NAT Gateway

A public Internet gateway for flexible usage of network resources and access to VPC.

Buy Now Contact Sales


NAT Gateway is an enterprise-class public network gateway, providing proxy services (SNAT and DNAT), up to 10 Gbps forwarding capacity, and cross-zone disaster recovery. NAT Gateway helps you establish an Internet gateway for a VPC by configuring SNAT and DNAT entries, allowing more flexible use of network resources.

Product Improvements Announcements

To improve product usage, NAT Gateway supports bind EIPs to NAT Gateway instance.

Usage Process is updated as below.

Previous usage procedure of 1. purchase NAT Gateway --> 2. purchase NAT shared bandwidth package --> 3. set SNAT/DNAT rules.

will be replaced by

Latest usage procedure of 1. purchase NAT Gateway --> 2. bind EIPs to NAT Gateway instance --> 3. set SNAT/DNAT rules.

If your account has no NAT shared bandwidth package before 23:59, January 16, 2018, you will bind EIPs to your created NAT gateways. For the detailed procedure of binding an EIP to NAT Gateway, pls refer Bind an EIP.

If your account has NAT shared bandwidth packages before 23:59, January 16, 2018, your NAT gateway will still use the public IP provided by the NAT bandwidth package by default. If you want to bind EIPs to your NAT Gateway, please submit a Ticket in advance.


Flexible and Easy-to-Use

  • As an enterprise-class public network gateway for VPC, NAT Gateway provides SNAT and DNAT functions, with no need to construct a SNAT gateway on your own servers.


  • Using SDN virtualization technology, NAT Gateway provides a virtual network hardware based on Alibaba Cloud’s self-developed distributed gateway. NAT Gateway supports large-scale Internet applications with forwarding capability of 10 Gbps.

High Availability

  • NAT Gateway supports cross-zone disaster recovery. Any failure of a single zone will not affect the business continuity of the NAT Gateway.


  • Change the gateway specifications, peak bandwidth, and the number of the public IPs at any time according to business needs.

Product Details

As an Internet gateway, NAT Gateway needs to be configured with a public IP to function normally. After creating a NAT gateway, you can bind an EIP to it.

Note: If your account has a NAT shared bandwidth package before 23:59, January 16, 2018, you still need to use the shared bandwidth package to provide public IPs. Submit a Ticket if you want to bind EIP to the NAT gateway.



NAT Gateway supports DNAT (Destination NAT), allowing you to map a public IP to a private IP. The ECS instance with the specified IP can then publish public services over the Internet.


NAT Gateway supports SNAT (Source NAT), allowing you to associate a public IP with a VSwitch. The ECS instances in the VSwitch can then use the public IP to access the Internet.


Scenario: A VPC ECS instance without a public IP requiring access to the Internet

For security considerations, IT systems sometimes require servers to have access to the Internet without exposing their public IPs to public networks. For such scenarios, you may utilize the SNAT function of the NAT Gateway to create a highly available SNAT gateway.


As a function entity, NAT gateway cannot access the Internet by itself, and can only access the Internet after EIPs are bound to it. Therefore, when purchasing a NAT gateway, you need to consider both the NAT gateway fee and the public network fee.

NAT Gateway

Billing method: Pay-As-You-Go

Billing cycle: Per day

Billing items: NAT Gateway reservation fee

NAT Gateway provides different specifications to meet different user needs and different specifications contain different pricing.

The following table lists the cost of NAT Gateway for different regions.

RegionSpecification Small (USD/Day)Specification Medium (USD/Day)Specification Large (USD/Day)Specification Super Large (USD/Day)
China North 1 (Qingdao)1.8293.5056.85812.192
China East 1 (Hangzhou), China East 2 (Shanghai), China North 2 (Beijing), China North 3 (Zhangjiakou), China South 1 (Shenzhen)1.8293.5056.85812.192
Hong Kong2.4384.5728.99115.849
US East 1 (Virginia)2.4384.5728.99115.849
US West 1 (Silicon Valley)2.5915.0299.60117.068
Asia Pacific NE 1 (Japan)2.9265.60810.97219.507
Middle East 1 (Dubai)5.48610.51520.57336.575
Asia Pacific SE 2 (Sydney)3.6575.33413.71624.383
Asia Pacific SE 3 (Kuala Lumpur)2.6065.0689.84517.374
Germany 1 (Frankfurt)3.2926.30912.34421.945
Prices may change over time. Please refer to the NAT Gateway console for current prices.

Public network

After creating a NAT gateway, you need to bind EIPs to it to enable the NAT gateway to access the Internet. After EIPs are bound, the public network fee of the NAT gateway will be charged according to the billing method of the EIPs. For more information, see Billing.

Note:If your account has a NAT shared bandwidth package before 23:59, January 16, 2018, your NAT gateway can still use the public IP provided by the NAT shared bandwidth package. In this situation, the public network fee is the NAT shared bandwidth package fee. For more information, see Billing.

Getting Started

Access Alibaba Cloud NAT Gateway Through the Management Console

The Alibaba Cloud Management Console provides a simple web-based user interface that allows you to access and configure NAT Gateway. Use this console to create, modify and manage your NAT Gateway.

For a step-by-step guide on how to create an Alibaba Cloud NAT Gateway through the management console, please read the Quick Start Guide.


To create your own Alibaba Cloud NAT Gateway, please see the NAT Gateway Documentation for a detailed introduction on how NAT Gateway works and how to modify and manage your NAT Gateway.

Alibaba Cloud VPC API Reference

Access the web-based Alibaba Cloud NAT Gateway APIs to programmatically create, manage and achieve greater control of your product resources


The following resources offer detailed information about Alibaba Cloud NAT Gateway.

Developer Resources

See the links below for advanced features and Documentation. These resources are useful for developers wishing to integrate Alibaba Cloud NAT Gateway with their existing applications or to improve configurations.

Related Services