NAT gateways provide network address translation (NAT) with 20 Gbit/s of bandwidth for cloud servers (BMS) or for servers in on-premises data centers that connect to a VPC through Direct Connect or VPN. A NAT gateway enables cloud and on-premises servers in a private subnet to share an EIP to access the Internet or provide services accessible from the Internet. A NAT gateway enables cloud servers to connect to services in on-premises networks or other VPCs.
NAT Gateway offers source NAT (SNAT) and destination NAT (DNAT).
- SNAT translates private IP addresses into EIPs so that traffic from a private network can go out to the Internet.
Figure 1 shows how an SNAT rule works.
Figure 1 NAT gateway with an SNAT rule
- DNAT enables servers in a VPC, regardless of whether they are in the same AZ, to share an EIP to provide services accessible from the Internet. With an EIP, a public NAT gateway forwards the Internet requests from only a specific port and over a specific protocol to a specific port of a server, or it can forward all requests to the server regardless of which port they originated on.
Figure 2 shows how a DNAT rule works.
Figure 2 NAT gateway with a DNAT rule
Public NAT gateways are used to provide NAT.
Public NAT Gateways
A public NAT gateway enables cloud and on-premises servers in a private subnet to share an EIP to access the Internet or provide services accessible from the Internet. Cloud servers are ECSs and BMSs in a VPC. On-premises servers are servers in on-premises data centers that connect to a VPC through Direct Connect or Virtual Private Network (VPN). A public NAT gateway supports up to 20 Gbit/s of bandwidth.
Public NAT gateways offer source NAT (SNAT) and destination NAT (DNAT).
- SNAT translates private IP addresses into an EIP so that cloud servers across AZs can share an EIP to access the Internet.
Figure 3 shows how an SNAT rule works.
Figure 3 NAT gateway with an SNAT rule
- DNAT enables servers in a VPC, regardless of whether they are in the same AZ, to share an EIP to provide services accessible from the Internet through IP address mapping or port mapping.
Figure 4 shows how a DNAT rule works.
Figure 4 NAT gateway with a DNAT rule
How Do I Access the NAT Gateway Service?
You can access the NAT Gateway service through:
- Management console
Log in to the management console and choose NAT Gateway from the service list.
- APIs
If you need to integrate NAT Gateway on the cloud platform into your own system, use APIs to access NAT Gateway.