What is NAT Gateway
NAT Gateway is a Network Address Translation (NAT) service. Alibaba Cloud provides two types of NAT gateways: Internet NAT gateways and Virtual Private Cloud (VPC) NAT gateways. Internet NAT gateways provide public IP address translation services. VPC NAT gateways provide private IP address translation services. You can specify a NAT gateway type based on your business requirements.
Benefits of NAT Gateway
You can use the SNAT feature of NAT gateways to protect ECS instances. After you configure SNAT, ECS instances in the specified VPC can access external networks. Unsolicited connection requests from external networks are denied. SNAT shields the ports that the ECS instances use to communicate with the Internet. This protects the ECS instances from external attacks.
Alibaba Cloud NAT gateways are distributed gateways that use software-defined networking (SDN) technology. Each NAT gateway provides a throughput capacity of up to 100 Gbit/s and can serve a large number of Internet applications.
You can change the size of a NAT gateway or the number and bandwidth limits of the EIPs associated with a NAT gateway anytime. In addition, NAT gateways are billed on a pay-as-you-go basis. Therefore, you can use NAT gateways to withstand traffic fluctuations with ease.
Zone-based high availability
You can deploy a NAT gateway across zones to achieve high availability. When one zone is down, network traffic is distributed to the other zone to prevent service interruptions.
So why use NAT Gateway…
Traditionally, one method of granting servers internet access has been to assign them a public IP address. However, as the number of servers in your environment that require internet access grows, the number of public IP addresses or PIPs will grow as well, raising the overall cost of running each server on the cloud.
One approach to avoid paying for several PIPs is to use the Alibaba NAT gateway. In the steps below, we’ll show you how to configure multiple ECS instances to utilize the Alibaba NAT gateway to access the internet.
For this exercise, you will need an Alibaba Cloud account with a valid payment method.
Step 1: On the Alibaba Console search for NAT gateway:
Step 2: On the NAT gateway console page click on create an instance:
You will see the following sections from which you can make selections as shown in the screenshot below:
- Region and Zone
- VPC ID
- Gateway Type
- Billing Method
Note: 1. Uncheck “Unified access” if you want the NAT gateway to apply to specific VPC resources
2. Select an existing EIP by clicking Select EIP or create a new one by clicking Create EIP
Afterward, confirm your order by clicking on “Activate Now”.
Step 4. Confirm the status of the newly created NAT gateway displayed under the Status column of the table:
Step 5. Click on the name of the newly created NAT gateway and select the SNAT management Tab:
Take note of the Source CIDR Block and ECS/vSwitch/VPC ID, ensure that the resources that need access to the internet fall within those parameters.
Step 6. Now to verify internet access on your servers, Go to the ECS console:
Note: the server only has a private IP address
- On the console page, click on connect (this can be seen under the Actions column of the table)
- On the Pop-up windows, connect to the server by clicking the “Blue-colored connect button” under the Workbench connection
- Provide your login credentials and click OK:
Finally, let us update the server from the internet using the “apt update” command. See below screenshot:
NAT gateway is a very good tool to have in your chest when you need to perform tasks on servers that require internet connectivity without having to assign individual IP addresses to servers. It is easy to start up, configure, and you are charged on a pay-as-you-go basis.