Help Center> NAT Gateway> User Guide (ME-Abu Dhabi Region)> Overview> Application Scenarios
Updated on 2022-01-25 GMT+08:00
View PDF

Application Scenarios

Using SNAT to Access the Internet

If your servers in the VPC require Internet access, you can use the SNAT function to let the servers share one or more EIPs to access the Internet without exposing their IP addresses. In a VPC, each subnet corresponds to one SNAT rule, and each SNAT rule is configured with one EIP. NAT Gateway provides different types of NAT gateways that support different numbers of connections. You can create multiple SNAT rules to meet your service requirements.

Figure 1 shows how servers in a VPC access the Internet using SNAT.

Figure 1 Using SNAT to access the Internet

Using DNAT to Provide Services Accessible from the Internet

To allow your servers in a VPC to provide services for the Internet, you can use the DNAT function.

You can associate an EIP with a DNAT rule. As requests with specific protocol and port access the EIP, NAT Gateway forwards the requests to the port of the target server through the mapping between the ports. Besides, NAT Gateway can forward requests on the EIP to your servers based on IP address mapping. NAT Gateway allows multiple servers to share an EIP, which facilitates bandwidth control.

A DNAT rule is configured for one server. If there are multiple servers, you can create several DNAT rules to make the servers share one or more EIPs.

Figure 2 shows how servers in a VPC provide services accessible from the Internet using DNAT. The servers shown in the following figure can be an ECS, a BMS, or a Workspace desktop.

Figure 2 Using DNAT to provide services accessible from the Internet

Using SNAT or DNAT to Communicate with the Internet in a High-Speed Way

If a large number of servers that in a private cloud or connect to a VPC through a Direct Connect or VPN connection need to securely access the Internet in a high speed way or to provide services accessible from the Internet, SNAT and DNAT can be used in such scenario. The similar scenarios include Internet, games, e-commerce, and finance.

Figure 3 shows how to communicate with the Internet in a high-speed way.

Figure 3 Using SNAT and DNAT to communicate with the Internet in a high-speed way

Configuring Highly Available System Using SNAT

EIPs that bound to resources may be attacked. To improve system reliability, you can add multiple EIPs when configuring an SNAT rule. If one EIP is attacked, services can use another EIP to ensure service running.

If an SNAT rule has multiple EIPs, the system randomly selects an EIP for servers using the SNAT rule to access the Internet.

A maximum of 20 EIPs can be added to each SNAT rule. If EIPs added to an SNAT rule are blocked or unavailable due to attacks, you need to manually delete them from the EIP pool.

Figure 4 shows the networking diagram.

Figure 4 Configuring highly available system using SNAT
Parent topic: Overview