This topic describes how to create Source Network Address Translation (SNAT) entries on a NAT gateway. SNAT enables Elastic Compute Service (ECS) instances in a Virtual Private Cloud (VPC) network to access the Internet through a NAT gateway when these ECS instances are not assigned public IP addresses.

Prerequisites

Before you create a SNAT entry, make sure that the following requirements are met:
  • A NAT gateway is created and associated with an elastic IP address (EIP). For more information, see Create a NAT gateway and Associate an EIP with the a NAT gateway.
    Note If you purchased a NAT service plan before January 26, 2018, make sure that available public IP addresses are included in the NAT service plan.
  • To create a SNAT entry for a VSwitch, make sure that the VSwitch is created in the VPC network that is associated with the NAT gateway. For more information, see Create a VSwitch.
  • To create a SNAT entry for an ECS instance, make sure that the ECS instance is created in the VPC network that is associated with the NAT gateway. For more information, see Create an instance by using the provided wizard.

Procedure

  1. Log on to the NAT Gateway console.
  2. In the top navigation bar, select the region where the NAT gateway is deployed.
  3. On the NAT Gateway page, find the target NAT gateway and click Configure SNAT in the Actions column.
  4. On the SNAT Table page, click Create SNAT Entry.
  5. In the Create SNAT Entry dialog box, set the following parameters, and click OK.
    Parameter Description
    VSwitch Granularity
    VSwitch Select the VSwitch for which you want to create the SNAT entry in the associated VPC network. All ECS instances attached to the VSwitch can access the Internet by using the SNAT entry.
    Note SNAT entries do not take effect on ECS instances that are assigned public IP addresses. For example, an ECS instance may be assigned a static public IP address, associated with an EIP, or configured with a Destination Network Address Translation (DNAT) IP mapping. Such an ECS instance uses the public IP address instead of the SNAT entry to access the Internet. For more information about how to set ECS instances in a VPC network to use the same public IP address, see Attach an ENI to an ECS that is allocated with an public IP address, Attach an ENI to an ECS instance associated with an EIP and Attach an ENI to an ECS instance configured with DNAT IP mapping.
    VSwitch CIDR Block The CIDR block of the selected VSwitch.
    Public IP Address Select the public IP address that is used to access the Internet.
    You can select more than one public IP address to form a SNAT IP address pool.
    Note If you select more than one public IP address, make sure that all public IP addresses are added to the same EIP bandwidth plan.
    The maximum bandwidth for each public IP address in a SNAT IP address pool is 200 Mbit/s. To fully utilize the EIP bandwidth plan and avoid port conflicts caused by insufficient public IP addresses, add public IP addresses to the SNAT IP address pool based on the following rules:
    • If the maximum bandwidth of the EIP bandwidth plan is 1,024 Mbit/s, add at least five public IP addresses to the SNAT IP address pool.
    • For each additional 200 Mbit/s added to the maximum bandwidth of the EIP bandwidth plan, add at least one public IP address to the SNAT IP address pool.
    Note A public IP address that is already used in a DNAT entry cannot be used to create a SNAT entry.
    Entry Name Enter a name for the SNAT entry.

    The name must be 2 to 128 characters in length, and can contain digits, underscores (_), and hyphens (-). It must start with a letter or Chinese character.

    ECS Granularity
    Available ECS Instances Select the ECS instance for which you want to create the SNAT entry in the associated VPC network.
    The selected ECS instance can access the Internet by using the specified public IP address. Make sure that the following conditions are met:
    • The ECS instance is in the Running state.
    • The ECS instance is not associated with an EIP or assigned a static public IP address.
    ECS CIDR Block The CIDR block of the ECS instance.
    Public IP Address Select the public IP address that is used to access the Internet.
    You can select more than one public IP address to form a SNAT IP address pool.
    Note If you select more than one public IP address, make sure that all public IP addresses are added to the same EIP bandwidth plan.
    The maximum bandwidth for each public IP address in a SNAT IP address pool is 200 Mbit/s. To fully utilize the EIP bandwidth plan and avoid port conflicts caused by insufficient public IP addresses, add public IP addresses to the SNAT IP address pool based on the following rules:
    • If the maximum bandwidth of the EIP bandwidth plan is 1,024 Mbit/s, add at least five public IP addresses to the SNAT IP address pool.
    • For each additional 200 Mbit/s added to the maximum bandwidth of the EIP bandwidth plan, add at least one public IP address to the SNAT IP address pool.
    Note A public IP address that is already used in a DNAT entry cannot be used to create a SNAT entry.
    Entry Name Enter a name for the SNAT entry.

    The name must be 2 to 128 characters in length, and can contain digits, underscores (_), and hyphens (-). It must start with a letter or Chinese character.