All Products
Search

This Product

    NAT Gateway:Release of VPC NAT gateways

    Document Center

    NAT Gateway:Release of VPC NAT gateways

    Last Updated:Nov 20, 2025

    Alibaba Cloud has released Virtual Private Cloud (VPC) NAT gateways. VPC NAT gateways allow you to create custom SNAT and DNAT entries to translate private IP addresses. This way, multiple networks in a hybrid cloud can access each other by using static IP addresses. VPCs that have conflicting CIDR blocks can also access each other by using VPC NAT gateways.

    Introduction

    VPC NAT gateways provide NAT services to Elastic Compute Service (ECS) instances in a VPC. The ECS instances can use the NAT IP addresses to access your data center or other VPCs, or provide services to external networks.

    You can log on to the VPC NAT Gateway console to use VPC NAT gateways.

    Billing method

    VPC NAT gateways support the pay-as-you-go billing method. For more information, see Billing of VPC NAT gateways.

    Pay-as-you-go VPC NAT gateways provide high and stable performance that can withstand traffic spikes.

    Metric

    New connections per second

    Throughput (inbound and outbound)

    Maximum concurrent connections

    Packets processed per second

    Default

    20,000

    5 Gbit/s

    500,000

    800,000

    Maximum (auto scaling supported)

    100,000

    15 Gbit/s

    2,000,000

    2,500,000

    Note

    • In actual business scenarios, the NAT gateway performance is determined by the subscription duration, connection type, and network architecture. Therefore, the actual performance may be different. We recommend that you perform stress testing to evaluate the instance performance and configure monitoring items to make sure that the service runs as expected.

    • If the performance exceeds the maximum metrics, packet loss may occur. This may affect service access.

    • Traffic generated by DNAT entries is also subject to the maximum number of concurrent connections.

    Procedure

    1. Create a VPC NAT gateway:

      1. Select the region and the VPC that requires private address translation.

      2. Select the vSwitch that requires private address translation. The vSwitch must be different from the vSwitch where the ECS instance that uses the VPC NAT gateway is created. To facilitate route configuration, we recommend that you use an independent vSwitch for the VPC NAT gateway.

    2. Configure routes:

      1. Create a custom route table and associate it with the vSwitch to which the VPC NAT gateway belongs. Then, add a custom route entry that points to the destination IP address in the custom route table.

      2. Add a custom route entry that points to the VPC NAT gateway to the system route table.

    3. Configure SNAT entries or DNAT entries:

      1. Create a new NAT IP address or use the default NAT IP address based on your business requirements.

      2. When you create an SNAT entry, you can specify a VPC, a vSwitch, an ECS instance, or a custom CIDR block. When you create a DNAT entry, you can specify a private IP address to receive external requests.

      For more information, see Create and manage SNAT entries on a VPC NAT gateway or Create and manage DNAT entries on a VPC NAT gateway.