This topic describes the limits on NAT Gateway and how to apply for a quota increase.

Internet NAT gateways

Instance limits

Item Limit Adjustable
Number of enhanced Internet NAT gateways that you can create for a virtual private cloud (VPC) 5 Submit a ticket.
Number of standard Internet NAT gateways that you can create for a VPC 1 N/A
Number of elastic IP addresses (EIPs) that you can associate with an Internet NAT gateway 20. You can associate at most 10 pay-by-data-transfer EIPs with an Internet NAT gateway.

You can go to the Quota Management page to request a quota increase. For more information, see Manage quotas.

Number of pay-by-data-transfer EIPs that you can associate with an Internet NAT gateway 10
Creating an Internet NAT gateway for a VPC that contains a custom route entry whose destination CIDR block is 0.0.0.0/0
  • You can create enhanced Internet NAT gateways for the VPC.
  • You cannot create standard Internet NAT gateways for the VPC.
    Note If you want to create standard Internet NAT gateways for the VPC, you must first delete the custom route entry whose destination CIDR block is 0.0.0.0/0.
N/A

SNAT limits

Item Limit Adjustable
Number of SNAT entries that you can add to an Internet NAT gateway 40

You can go to the Quota Management page to request a quota increase. For more information, see Manage quotas.

Number of EIPs that you can specify in a SNAT entry 64 N/A
Whether the bandwidth of a vSwitch is limited by the bandwidth limit of the EIPs in the SNAT entry that is created for the vSwitch Yes
Note If the EIPs are associated with an EIP bandwidth plan, the bandwidth of the vSwitch is limited by the bandwidth limit of the EIP bandwidth plan.
N/A
Whether the number of concurrent connections is limited by the number of EIPs specified in a SNAT entry When ECS instances that are not assigned public IP addresses or EIPs use an Internet NAT gateway to access an IP address and port over the Internet, the number of concurrent connections supported by the Internet NAT gateway is N × 55,000. N is the number of EIPs specified in the SNAT entry.
The bandwidth limit of each EIP in a SNAT entry If you specify multiple EIPs when you create a SNAT entry, network traffic is distributed to the EIPs based on a specific hashing algorithm instead of evenly distributed across the EIPs. This may cause bandwidth overage of individual EIPs and result in service interruptions. To solve this problem, we recommend that you associate the EIPs with an EIP bandwidth plan so that bandwidth can be evenly allocated to each EIP.
  • For enhanced Internet NAT gateways, the bandwidth of EIPs that are added to the SNAT IP address pool is unlimited.
  • The bandwidth limit of each EIP in the SNAT IP address pool of a standard Internet NAT gateway is 200 Mbit/s. To maximize the usage of your EIP bandwidth plan and prevent port conflicts caused by EIP exhaustion, we recommend that you add EIPs to the SNAT IP address pool based on the following rules:
    • If the bandwidth limit of the EIP bandwidth plan is 1,024 Mbit/s, specify at least five EIPs in each SNAT entry.
    • If the bandwidth limit of the EIP bandwidth plan is higher than 1,024 Mbit/s, specify an additional EIP in each SNAT entry for every 200 Mbit/s that exceeds 1,024 Mbit/s.

For more information, see Create a SNAT IP address pool.

Notice If the EIPs in the SNAT IP address pool are associated with an EIP bandwidth plan, your service may be temporarily interrupted when you make the following changes to the EIP bandwidth plan:
  • Change the bandwidth limit from a value lower than 1 Gbit/s to a value greater than 1 Gbit/s.
  • Change the bandwidth limit from a value greater than 1 Gbit/s to a value lower than 1 Gbit/s.

We recommend that you enable automatic reconnection for your workloads to minimize the impact of service interruptions.

DNAT limits

Item Limit Adjustable
Number of DNAT entries that you can add to an Internet NAT gateway 100

You can go to the Quota Management page to request a quota increase. For more information, see Manage quotas.

Creating DNAT entries for ECS instances with which EIPs are associated Not supported.

Before you can create DNAT entries for the ECS instances, you must disassociate the EIPs from the ECS instances. For more information, see Disassociate an EIP from a cloud resource and Configure DNAT to provide Internet-facing services.

Note If you create a DNAT entry for an ECS instance that is associated with an EIP, the ECS instance preferentially uses the EIP to communicate with the Internet.
N/A

VPC NAT gateways

Instance limits

Item Limit Adjustable
Number of VPC NAT gateways that you can create for a VPC 5 Submit a ticket.
Number of NAT CIDR blocks that you can create for a VPC NAT gateway 50 (default NAT CIDR block included) N/A
Number of IP addresses that can be included in a NAT CIDR block 50 N/A

SNAT limits

Item Limit Adjustable
Number of SNAT entries that you can add to a VPC NAT gateway 40

You can go to the Quota Management page to request a quota increase. For more information, see Manage quotas.

Number of IP addresses that you can specify in a SNAT entry 1 N/A

DNAT limits

Item Limit Adjustable
Number of DNAT entries that you can add to a VPC NAT gateway 100

You can go to the Quota Management page to request a quota increase. For more information, see Manage quotas.