This topic provides answers to some frequently asked questions about Internet NAT gateways.
- Why am I unable to purchase Internet NAT gateways in some zones?
- Why am I unable to purchase NAT service plans in the NAT Gateway console?
- How many Internet NAT gateways can I create with an Alibaba Cloud account?
- How many Internet NAT gateways can I create in a virtual private cloud (VPC)?
- How many EIPs can I associate with an Internet NAT gateway?
- Why does the outbound bandwidth of an EIP fail to reach the maximum bandwidth after I associate the EIP with an Internet NAT gateway?
- Why am I unable to associate EIPs in the NAT Gateway console?
- Can I specify the same EIP in an SNAT entry and a DNAT entry?
- Can an ECS instance use SNAT to access services that use DNAT to receive external requests if the same enhanced Internet NAT gateway is used for SNAT and DNAT?
- Can I modify the vSwitch and private IP address of an Internet NAT gateway?
- What do I do if the ports of Internet NAT gateway failed to be allocated?
Why am I unable to purchase Internet NAT gateways in some zones?
Internet NAT gateways are unavailable in some zones due to insufficient resources. You can purchase Internet NAT gateways in other zones of the same region. Internet NAT gateways can provide cross-zone services. An Elastic Compute Service (ECS) instance in a zone can use an Internet NAT gateway in another zone of the same region.
Why am I unable to purchase NAT service plans in the NAT Gateway console?
If you did not purchase a NAT service plan before January 26, 2018, you must associate an EIP with your Internet NAT gateway before the Internet NAT gateway can access the Internet. For more information, see Associate an EIP with an Internet NAT gateway.
How many Internet NAT gateways can I create with an Alibaba Cloud account?
The number of Internet NAT gateways that you can create with an Alibaba Cloud account is unlimited.
How many Internet NAT gateways can I create in a virtual private cloud (VPC)?
- You can create only one standard Internet NAT gateway in a VPC. The quota cannot be increased.
- You can create up to five enhanced Internet NAT gateways in a VPC. You can increase the quota by performing the following operations:
- Go to the Quota Management page to request a quota increase. For more information, see Manage NAT Gateway quotas.
- Go to the Quota Center page and request a quota increase. For more information, see Submit an application to increase a quota.
How many EIPs can I associate with an Internet NAT gateway?
By default, each Internet NAT gateway can be associated with at most 20 EIPs.
- Go to the Quota Management page to request a quota increase. For more information, see Manage NAT Gateway quotas.
- Go to the Quota Center page and request a quota increase. For more information, see Submit an application to increase a quota.
Why does the outbound bandwidth of an EIP fail to reach the maximum bandwidth after I associate the EIP with an Internet NAT gateway?
The maximum number of concurrent connections supported by an Internet NAT gateway is limited by the number of EIPs that are associated with the Internet NAT gateway. If only one EIP is associated with the Internet NAT gateway, the maximum number of concurrent connections that the Internet NAT gateway supports is 55,000.
For example, you deployed multiple ECS instances in a VPC. The ECS instances use an Internet NAT gateway to access the same destination IP address and port on the Internet. The bandwidth that is used by the ECS instances is higher than 2 Gbit/s. To avoid packet loss caused by the limit on concurrent connections for each EIP, we recommend that you associate four to eight EIPs with the Internet NAT gateway and create an SNAT IP address pool. For more information, see Create an SNAT IP address pool.
Why am I unable to associate EIPs in the NAT Gateway console?
If you purchased a NAT service plan before January 26, 2018, you can associate only public IP addresses in the NAT service plan with the Internet NAT gateway. To associate EIPs with the Internet NAT gateway, perform the following operations based on the metering method of your NAT service plan.- If the NAT service plan is billed on a pay-by-bandwidth basis, you can convert the public IP addresses to EIPs in the NAT Gateway console. For more information, see Convert a NAT service plan to an EIP bandwidth plan.
- If the NAT service plan is billed on a pay-by-data-transfer basis, submit an application to be included in the whitelist. Then, convert the public IP addresses to EIPs. For more information, see Convert a NAT service plan to an EIP bandwidth plan. You can join the DingTalk group 35128151 and submit an application in the group.
Can I specify the same EIP in an SNAT entry and a DNAT entry?
- For standard Internet NAT gateways, you cannot specify an EIP in both an SNAT entry and a DNAT entry.
- For enhanced Internet NAT gateways, you can specify an EIP in both an SNAT entry and a DNAT entry.
Can an ECS instance use SNAT to access services that use DNAT to receive external requests if the same enhanced Internet NAT gateway is used for SNAT and DNAT?
No.
An ECS instance cannot use SNAT to access services that use DNAT to receive external requests if the same enhanced Internet NAT gateway is used for SNAT and DNAT in a VPC.
If you want an ECS instance to access services that use DNAT to receive external requests in the same VPC, we recommend that you create another enhanced Internet NAT gateway and create SNAT and DNAT entries on different Internet NAT gateways.
Can I modify the vSwitch and private IP address of an Internet NAT gateway?
No, you cannot modify the vSwitch or private IP address of an Internet NAT gateway in the console. For more information, see Switch to another Internet NAT gateway in the same VPC.
What do I do if the ports of Internet NAT gateway failed to be allocated?
When the number of concurrent connections to one destination address from an Internet NAT gateway is too large, TCP ports or UDP ports may fail to be allocated.
Each EIP provides a limited number of SNAT ports. If the number of user sessions that access the same destination address is too large and the number of EIPs specified in SNAT entries is insufficient, port allocation fails.
If the number of port allocation failures keeps increasing, we recommend that you specify more EIPs in SNAT entries. For more information, see Create an SNAT IP address pool.