All Products
Search
Document Center

NAT Gateway:What is a VPC NAT gateway?

Last Updated:Feb 04, 2024

Virtual Private Cloud (VPC) NAT gateways provide private NAT services to Elastic Compute Service (ECS) instances in a VPC. The ECS instances can use NAT IP addresses to access your data center or other VPCs, or provide services to external private networks.

Features

VPC NAT gateways provide the SNAT and DNAT features. The following table describes the features.

Feature

Description

References

SNAT

ECS instances in a VPC use the IP addresses specified in SNAT entries to access external private networks.

Create and manage SNAT entries on a VPC NAT gateway

DNAT

ECS instances in a VPC use the IP addresses and ports specified in DNAT entries to provide services to external private networks.

Create and manage DNAT entries on a VPC NAT gateway

Scenarios

  • Allow multiple networks in a hybrid cloud to access each other by using static IP addresses

    As finance and securities industries expand their business in the cloud, these industries often create multiple private networks that can communicate with each other. In some cases, regulators may demand that the networks access each other by using static private IP addresses. You can use the SNAT and DNAT features of VPC NAT gateways to allow multiple private networks to access each other by using static private IP addresses.混合云互访

  • Allow VPCs that have conflicting CIDR blocks to access each other

    Due to early network planning or business consolidation, you may need two VPCs that have overlapping CIDR blocks to communicate with each other. You can create a VPC NAT gateway and configure a NAT IP address for each VPC. The two NAT IP addresses cannot conflict with each other. One VPC uses SNAT to translate source IP addresses to the configured NAT IP address, which allows the VPC to access the other VPC. The other VPC uses the NAT IP address configured in the DNAT entry to provide external services. This way, the two VPCs can access each other.地址冲突

Usage notes

  • When you create a VPC NAT gateway, you must select a VPC and a vSwitch in the VPC. To facilitate route configuration, we recommend that you use a vSwitch that is exclusive to the VPC NAT gateway.

  • NAT IP addresses are IP addresses specified in SNAT or DNAT entries. After you create a VPC NAT gateway, the CIDR block of the vSwitch that you specify for the VPC NAT gateway is used as the default NAT CIDR block. An IP address from the default NAT CIDR block is used as the default NAT IP address. You can add IP addresses to the default CIDR block or create NAT CIDR blocks. For more information about how to use NAT CIDR blocks to configure routes, see Configure routes.

  • VPC NAT gateways can handle traffic spikes. To improve the performance of VPC NAT gateways, contact your account manager.

    MetricsSessionNewConnectionSessionActiveConnectionData forwarding
    Default metric100,0002,000,0005 Gbit/s to 15 Gbit/s (automatic scaling)
    The following content describes the preceding metrics:
    • SessionNewConnection: the number of new connections per second.
    • SessionActiveConnection: the number of concurrent connections per minute.
    • Data forwarding: the amount of inbound and outbound traffic processed per hour.

Limits

Item

Default value

Adjustable

Limits on instances

Maximum number of VPC NAT gateways that you can create for a VPC

5

You can request a quota increase by using one of the following methods:

Maximum number of NAT CIDR blocks that you can create for a VPC NAT gateway

50 (default NAT CIDR block included)

N/A

Maximum number of IP addresses that can be included in a NAT CIDR block

50

Limits on SNAT

Maximum number of SNAT entries that you can create on a VPC NAT gateway

40

You can request a quota increase by using one of the following methods:

Maximum number of IP addresses that you can specify in an SNAT entry

1

N/A

Limits on DNAT

Maximum number of DNAT entries that you can create on a VPC NAT gateway

100

You can request a quota increase by using one of the following methods:

Service