NAT Gateway is a fully managed network address translation (NAT) service from Alibaba Cloud. It provides Internet access for resources in a virtual private cloud (VPC) by translating their private IP addresses to public ones, preventing direct exposure to the Internet.
Gateway type
Internet NAT Gateway
An Internet NAT gateway translates the private IPv4 addresses within a VPC to elastic IP addresses (EIPs). This lets multiple ECS instances share an EIP to access the Internet.
Share an EIP for Internet access ECS instances within a VPC share an EIP for internet access using SNAT. This method saves costs and improves security.  | Share a NAT gateway for Internet access Connect VPCs with VPC peering connections or Cloud Enterprise Network (CEN) to share an Internet NAT Gateway for Internet access.  |
VPC NAT Gateway
A VPC NAT Gateway translates private IPv4 addresses within a VPC to other private IPs. This resolves private network conflicts or allows access from a specific address.
Resolve private network conflicts Use the VPC NAT Gateway to translate conflicting private IPs when connecting VPCs that have overlapping CIDR blocks.  |
Access from a specific address Meet compliance requirements by ensuring that traffic from a VPC to an on-premises data center originates from a specified private IP address.  |
Performance and high availability
Automatic scaling
Metric | New connections per second (CPS) | Throughput (inbound and outbound) | Concurrent connections | Packets per second (PPS) |
Initial value | 20,000 | 5 Gbps | 500,000 | 800,000 |
Upper limit | 100,000 | 15 Gbps | 2,000,000 | 2,500,000 |
If traffic exceeds these performance limits, you may experience packet loss. To request an increase, contact your account manager.
Actual NAT Gateway performance depends on factors such as average packet size, connection type (persistent or short-lived), and network architecture. Perform stress tests to evaluate the actual performance. Additionally, configure proper monitoring to ensure service stability.
High availability
NAT Gateway ensures high availability by creating a primary and a backup zone, with the backup zone automatically selected by the system. The failover can cause a service interruption of up to 10 minutes. For workloads sensitive to this interruption, deploy multiple NAT gateways in different zones and implement traffic scheduling and failover at the application layer.