This topic describes how to purchase an Internet NAT gateway. An enhanced Internet NAT gateway is used as an example. The term "NAT gateway" in this topic refers to an Internet NAT gateway.

Prerequisites

A virtual private cloud (VPC) and a vSwitch are created. For more information, see Create an IPv4 VPC.

Create a NAT gateway

After you create the first NAT gateway in a VPC, the system automatically adds a default route 0.0.0.0/0 to the route table of the VPC. The next hop of the route is the NAT gateway. This route forwards all traffic to the NAT gateway. Traffic destined for the Internet can reach the NAT gateway only after the default route is added to the route table of the VPC. Therefore, after you create a NAT gateway, make sure that the VPC route table contains a 0.0.0.0/0 route and the next hop of the route is the NAT gateway. If the route does not exist, add one. For more information, see Create and delete route entries.

If the VPC route table already contains a 0.0.0.0/0 route before you create the NAT gateway, the system does not add another 0.0.0.0/0 route whose next hop is the NAT gateway to the VPC route table. In this case, you must change the next hop of the existing 0.0.0.0/0 route to the NAT gateway after the NAT gateway is created.

  1. Log on to the NAT Gateway console.
  2. On the Public NAT Gateway page, click Create NAT Gateway.
  3. If this is the first time you purchase a NAT gateway, you must create a service-linked role for NAT Gateway.On the NAT Gateway (Pay-As-You-Go) page, click Create in the Notes on Creating Service-linked Roles section. After a service-linked role is created, you can purchase NAT gateways.
    Create a service-linked role
  4. On the NAT Gateway (Pay-As-You-Go) page, set the following parameters and click Buy Now:
    • Region and Zone: Select the region where you want to deploy the NAT gateway.
    • Zone: Select the zone where you want to deploy the NAT gateway.
    • VPC ID: Select the VPC where you want to deploy the NAT gateway. After the NAT gateway is created, you cannot change the VPC where the NAT gateway is deployed.
      Note If you cannot find the VPC that you want to manage in the list, troubleshoot the issue by using the following methods:
      • Check whether a VPC is created in the region and zone that you selected.
      • If your account is a Resource Access Management (RAM) user, check whether the RAM user has read permissions on the VPC. If not, contact the Alibaba Cloud account owner to acquire the permissions.
    • VSwitch ID: Select the vSwitch to which the NAT gateway is attached.
    • Gateway Type: By default, Enhanced is selected.

      Enhanced NAT gateways are an upgrade from standard NAT gateways and use a more advanced architecture. Compared with standard NAT gateways, enhanced NAT gateways provide higher elasticity and stability. This helps you manage data transfer in a more efficient manner.

    • Billing Method: Select a billing method for the NAT gateway.

      Only Pay by Actual Usage is supported. For more information, see Pay-by-actual-usage.

    • Billing Cycle:displays the billing cycle of the NAT gateway.
  5. On the Confirm Order page, confirm the configuration of the NAT gateway, select the Terms of Service check box, and then click Activate Now.
    When the message Order complete. appears, the purchase is completed.

Check the result

After you create a NAT gateway, you can find the NAT gateway on the Public NAT Gateway page. Create a NAT gateway
Check the route entries of the NAT gateway in the route table, as shown in the following figure. Routes