Alibaba Cloud has released virtual private cloud (VPC) NAT gateways. VPC NAT gateways allow you to create custom SNAT and DNAT entries to translate private IP addresses. This way, multiple networks in a hybrid cloud can access each other by using static IP addresses. VPCs that have conflicting CIDR blocks can also access each other by using VPC NAT gateways.
VPC NAT gateways provide NAT services to Elastic Compute Service (ECS) instances in a VPC. The ECS instances can use the NAT IP addresses to access your data center or other VPCs, or provide services to external networks.
To purchase a VPC NAT gateway, submit a ticket.
- Allow multiple networks in a hybrid cloud to access each other by using static IP
As finance and securities industries expand their business on the cloud, these industries often create multiple private networks that can communicate with each other. In some cases, regulators may demand that the networks access each other by using static private IP addresses. You can use the SNAT and DNAT features of VPC NAT gateways to allow multiple private networks to access each other by using static private IP addresses.
- Allow VPCs that have conflicting CIDR blocks to access each other
Due to early network planning or business consolidation, you may need two VPCs that have conflicting CIDR blocks to communicate with each other. You can create a VPC NAT gateway and configure a NAT IP address for each VPC. The two NAT IP addresses cannot conflict with each other. One VPC uses SNAT to translate source IP addresses to the configured NAT IP address, which allows the VPC to access the other VPC. The other VPC uses the NAT IP address configured in the DNAT entry to provide external services. This way, the two VPCs can access each other.
VPC NAT gateways support the pay-as-you-go billing method. For more information, see VPC NAT gateway billing
|Specification||Maximum number of connections||Maximum number of new connections||Throughput|
|Maximum quota that you can apply for by submitting a ticket||10,000,000||1,000,000||100 Gbps|
Limits on instances
|Number of VPC NAT gateways that you can create for a VPC||5||Submit a ticket.|
|Number of NAT CIDR blocks that you can create for a VPC NAT gateway||50 (default NAT CIDR block included)||N/A|
|Number of IP addresses that can be included in a NAT CIDR block||50||N/A|
Limits on SNAT
|Number of SNAT entries that you can add to a VPC NAT gateway||40|
|Number of IP addresses that you can specify in an SNAT entry||1||N/A|
Limits on DNAT
|Number of DNAT entries that you can add to a VPC NAT gateway||100|
- Create a VPC NAT gateway:
- Select the region and the VPC that requires private address translation.
- Select the vSwitch that requires private address translation. The vSwitch must be different from the vSwitch where the ECS instance that uses the VPC NAT gateway is created. To facilitate route configuration, we recommend that you use an independent vSwitch for the VPC NAT gateway.
- Configure routes:
- Create a custom route table and associate it with the vSwitch to which the VPC NAT gateway belongs. Then, add a custom route entry that points to the destination IP address in the custom route table.
- Add a custom route entry that points to the VPC NAT gateway in the system route table.
- Configure SNAT entries or DNAT entries:
- Create a new NAT IP address or use the default NAT IP address based on your business requirements.
- When you create an SNAT entry, you can specify a VPC, a vSwitch, an ECS instance, or a custom CIDR block. When you create a DNAT entry, you can specify a private IP address to receive external requests.