Help Center> NAT Gateway> FAQs> SNAT Rules> What Are SNAT Connections?
Updated on 2023-05-09 GMT+08:00

What Are SNAT Connections?

An SNAT connection consists of a source IP address, source port, destination IP address, destination port, and a transport layer protocol. An SNAT connection uniquely identifies a session. The source IP address and source port refer to the IP address and port after NAT.

SNAT supports three protocols: TCP, UDP, and ICMP. A NAT gateway supports up to 55,000 concurrent connections to each destination IP address and port. If any of the destination IP address, port number, and protocol (TCP, UDP, or ICMP) changes, you can create another 55,000 connections. The number of connections you query on an ECS may be different from the actual number of SNAT connections. (You can run the netstat command to query the number of connections.) Assume that an ECS creates 100 connections to a fixed destination every second. 55,000 connections will be used up in about 10 minutes without considering the dropped idle connections. As a result, new connections cannot be established.

If there is no data packet passing through the SNAT connection for a long time, the connection will be timed out. To prevent connection interruption, initiate more data packets or use TCP to maintain connections. In addition, to prevent service interruption caused by insufficient connections, use Cloud Eye to monitor the number of SNAT connections and set appropriate alarm rules.