Edge NAT gateways provide DNAT and SNAT features to translate private IP addresses to public IP addresses. This way, you can better manage network traffic that is sent over the Internet.
Background information
The following figure describes the network topology of a NAT gateway. You can use a NAT gateway to meet the following requirements:
If your services in the edge cloud require Internet access but you do not want to expose the services to the Internet, you can use edge NAT gateways. Edge NAT gateways can protect your services against attacks from the Internet.
If you deploy your services on multiple Edge Node Service (ENS) instances and want to provide external services by using one public IP address, you can use the edge NAT gateway feature to configure the public IP address.
If a large number of devices require Internet access, you can create an edge NAT gateway to manage the Internet traffic.
Scenarios
Configure SNAT to allow ENS instances to access the Internet
You can create an edge NAT gateway, associate an elastic IP address (EIP) with the edge NAT gateway, and then configure SNAT for the edge NAT gateway. This way, ENS instances in a virtual private cloud (VPC) can use the same EIP to access the Internet. This saves public IP resources.
You can also associate multiple EIPs with an edge NAT gateway. When an ENS instance needs to access the Internet, the ENS instance randomly selects an EIP from the SNAT IP address pool. If one of the EIPs is under attack, the ENS instance can select another EIP from the SNAT IP address pool to access the Internet. This ensures high availability for your services and prevents service interruptions that are caused by EIP failures.
Configure DNAT to provide Internet-facing services
You can create an edge NAT gateway, associate EIPs with the edge NAT gateway, and then configure DNAT for the edge NAT gateway. This way, ENS instances in a VPC can receive requests from the Internet based on port mapping.
Port mapping: An edge NAT gateway forwards requests that are destined for an EIP to the specified ENS instance. Requests are forwarded based on the specified source and destination ports and the specified protocol that is used by both ports.
Billing
The edge NAT gateway feature is free of charge now. You will be notified one month in advance before Alibaba Cloud begins to charge you for using this feature.