NAT Gateway provides the DNAT and SNAT features. NAT gateways are classified into Internet NAT gateways and Virtual Private Cloud (VPC) NAT gateways. Internet NAT gateways provide NAT services for public IP addresses, while VPC NAT gateways provide NAT services for private IP addresses. You can choose Internet NAT gateways or VPC NAT gateways based on your business requirements.

Service type

  • Internet NAT Gateway: provides NAT services for public IP addresses and supports a throughput capacity of 100 Gbit/s. Cross-zone disaster recovery is supported. For more information, see What is an Internet NAT gateway?.
  • VPC NAT Gateway: allows Elastic Compute Service (ECS) instances in a VPC to communicate with external private networks. For more information, see What is a VPC NAT gateway?.


  • Security

    You can use the SNAT feature of NAT gateways to protect ECS instances. After you configure SNAT, ECS instances in the specified VPC can access external networks. Unsolicited connection requests from external networks are denied. SNAT shields the ports that the ECS instances use to communicate with the Internet. This protects the ECS instances from external attacks.

  • High performance

    NAT gateways are distributed gateways that use the software-defined networking (SDN) technology. Each NAT gateway provides a throughput capacity of up to 100 Gbit/s, and can serve a large number of Internet applications.

  • Cost-effectiveness

    You can resize a NAT gateway, and change the number and specification of elastic IP addresses (EIPs) that are associated with the NAT gateway. NAT gateways also support the pay-as-you-go billing method. Therefore, you can use NAT gateways to withstand traffic fluctuations.

  • Zone-based high availability

    You can deploy a NAT gateway across zones to achieve high availability. When one zone is down, network traffic is distributed to another zone to prevent service interruptions.

Related Alibaba Cloud services