When your Internet NAT gateway has connectivity or configuration issues, run an instance diagnostic to identify the root cause. The diagnostic checks 13 items across connectivity, configurations, capacity diagnostics, and cost diagnostics — and surfaces actionable suggestions for any detected exceptions.
Only Internet NAT gateways support instance diagnostics. VPC NAT gateways are not supported.
Prerequisites
Before you begin, make sure you have:
Network Intelligence Service (NIS) activated. To activate NIS, go to the NIS service activation page
An Internet NAT gateway created. For details, see Create and manage Internet NAT gateways
The first time you run a diagnostic, the system automatically creates the AliyunServiceRoleForNis service-linked role. For more information, see Service-linked roles.
Check the baseline configuration
Before running the diagnostic tool, verify that your NAT gateway meets the minimum working configuration:
An elastic IP address (EIP) is associated with the gateway
A route pointing to the Internet NAT gateway exists in your Virtual Private Cloud (VPC)
The gateway is in a healthy state (not expired or suspended)
If any of these conditions are not met, resolve them first. The diagnostic tool will also flag them, but correcting them upfront reduces diagnostic time.
Run a diagnostic
Log on to the NAT Gateway console.
On the Internet NAT Gateway page, find the gateway you want to diagnose and click Diagnose in the Diagnose column.
In the Instance Diagnostics panel, review the progress, summary, and details of the diagnostic.
If an exception is detected, the affected diagnostic item appears in the panel. Click the item to view its details and suggested actions.
To see all supported diagnostic items — not just items with exceptions — go to the Diagnostic Item Details section and select Show All Diagnostic Items. Expand any item to view its details.
(Optional) Click Go to the NIS console to view diagnostic records to open the NIS console and review the full history of diagnostic tasks.
Diagnostic items
The following table lists all 13 diagnostic items supported for Internet NAT gateways.
| Category | Diagnostic item | What it checks |
|---|---|---|
| Connectivity diagnostics | Packet Dropped Due to Capacity Limit | Whether packets are dropped due to capacity limits |
| Connectivity diagnostics | SNAT Source Port Allocation | Whether the SNAT source port is allocated |
| Configurations | Route Missing | Whether routes pointing to the Internet NAT gateway exist in the VPC |
| Configurations | Instance Status | Whether the Internet NAT gateway is in a healthy state |
| Configurations | NAT Configurations | Whether SNAT entries and DNAT entries are configured |
| Configurations | EIP Status | Whether an EIP is associated with the gateway |
| Configurations | DNAT and Security Group Configuration | Whether the security group rules match the DNAT configuration |
| Configurations | DNAT Conflicts | Whether DNAT entries conflict with backend EIPs |
| Configurations | IPv4 Gateway Compatibility | Whether the IPv4 gateway is compatible with the NAT configuration |
| Capacity Diagnostics | Rate of NAT Gateway Traffic Processing | Whether the traffic processing rate is within normal range |
| Capacity Diagnostics | Usage of Concurrent Connections of NAT Gateway | Whether concurrent connection usage is within normal range |
| Cost Diagnostics | Alerts for Expiration | Whether the gateway expires within the next 15 days |
| Cost Diagnostics | Alerts for Overdue Payments | Whether the gateway has overdue payments |