Public Cloud – Flexible Engine

NAT Gateway – Translate network address gateway to connect internet to your network

Allows ECSs to access the Internet using elastic IP addresses (EIPs) or to provide services for external networks

logo du service " NAT gateway"

The NAT Gateway service offers the Network Address Translation (NAT) function for Elastic Cloud Servers (ECSs) in a Virtual Private Cloud (VPC), allowing these ECSs to access the Internet using elastic IP addresses (EIPs) or to provide services for external networks.

System Architecture

NAT Gateway : types and performances

The NAT Gateway service provides different types for different application scenarios.

  • SNAT

The NAT gateway type determines two elements of the source network address

Translation function (SNAT), the maximum number of connections and the number of new connections per second.

The data rate is determined by the bandwidth of the EIPs.


Maximum Number of SNAT Connections

Number of New SNAT Connections per Second


10 000

1 000


50 000

5 000


200 000

10 000


1 000 000

30 000


Flexible deployment

The NAT Gateway service can be deployed flexibly across subnets and across AZs. Any fault in a single AZ does not affect the service continuity of NAT Gateway. The types and public IP address of a NAT gateway can be adjusted at any time.

Diversified and easy-to-use

Multiple types of NAT gateways are available. User can use them after simply configuring them. NAT gateways support easy operation and maintenance (O&M) and quick provisioning. They can run stably and reliably.


Multiple ECSs share an elastic IP address. When you send data through a private IP address or provide services for the Internet using a NAT gateway, the NAT Gateway service translates the private IP address to a public IP address. Users do not need to purchase additional EIPs and bandwidth resources for their ECSs to access the Internet.


  • The NAT Gateway service supports ECSs and Bare Metal Servers (BMSs).
  • Tenants in the VPC can use shared EIPs to access the Internet. Multiple types of NAT gateways are available.
  • Access to the public network is implemented by the SNAT function of the NAT Gateway service. SNAT allows resources that are not assigned EIPs in a VPC to access the public network directly and supports a huge number of concurrent connections. Therefore, the NAT Gateway service can be used in the scenarios with a large number of requests and connections.
  • The DNAT function enables multiple ECSs in a VPC to share the same EIP and bandwidth to provide services for the Internet. Users can control bandwidth resources more precisely.

Usage restrictions

Observe the following constraints when using the NAT Gateway service:

  • Multiple rules for one NAT gateway can reuse the same EIP, but the rules for different NAT gateways must use different EIPs.
  • Each VPC can have only one NAT gateway.
  • Users cannot manually add the default route in a VPC.
  • Only one SNAT rule can be added to a subnet in a VPC.
  • SNAT and DNAT cannot share the same EIP.
  • When the EIP and NAT Gateway services are configured on the ECS, data is forwarded through the EIP.