NAT Gateway is a service that supports IP address translation and provides the SNAT and DNAT capabilities. It provides secure and high-performance Internet access for resources in VPCs. NAT Gateway supports a high availability of up to 99.99%, 5 Gbps bandwidth, and more than 10 million concurrent connections. Its typical application scenarios are as follows:
As shown in the following figure, when resources in the VPC, such as CVMs, send outbound data packets through the NAT gateway, these data packets first travel through the router and then are routed according to the routing policy. Finally, the NAT gateway sends the traffic to the Internet by using the bound EIP as the source IP address.
CVMs in a VPC can access the Internet through a NAT gateway or a public gateway. The following table lists the differences between both types of gateways.
|Attribute||NAT Gateway||Public Gateway|
|Availability||Master/Slave hot backup and automatic hot switching||Manually switches the failed gateway.|
|Public network bandwidth||Maximum of 5 Gbps||Depends on the network bandwidth of the CVM.|
|Public IP address||A maximum of 10 EIPs can be bound||Supports one EIP or ordinary public IP address.|
|Rate limit of the public network||N/A||Depends on the rate limit of the CVM.|
|Max concurrent connections||10,000,000||500,000|
|Private IP address||Private IP addresses of VPC users are not consumed||Private IP addresses of subnets are consumed.|
|Security group||Binding a security group to a NAT gateway is not supported. Instead, you can bind a security group to the backend CVM.||Binding a security group is supported.|
|Network ACL||Binding a network ACL to a NAT gateway is not supported. Instead, you can bind a network ACL to the subnet where the backend CVM resides.||Binding a network ACL is not supported. Instead, you can bind a network ACL to the subnet where the public gateway resides.|
The NAT gateway has the following advantages: