Help Center> NAT Gateway> User Guide (Kuala Lumpur Region)> Overview> Application Scenarios
Updated on 2022-08-08 GMT+08:00
View PDF

Application Scenarios

Using SNAT to Enable Servers to Access the Internet

If your servers in a VPC require Internet access, you can use SNAT to let the servers share one or more EIPs to access the Internet without exposing their IP addresses. In a VPC, each subnet corresponds to an SNAT rule, and each SNAT rule is configured with an EIP. NAT Gateway provides different types of NAT gateways that support different numbers of connections. You can create multiple SNAT rules to meet your service requirements.

Figure 1 shows how servers in a VPC access the Internet using SNAT.

Figure 1 Using SNAT to enable servers to access the Internet

Using DNAT to Allow Servers to Provide Services Accessible from the Internet

To allow your servers in a VPC to provide services accessible from the Internet, you can use DNAT.

You can associate an EIP with a DNAT rule. As requests with a specific protocol and port access the EIP, NAT Gateway only forwards requests to the port of the target server through the mapping between the ports. NAT Gateway can also forward requests on the EIP to your servers based on IP address mapping. NAT Gateway allows multiple servers to share an EIP, saving costs on bandwidth.

A DNAT rule is configured for one server. If there are multiple servers, you can create several DNAT rules to make the servers share one or more EIPs.

Figure 2 shows how servers in a VPC use DNAT to provide services accessible from the Internet. The servers shown in the following figure can be an ECS or BMS.

Figure 2 Using DNAT to allow servers to provide services accessible from the Internet

Using SNAT or DNAT to Communicate with the Internet at a High Speed

If a large number of servers in a private cloud or those connect to a VPC through Direct Connect or VPN need secure, high-speed Internet access or need to provide services accessible from the Internet, SNAT and DNAT provide this access. Typical scenarios include Internet, games, e-commerce, and finance across clouds.

Figure 3 shows how to communicate with the Internet at a high speed.

Figure 3 Using SNAT or DNAT to communicate with the Internet at a high speed

Configuring Highly Available System Using SNAT

EIPs bound to resources may be attacked. To improve system reliability, you can add multiple EIPs when configuring an SNAT rule. If one EIP is attacked, another EIP can take over the job to ensure services continuity.

If an SNAT rule has multiple EIPs, the system randomly selects an EIP for servers that use the SNAT rule to access the Internet.

Up to 20 EIPs can be added to each SNAT rule. If EIPs added to an SNAT rule are blocked or unavailable due to attacks, delete them from the EIP pool.

Figure 4 shows the networking diagram.

Figure 4 Configuring highly available system using SNAT
Parent topic: Overview