Virtual Private Cloud (VPC) NAT gateways provide private NAT services to Elastic Compute Service (ECS) instances in a VPC. The ECS instances can use NAT IP addresses to access your data center or other VPCs, or provide services to external private networks.
Features
VPC NAT gateways provide the SNAT and DNAT features. The following table describes the features.
Feature | Description | References |
SNAT | ECS instances in a VPC use the IP addresses specified in SNAT entries to access external private networks. | |
DNAT | ECS instances in a VPC use the IP addresses and ports specified in DNAT entries to provide services to external private networks. |
Scenarios
Allow multiple networks in a hybrid cloud to access each other by using static IP addresses
As finance and securities industries expand their business in the cloud, these industries often create multiple private networks that can communicate with each other. In some cases, regulators may demand that the networks access each other by using static private IP addresses. You can use the SNAT and DNAT features of VPC NAT gateways to allow multiple private networks to access each other by using static private IP addresses.
Allow VPCs that have conflicting CIDR blocks to access each other
Due to early network planning or business consolidation, you may need two VPCs that have overlapping CIDR blocks to communicate with each other. You can create a VPC NAT gateway and configure a NAT IP address for each VPC. The two NAT IP addresses cannot conflict with each other. One VPC uses SNAT to translate source IP addresses to the configured NAT IP address, which allows the VPC to access the other VPC. The other VPC uses the NAT IP address configured in the DNAT entry to provide external services. This way, the two VPCs can access each other.
Usage notes
When you create a VPC NAT gateway, you must select a VPC and a vSwitch in the VPC. To facilitate route configuration, we recommend that you use a vSwitch that is exclusive to the VPC NAT gateway.
NAT IP addresses are IP addresses specified in SNAT or DNAT entries. After you create a VPC NAT gateway, the CIDR block of the vSwitch that you specify for the VPC NAT gateway is used as the default NAT CIDR block. An IP address from the default NAT CIDR block is used as the default NAT IP address. You can add IP addresses to the default CIDR block or create NAT CIDR blocks. For more information about how to use NAT CIDR blocks to configure routes, see Configure routes.
VPC NAT gateways can handle traffic spikes. To improve the performance of VPC NAT gateways, contact your account manager.
Metrics SessionNewConnection SessionActiveConnection Data forwarding Default metric 100,000 2,000,000 5 Gbit/s to 15 Gbit/s (automatic scaling) The following content describes the preceding metrics:- SessionNewConnection: the number of new connections per second.
- SessionActiveConnection: the number of concurrent connections per minute.
- Data forwarding: the amount of inbound and outbound traffic processed per hour.
Limits
Item | Default value | Adjustable |
Limits on instances | ||
Maximum number of VPC NAT gateways that you can create for a VPC | 5 | You can request a quota increase by using one of the following methods:
|
Maximum number of NAT CIDR blocks that you can create for a VPC NAT gateway | 50 (default NAT CIDR block included) | N/A |
Maximum number of IP addresses that can be included in a NAT CIDR block | 50 | |
Limits on SNAT | ||
Maximum number of SNAT entries that you can create on a VPC NAT gateway | 40 | You can request a quota increase by using one of the following methods:
|
Maximum number of IP addresses that you can specify in an SNAT entry | 1 | N/A |
Limits on DNAT | ||
Maximum number of DNAT entries that you can create on a VPC NAT gateway | 100 | You can request a quota increase by using one of the following methods:
|