced NAT gateway?

Why am I unable to find the upgrade option for upgrading my standard Internet NAT gateway in the console?

The upgrade option is unavailable in the console if your standard Internet NAT gateway is included in an upgrade blacklist due to one of the following reasons:

  • DNAT IP mapping or SNAT is configured on your standard Internet NAT gateway for accessing an EIP in a DNAT entry on the same gateway.
  • An ECS instance in the VPC where your standard Internet NAT gateway is deployed has multiple ENIs and EIPs are associated with the ENIs.
  • The total bandwidth of the NAT service plans and the EIPs that are associated with your standard Internet NAT gateway exceeds the limit, which is 5 Gbit/s.

If your standard Internet NAT gateway does not meet the preceding conditions, you can contact Alibaba Cloud to remove your Internet NAT gateway from the blacklist. Then, you can upgrade the Internet NAT gateway in the console. For more information, see Contact us. If your standard Internet NAT gateway meets one of the preceding conditions, you can also contact Alibaba Cloud to assist you with the upgrade.

Why is a new security group created after my standard Internet NAT gateway is upgraded to an enhanced Internet NAT gateway?

When you create an enhanced Internet NAT gateway, you must associate a vSwitch with the enhanced NAT gateway. The vSwitch assigns a private IP address to the Internet NAT gateway and creates an ENI in the VPC where the NAT gateway is deployed. The vSwitch also creates a security group and associates the security group with the ENI. You are not allowed to modify this security group.

What are the permissions required for upgrading a standard Internet NAT gateway?

NAT Gateway must create an ENI in the VPC where the standard Internet NAT gateway that you want to upgrade is deployed. To create an ENI in the VPC, you must create the required service-linked role for NAT Gateway. After you create the service-linked role, NAT Gateway creates only one ENI and one security group. No other operations are performed. For more information, see Service-linked roles for NAT Gateway.

Multiple ENIs are attached to an ECS instance, and an EIP is associated with one of the ENIs. Why do I fail to access the EIP of the ECS instance after I upgrade my standard Internet NAT gateway to an enhanced Internet NAT gateway?

Multiple ENIs are attached to an ECS instance, and an EIP is associated with one of the ENIs. Different ENIs are used to forward the inbound and outbound traffic of the ECS instance. After you upgrade your standard Internet NAT gateway to an enhanced Internet NAT gateway, the network traffic of the ECS instance is blocked. To avoid this issue, you must modify the route of the ECS instance before you upgrade the standard Internet NAT gateway to an enhanced Internet NAT gateway. Make sure that the inbound and outbound traffic of the ECS instance is forwarded by using the same ENI. For more information, see Configure routes for ENIs.

Why am I unable to obtain monitoring data by calling the CloudMonitor API after I upgrade a standard Internet NAT gateway to an enhanced Internet NAT gateway?

Enhanced Internet NAT gateways support more metrics than standard Internet NAT gateways and some metrics use different names from those supported by standard Internet NAT gateways. Therefore, you cannot collect monitoring data from an enhanced Internet NAT gateway if you specify the names of metrics supported by standard Internet NAT gateways when you call the DescribeMetricList operation. You must specify the names of metrics supported by enhanced Internet NAT gateways when you collect monitoring data from an enhanced NAT gateway. For more information, see Monitoring metrics of Enhanced NAT gateways.

After I convert a NAT service plan to an EIP bandwidth plan, why am I unable to collect the original metrics?

After you convert a NAT service plan to an EIP bandwidth plan, the metrics supported by the NAT service plan become invalid. You can view the metrics supported by the EIP bandwidth plan. For more information, see Metrics for EIP bandwidth plans.

Contact us

If you have questions about NAT gateway upgrades, search for the DingTalk group ID 35128151 or scan the following QR code to join the DingTalk group for technical support. DingTalk group for NAT service plans