Virtual Private Cloud (VPC) NAT gateways provide private NAT services to Elastic Compute Service (ECS) instances in a VPC. The ECS instances can use NAT IP addresses to access your data center or other VPCs, or provide services to external private networks.

Features

VPC NAT gateways provide the SNAT and DNAT features. The following table describes the features.
ParameterDescriptionReferences
SNATECS instances in a VPC use the IP addresses specified in SNAT entries to access external private networks. Create and manage SNAT entries on a VPC NAT gateway
DNATECS instances in a VPC use the IP addresses and ports specified in DNAT entries to provide services to external private networks. Create and manage DNAT entries on a VPC NAT gateway

Scenarios

  • Allow multiple networks in a hybrid cloud to access each other by using static IP addresses
    As finance and securities industries expand their business in the cloud, these industries often create multiple private networks that can communicate with each other. In some cases, regulators may demand that the networks access each other by using static private IP addresses. You can use the SNAT and DNAT features of VPC NAT gateways to allow multiple private networks to access each other by using static private IP addresses. Mutual access between multiple networks in a hybrid cloud
  • Allow VPCs that have conflicting CIDR blocks to access each other
    Due to early network planning or business consolidation, you may need two VPCs that have overlapping CIDR blocks to communicate with each other. You can create a VPC NAT gateway and configure a NAT IP address for each VPC. The two NAT IP addresses cannot conflict with each other. One VPC uses SNAT to translate source IP addresses to the configured NAT IP address, which allows the VPC to access the other VPC. The other VPC uses the NAT IP address configured in the DNAT entry to provide external services. This way, the two VPCs can access each other. Conflicting CIDR blocks

Usage notes

  • When you create a VPC NAT gateway, you must select a VPC and a vSwitch in the VPC. To facilitate route configuration, we recommend that you use a vSwitch that is exclusive to the VPC NAT gateway.
  • NAT IP addresses are IP addresses specified in SNAT or DNAT entries. After you create a VPC NAT gateway, the CIDR block of the vSwitch that you specify for the VPC NAT gateway is used as the default NAT CIDR block. An IP address from the default NAT CIDR block is used as the default NAT IP address. You can add IP addresses to the default CIDR block or create NAT CIDR blocks. For more information about how to use NAT CIDR blocks to configure routes, see Configure routes.
  • VPC NAT gateways can handle traffic spikes. To improve the performance of VPC NAT gateways, contact your account manager.
    MetricNew connectionsConcurrent connectionsData forwarding
    Default metricTwo million100,0005 Gbit/s to 15 Gbit/s (automatic scaling)
    The following content describes the preceding metrics:
    • New connections: the number of new connections per second.
    • Concurrent connections: the number of concurrent connections per minute.
    • Data forwarding: the amount of inbound and outbound traffic that is processed per hour.

Limits

ItemLimitAdjustable
Limits on instances
Number of VPC NAT gateways that you can create for a VPC5
You can increase the quota by performing the following operations:
Number of NAT CIDR blocks that you can create for a VPC NAT gateway50 (default NAT CIDR block included)N/A
Number of IP addresses that can be included in a NAT CIDR block50
Limits on SNAT
Number of SNAT entries that you can create on a VPC NAT gateway40
You can increase the quota by performing the following operations:
Number of IP addresses that you can specify in an SNAT entry1N/A
Limits on DNAT
Number of DNAT entries that you can create on a VPC NAT gateway100
You can increase the quota by performing the following operations:

Related Alibaba Cloud services