SNAT advanced use of NAT gateway (1) SNAT POOL

Abstract: The NAT gateway is the entrance and exit of the VPC ECS on the cloud to access the Internet. SNAT enables a specified VPC ECS to access the Internet using a specified public IP. When the Alibaba Cloud NAT gateway console creates a SNAT entry, by default, one public IP address is configured for the specified switch.

(1) Introduction

Why use SNAT POOL

NAT gateway is the entrance and exit of VPC ECS on the cloud to access the Internet. SNAT enables a specified VPC ECS to access the Internet using a specified public IP. When the Alibaba Cloud NAT gateway console creates a SNAT entry, by default, one public IP address is configured for the specified switch. However, the number of SNAT connections is limited by the number of ports on a single public network IP. When the traffic volume increases rapidly, a single public network IP as the egress for VPC ECS to access the Internet will be somewhat powerless. For this scenario, you can consider using the SNAT POOL function of the NAT gateway.

What is the SNAT POOL function?

When creating a SNAT entry, you can add multiple public IP addresses to an address pool. When VPC ECS actively initiates external access connections, VPC ECS randomly accesses the Internet through the public IP addresses in the SNAT address pool.

How to use the SNAT POOL function

to call the Alibaba Cloud NAT gateway API interface: CreateSnatEntry. The following figure shows the request parameters of CreatSnatEntry.

Note: This article will use the tool OpenAPI_Explorer provided by Alibaba Cloud as an example.

(2) Preparations

Create a VPC, plan subnets, and purchase VPC ECS on demand.
Create a NAT gateway.
Purchase a NAT bandwidth package containing 2 public IP addresses for the NAT gateway.
The following are the sample SNAT POOL operation topology diagram and the console diagram of the NAT gateway bound with two elastic public network IPs.






(3) SNAT POOL settings

Log in to OpenAPI_Explorer provided by Alibaba Cloud. OpenAPI_Explorer provides fast API interface debugging and is a very convenient tool.
Select "Private Network VPC" in the "Cloud Product List" on the left side of OpenAPI Explorer, and then search for the API interface "CreateSnatEntry".

Fill in the regionId of the NAT gateway, the SnatTableId and the vswitchID where SNAT needs to be set. Fill in the two EIPs to be set as the SNAT address pool into SnatIp, separated by commas, as shown in the following figure. Then click "Initiate Request".

At this time, return to the NAT gateway console, and you can see that the SNAT POOL just set has appeared in the SNAT entry.


(4) SNAT POOL

verification Log in to the three ECSs behind the vswitch where the SNAT rule is set, and check the source IP address of the outgoing network.






(V) Precautions

1. After the SNAT POOL is successfully created, the designated VPC ECS will randomly use the public IP in the SNAT POOL to access the Internet.
2. The SNAT POOL function currently only supports API creation. By default, the SNAT entry on the console only supports setting a public IP address at the vswitch granularity as the source IP address of the outgoing network. The SNAT POOL function will be opened on subsequent consoles, so stay tuned.
3. The SNAT POOL function currently only supports the public IP of the NAT bandwidth package. It is also planned to support the elastic public IP bound to the NAT gateway, so stay tuned.

(6) Useful

links Detailed explanation of Alibaba Cloud NAT gateway API documentation CreateSnatEntry --[CreateSnatEntry]
Product Diagram of Alibaba Cloud NAT Gateway--[A picture to understand Alibaba Cloud network products [4] NAT Gateway]
A must-read for Alibaba Cloud private network public network entrance and exit management--[Detailed explanation of the difference between SLB, EIP, and NAT gateway , Reasonable choice of cloud public network entrance]

Link to the original text: https://yq.aliyun.com/articles/533821?spm=a2c41.11181499.0.0