Alibaba Cloud has released Virtual Private Cloud (VPC) NAT gateways. VPC NAT gateways allow you to create custom SNAT and DNAT entries to translate private IP addresses. This way, multiple networks in a hybrid cloud can access each other by using static IP addresses. VPCs that have conflicting CIDR blocks can also access each other by using VPC NAT gateways.

Introduction

VPC NAT gateways provide NAT services to Elastic Compute Service (ECS) instances in a VPC. The ECS instances can use the NAT IP addresses to access your data center or other VPCs, or provide services to external networks.

You can log on to the VPC NAT Gateway console to use VPC NAT gateways.

Billing method

VPC NAT gateways support the pay-as-you-go billing method. For more information, see Billing of VPC NAT gateways

Pay-as-you-go VPC NAT gateways provide high and stable performance that can withstand traffic spikes.
Specification Maximum number of concurrent connections Maximum number of new connections Throughput
Default 2,000,000 100,000 5 Gbit/s to 15 Gbit/s (automatic scaling)
Maximum quota that you can apply for by submitting a ticket 10,000,000 1,000,000 100 Gbit/s

Procedure

  1. Create a VPC NAT gateway:
    1. Select the region and the VPC that requires private address translation.
    2. Select the vSwitch that requires private address translation. The vSwitch must be different from the vSwitch where the ECS instance that uses the VPC NAT gateway is created. To facilitate route configuration, we recommend that you use an independent vSwitch for the VPC NAT gateway.
  2. Configure routes:
    1. Create a custom route table and associate it with the vSwitch to which the VPC NAT gateway belongs. Then, add a custom route entry that points to the destination IP address in the custom route table.
    2. Add a custom route entry that points to the VPC NAT gateway to the system route table.
  3. Configure SNAT entries or DNAT entries:
    1. Create a new NAT IP address or use the default NAT IP address based on your business requirements.
    2. When you create an SNAT entry, you can specify a VPC, a vSwitch, an ECS instance, or a custom CIDR block. When you create a DNAT entry, you can specify a private IP address to receive external requests.
    For more information, see Create and manage SNAT entries on a VPC NAT gateway or Create and manage DNAT entries on a VPC NAT gateway.