Adds a Source Network Address Translation (SNAT) entry to an SNAT table.

Description

You can call this operation to add SNAT entries to Internet NAT gateways and virtual private cloud (VPC) NAT gateways. In this topic, a NAT gateway refers to both gateway types.

Before you call this operation, take note of the following limits:

  • CreateSnatEntry is an asynchronous operation. After you make a request, an SNAT entry ID is returned but the specified SNAT entry is not added. The system adds the entry in the background. You can call the DescribeSnatTableEntries operation to query the status of the SNAT entry.
    • When the SNAT entry is in the Pending state, the system is adding the SNAT entry. You can only query the status of the SNAT entry, and cannot perform other operations.
    • When the SNAT entry is in the Available state, the SNAT entry is added.
  • The vSwitch and Elastic Compute Service (ECS) instance specified in the SNAT entry must be created in the virtual private cloud (VPC) where the NAT gateway is deployed.
  • Each vSwitch or ECS instance can be specified in only one SNAT entry.
  • If a high-availability virtual IP address (HAVIP) exists in the vSwitch, you cannot create SNAT entries.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates a sample code of the operation for different SDKs.

Request parameters

Parameter Type Required Example Description
Action String Yes CreateSnatEntry

The operation that you want to perform. Set the value to CreateSnatEntry.

RegionId String Yes cn-hangzhou

The ID of the region where the NAT gateway is deployed.

You can call the DescribeRegions operation to query the most recent region list.

SnatIp String Yes 47.98.XX.XX
  • The elastic IP addresses (EIPs) in the SNAT entry when you add an SNAT entry to an Internet NAT gateway. Separate EIPs with commas (,).
    Note If you select multiple EIPs to create an SNAT address pool, connections are hashed to these EIPs. Network traffic may not be evenly distributed to the EIPs because the amount of traffic passes through each connection varies. We recommend that you associate these EIPs with the same EIP bandwidth plan to prevent service interruptions due to the bandwidth limit of an individual EIP.
  • When you add an SNAT entry to a VPC NAT gateway, this parameter specifies the NAT IP address in the SNAT entry.
SnatTableId String Yes stb-bp190wu8io1vgev****

The ID of the SNAT table.

SourceVSwitchId String No vsw-bp1nhx2s9ui5o****

The ID of the vSwitch.

  • When you add an SNAT entry to an Internet NAT gateway, this parameter specifies that Elastic Compute Service (ECS) instances in the vSwitch can use the SNAT entry to access the Internet. If you select multiple EIPs to create an SNAT address pool, connections are hashed to these EIPs. Network traffic may not be evenly distributed to the EIPs because the amount of traffic passes through each connection varies. We recommend that you associate these EIPs with the same EIP bandwidth plan to prevent service interruptions due to the bandwidth limit of an individual EIP.
  • When you add an SNAT entry to a VPC NAT gateway, this parameter specifies that ECS instances in the vSwitch can use the SNAT entry to access external networks.
SourceCIDR String No 10.1.1.0/24

You can specify the CIDR block of a VPC, a vSwitch, or an ECS instance or enter a custom CIDR block.

You can specify an SNAT entry in the following ways:

  • You can specify the CIDR block of the VPC where the NAT gateway is deployed. Then, all ECS instances in the VPC can access the Internet or external networks by using SNAT.
  • You can specify the CIDR block of a vSwitch, for example, 192.168.1.0/24. Then, the ECS instances in the vSwitch can access the Internet or external networks by using SNAT.
  • You can specify the IP address of an ECS instance, for example, 192.168.1.1/32. Then, the ECS instance can access the Internet or external networks by using SNAT.
  • You can specify a custom CIDR block. Then, all ECS instances within the specified CIDR block can access the Internet or external networks by using SNAT.

When you add an SNAT entry to an Internet NAT gateway, if SnatIp is set to an EIP, the ECS instance uses the specified EIP to access the Internet.

If SnatIp is set to multiple EIPs, the ECS instance randomly selects an EIP specified in the SnatIp parameter to access the Internet.

You cannot set this parameter and SourceVSwtichId at the same time. If the SourceVSwitchId parameter is set, you cannot set the SourceCIDR parameter. If the SourceCIDR parameter is set, you cannot set the SourceVSwitchId parameter.

SnatEntryName String No SnatEntry-1

The name of the SNAT entry.

The name must be 2 to 128 characters in length. It must start with a letter but cannot start with http:// or https://.

ClientToken String No 02fb3da4-130e-11e9-8e44****

The client token that is used to ensure the idempotence of the request. You can use the client to generate the value, but you must make sure that it is unique among different requests. ClientToken can contain only ASCII characters and cannot exceed 64 characters in length.

Response parameters

Parameter Type Example Description
SnatEntryId String snat-kmd6nv8fy****

The ID of the SNAT entry.

RequestId String 2315DEB7-5E92-423A-91F7-4C1EC9AD97C3

The ID of the request.

Examples

Sample requests

http(s)://[Endpoint]/?Action=CreateSnatEntry
&RegionId=cn-hangzhou
&SnatIp=47.XX.XX.98
&SnatTableId=stb-bp190wu8io1vgev****
&<Common request parameters>

Sample success responses

XML format

<CreateSnatEntryResponse>
      <RequestId>2315DEB7-5E92-423A-91F7-4C1EC9AD97C3</RequestId>
      <SnatEntryId>snat-119smw5tkx****</SnatEntryId>
</CreateSnatEntryResponse>

JSON format

{
    "SnatEntryId": "snat-kmd6nv8fyx****",
    "RequestId": "2315DEB7-5E92-423A-91F7-4C1EC9AD97C3"
}

Error codes

HttpCode Error code Error message Description
400 Forbidden.SourceVSwitchId.IncludeHaVip There is some HaVips under specified VSwitch The error message returned because the specified vSwitch is associated with HAVIPs.
400 InvalidSnatIp.Malformed The specified SnatIp is not a valid IP address. The error message returned because the specified EIP is invalid.
400 SNAT_IP_POOL_COUNT_TOO_MANY The Snat pool ip too many. The error message returned because the number of IP addresses in the SNAT IP address pool has reached the upper limit.
400 Forbidden.SnatEntryCountLimited SNAT entry in the specified SNAT table reach it?s limit. The error message returned because the number of SNAT entries has reached the upper limit.
400 NOT_ALLOW_USE_SOURCECIDR The User not in nat_scope_unlimited white list. Cannot use SourceCidr param. The error message returned because the specified private IP address does not fall within the CIDR block of the VPC.
400 INVALID_PARAMETER The parameter invalid. The error message returned because the specified parameter value is invalid.
400 Forbidden.SourceVSwitchId.Duplicated The specified SourceCIDRis duplicated. The error message returned because an SNAT entry is already created for the specified vSwitch.
400 Forbidden.IpUsedInForwardTable The specified SnatIp already used in forward table The error message returned because the specified EIP is already used by a DNAT entry. Select another EIP or delete the DNAT rule that uses the specified EIP.
400 Forbindden The specified Instance already bind eip The error message returned because the ECS instance is associated with an EIP. Disassociate the EIP from the ECS instance before you create forwarding rules.
400 OperationUnsupported.CidrConflict The specified CIDR block conflicts with an existing SNAT entry. The error message returned because the specified CIDR block conflicts with those in existing SNAT entries.
400 InvalidParameter.Name.Malformed The specified Name is not valid. The error message returned because the specified name format is invalid.
404 InvalidRegionId.NotFound The specified RegionId does not exist in our records. The error message returned because the specified region ID does not exist.
404 InvalidSnatTableId.NotFound Specified SNAT table does not exist. The error message returned because the specified SNAT table does not exist. Check whether the ID of the SNAT table is valid.
404 InvalidVSwitchId.NotFound The specified virtual switch does not exists. The error message returned because the specified vSwitch does not exist. Check whether the specified ID is valid.
404 InvalidSnatIp.NotFound Specified SnatIp does not found on the NAT Gateway The error message returned because the specified EIP is not found on the NAT gateway.

For a list of error codes, visit the API Error Center.