This topic provides answers to some frequently asked questions about the SNAT feature provided by NAT Gateway.
How many EIPs can I specify in one SNAT entry of an Internet NAT gateway?
Can I create an SNAT IP address pool for SNAT entries of Internet NAT gateways?
How can I configure the ECS instances in a VPC to use the same EIP to access the Internet?
How many SNAT entries can I add to a NAT gateway?
By default, you can add up to 40 SNAT entries to a NAT gateway.
You can navigate to the Quota Management page to request a quota increase. For more information, see Manage NAT Gateway quotas.
How many EIPs can I specify in one SNAT entry of an Internet NAT gateway?
By default, you can specify at most 64 elastic IP addresses (EIPs) in one SNAT entry and you cannot increase the quota.
Can I create an SNAT IP address pool for SNAT entries of Internet NAT gateways?
Yes, you can create an SNAT IP address pool for SNAT entries of Internet NAT gateways. For more information, see Create an SNAT IP address pool.
EIPs in an SNAT IP address pool have the following limits:
The maximum bandwidth of each EIP associated with a standard NAT gateway cannot exceed 200 Mbit/s.
The maximum number of concurrent connections to each EIP is 55,000.
We recommend that you associate the EIPs in an SNAT IP address pool with the same Internet Shared Bandwidth. This prevents service interruptions that are caused when a single EIP reaches its maximum bandwidth. To fully utilize your Internet Shared Bandwidth and avoid port conflicts caused by insufficient EIPs, we recommend that you add EIPs to the SNAT IP address pool based on the following rules:
For standard Internet gateways: If the maximum bandwidth of the Internet Shared Bandwidth is 1,024 Mbit/s, specify at least five EIPs in each SNAT entry.
For standard NAT gateways: If the maximum bandwidth of the Internet Shared Bandwidth is higher than 1,024 Mbit/s, specify at least one more additional EIP for each incremental 200 Mbit/s.
How can I configure the ECS instances in a VPC to use the same EIP to access the Internet?
You can configure an SNAT entry for Elastic Compute Service (ECS) instances in a virtual private cloud (VPC). Then, the ECS instances can access the Internet by using the specified EIP. If an ECS instance is assigned a public IP address (assigned a static public IP address, associated with an EIP, or configured with DNAT IP mapping), the ECS instance preferentially uses the public IP address instead of the EIP to access the Internet. For more information, see Configure ECS instances that are assigned static public IP addresses to use the same EIP to access the Internet, Configure ECS instances that are associated with EIPs to use the same NAT IP address to access the Internet, and Configure ECS instances that configured with DNAT IP mapping to use the same NAT IP address to access the Internet.
Why am I unable to find an existing EIP from the EIP list when I create an SNAT entry on an Internet NAT gateway?
Before you create an SNAT entry, make sure that a NAT gateway is created and the EIP is associated with the NAT gateway. For more information, see Create and manage SNAT entries.
If the source CIDR blocks of multiple SNAT entries overlap, how does the system determine the priorities of the SNAT entries?
The system determines the priorities of SNAT entries based on longest prefix match.
For example, if you create an SNAT entry for an ECS instance, the subnet mask for the source CIDR block is
/32
, which is the longest prefix. Therefore, the SNAT entry has the highest priority.For SNAT entries that you create for other resources, such as vSwitches, VPCs, and custom CIDR blocks, the system determines the priorities of the SNAT entries based on the subnet mask length for the source CIDR block. An SNAT entry with a longer subnet mask length for the source CIDR block has a higher priority.
If an ECS instance is assigned a static public IP address and configured with an SNAT entry, what can I do if I want the ECS instance to preferentially use the EIP specified in the SNAT entry to access the Internet?
You can perform the following steps: Create an elastic network interface (ENI), associate the ENI with the ECS instance, convert the static public IP address to an EIP, and then associate the EIP with the ENI. This way, the ECS instance preferentially uses the EIP in the SNAT entry to access the Internet. The ECS instance uses the ENI to receive requests from the Internet. For more information, see Configure ECS instances that are assigned static public IP addresses to use the same EIP to access the Internet.
If an ECS instance is associated with an EIP and configured with an SNAT entry, what can I do if I want the ECS instance to preferentially use the EIP specified in the SNAT entry to access the Internet?
You can perform the following operations: Create an ENI, associate the ENI with the ECS instance, disassociate the EIP from the ECS instance, and then associate the EIP with the ENI. This way, the ECS instance preferentially uses the EIP in the SNAT entry to access the Internet. The ECS instance uses the ENI to receive requests from the Internet. For more information, see Configure ECS instances that are associated with EIPs to use the same NAT IP address to access the Internet.
If an ECS instance is configured with DNAT IP mapping and an SNAT entry, what can I do if I want the ECS instance to preferentially use the EIP specified in the SNAT entry to access the Internet?
You can perform the following operations: Create an ENI, associate the ENI with the ECS instance, remove the DNAT IP mapping entry, and then create a new DNAT entry to map the EIP on the NAT gateway to the ENI. This way, the ECS instance preferentially uses the EIP in the SNAT entry to access the Internet. The ECS instance uses the ENI to receive requests from the Internet. For more information, see Configure ECS instances that configured with DNAT IP mapping to use the same NAT IP address to access the Internet.