NAT Gateway is an enterprise-class public network gateway, providing proxy services (SNAT and DNAT), up to 10 Gbps forwarding capacity, and cross-zone disaster recovery. NAT Gateway helps you establish an Internet gateway for a VPC by configuring SNAT and DNAT entries, allowing more flexible use of network resources.
Product Improvements Announcements
To improve product usage, NAT Gateway supports bind EIPs to NAT Gateway instance.
Usage Process is updated as below.
Previous usage procedure of 1. purchase NAT Gateway --> 2. purchase NAT shared bandwidth package --> 3. set SNAT/DNAT rules.
will be replaced by
Latest usage procedure of 1. purchase NAT Gateway --> 2. bind EIPs to NAT Gateway instance --> 3. set SNAT/DNAT rules.
If your account has no NAT shared bandwidth package before 23:59, January 16, 2018, you will bind EIPs to your created NAT gateways. For the detailed procedure of binding an EIP to NAT Gateway, pls refer Bind an EIP.
If your account has NAT shared bandwidth packages before 23:59, January 16, 2018, your NAT gateway will still use the public IP provided by the NAT bandwidth package by default. If you want to bind EIPs to your NAT Gateway, please submit a Ticket in advance.
Flexible and Easy-to-Use
As an enterprise-class public network gateway for VPC, NAT Gateway provides SNAT and DNAT functions, with no need to construct a SNAT gateway on your own servers.
Using SDN virtualization technology, NAT Gateway provides a virtual network hardware based on Alibaba Cloud’s self-developed distributed gateway. NAT Gateway supports large-scale Internet applications with forwarding capability of 10 Gbps.
NAT Gateway supports cross-zone disaster recovery. Any failure of a single zone will not affect the business continuity of the NAT Gateway.
Change the gateway specifications, peak bandwidth, and the number of the public IPs at any time according to business needs.
As an Internet gateway, NAT Gateway needs to be configured with a public IP to function normally. After creating a NAT gateway, you can bind an EIP to it.
Note: If your account has a NAT shared bandwidth package before 23:59, January 16, 2018, you still need to use the shared bandwidth package to provide public IPs. Submit a Ticket if you want to bind EIP to the NAT gateway.
NAT Gateway supports DNAT (Destination NAT), allowing you to map a public IP to a private IP. The ECS instance with the specified IP can then publish public services over the Internet.
NAT Gateway supports SNAT (Source NAT), allowing you to associate a public IP with a VSwitch. The ECS instances in the VSwitch can then use the public IP to access the Internet.
Scenario: A VPC ECS instance without a public IP requiring access to the Internet
For security considerations, IT systems sometimes require servers to have access to the Internet without exposing their public IPs to public networks. For such scenarios, you may utilize the SNAT function of the NAT Gateway to create a highly available SNAT gateway.
As a function entity, NAT gateway cannot access the Internet by itself, and can only access the Internet after EIPs are bound to it. Therefore, when purchasing a NAT gateway, you need to consider both the NAT gateway fee and the public network fee.
Billing method: Pay-As-You-Go
Billing cycle: Per day
Billing items: NAT Gateway reservation fee
NAT Gateway provides different specifications to meet different user needs and different specifications contain different pricing.
The following table lists the cost of NAT Gateway for different regions.
|Region||Specification Small (USD/Day)||Specification Medium (USD/Day)||Specification Large (USD/Day)||Specification Super Large (USD/Day)|
|China North 1 (Qingdao)||1.829||3.505||6.858||12.192|
|China East 1 (Hangzhou), China East 2 (Shanghai), China North 2 (Beijing), China North 3 (Zhangjiakou), China South 1 (Shenzhen)||1.829||3.505||6.858||12.192|
|US East 1 (Virginia)||2.438||4.572||8.991||15.849|
|US West 1 (Silicon Valley)||2.591||5.029||9.601||17.068|
|Asia Pacific NE 1 (Japan)||2.926||5.608||10.972||19.507|
|Middle East 1 (Dubai)||5.486||10.515||20.573||36.575|
|Asia Pacific SE 2 (Sydney)||3.657||5.334||13.716||24.383|
|Asia Pacific SE 3 (Kuala Lumpur)||2.606||5.068||9.845||17.374|
|Germany 1 (Frankfurt)||3.292||6.309||12.344||21.945|
After creating a NAT gateway, you need to bind EIPs to it to enable the NAT gateway to access the Internet. After EIPs are bound, the public network fee of the NAT gateway will be charged according to the billing method of the EIPs. For more information, see Billing.
Note：If your account has a NAT shared bandwidth package before 23:59, January 16, 2018, your NAT gateway can still use the public IP provided by the NAT shared bandwidth package. In this situation, the public network fee is the NAT shared bandwidth package fee. For more information, see Billing.
Access Alibaba Cloud NAT Gateway Through the Management Console
The Alibaba Cloud Management Console provides a simple web-based user interface that allows you to access and configure NAT Gateway. Use this console to create, modify and manage your NAT Gateway.
For a step-by-step guide on how to create an Alibaba Cloud NAT Gateway through the management console, please read the Quick Start Guide.
To create your own Alibaba Cloud NAT Gateway, please see the NAT Gateway Documentation for a detailed introduction on how NAT Gateway works and how to modify and manage your NAT Gateway.
Alibaba Cloud VPC API Reference
Access the web-based Alibaba Cloud NAT Gateway APIs to programmatically create, manage and achieve greater control of your product resources
The following resources offer detailed information about Alibaba Cloud NAT Gateway.