Amazon offers two types of NAT devices- NAT Instances and NAT Gateway, but it is recommended that you use NAT Gateways as it offers better bandwidth and is highly available when compared to NAT Instances.
Table of Contents:
Watch this AWS video by Intellipaat:
NAT Gateways Working
Your private network can communicate with other public networks with the help of NAT Gateways. They can be used for sending and receiving traffic from a single IP address while keeping hosts’ identities private.
All the Instances within your private network are protected with the help of NAT Gateways, as it blocks incoming traffic and allows outgoing traffic.
You can use NAT Gateways in situations when you want to roll out a firmware update but also don’t want to allow the software update servers to directly access devices connected to your private network.
Below is a diagram depicting how a NAT Gateway functions on an AWS public cloud.
AWS NAT Gateway Features
- A NAT Gateway supports TCP, UDP, and ICMP protocols.
- Up to 5 Gbps of bandwidth is supported by the NAT Gateway, which automatically scales 100 Gbps. For more bandwidth split your resources into multiple subnets while creating NAT Gateways for each subnet.
- Upto 1 million packets can be processed per second by the NAT Gateway which can scale up to 10 million packets per second automatically.
- NAT Gateways support IPv4 or IPv6 traffic.
- Up to 55,000 simultaneous connections for each unique destination can be supported by the NAT Gateway.
NAT Gateway Connectivity Types
Public
- (By default) Private subnet Instances cannot accept unauthorized inbound connections from the internet, but they can connect to it via a public NAT Gateway.
- You must assign an elastic IP address to the public NAT Gateway when you create it in a public subnet.
- Traffic can be routed to the internet Gateway from the NAT Gateway for the VPC.
- You can also use a public NAT Gateway for connecting with your on-premise network or other VPCs.
- In such situations, traffic from the NAT Gateway can be routed via a transit Gateway.
Private
- Instances can connect to other VPCs or use a private NAT Gateway to connect to your on-premises network.
- Traffic can be transmitted through a transit Gateway or virtual private Gateway.
- An elastic IP address cannot be linked to a private NAT Gateway.
- A private NAT Gateway can be used to connect an internet Gateway to a virtual private network (VPC), however, the internet Gateway will stop accepting traffic when it is forwarded to it from the private NAT Gateway.
What are NAT Instances?
NAT Instances are the traditional method of providing internet connectivity to Instances.
An instance behind a NAT can connect to the internet, but all new connection attempts from the internet to the instance are prevented.
NAT allows Instances to connect to the internet but not vice versa.
Previously, you had to start and manage NAT Instances. You can now choose not to use NAT Instance as AWS has supplied a NAT Gateway, which is a scalable service managed entirely by AWS.
AWS NAT Gateway vs NAT Instances
The key distinctions between NAT Gateways and NAT Instances are listed below.
Attribute | NAT Gateway | NAT instance |
Availability | Widely available. Each Availability Zone has redundant NAT Gateways. | To manage failover across Instances, use a script. |
Bandwidth | Scale up to 100 Gbps. | It is determined by the instance type’s bandwidth. |
Maintenance | Managed by AWS. | Managed by you. |
Performance | Software is optimized to handle NAT traffic. | A generic AMI with NAT enabled. |
Cost | You will be charged based on the number of NAT gates you use, the length of time you utilize them, and the quantity of data you send via them. | Charged based on the number of NAT Instances used, the period of use, and the kind and size of the instance. |
Private IP addresses | When you construct the Gateway, the IP address range of the subnet is automatically selected. | When you launch the instance, assign a specified private IP address from the subnet’s IP address range. |
Public IP addresses | At the time of creation, select the Elastic IP address that will be associated with a public NAT Gateway. | When using a NAT instance, use an Elastic IP address or a public IP address. |
Get 100% Hike!
Master Most in Demand Skills Now!
How to Create NAT Gateway?
Below are steps for configuring NAT Gateway for private subnets:
- Navigate to the AWS Console ->Services.
- Click VPC under the Networking & Content Delivery heading.
- Create a NAT Gateway by going to Virtual Private Cloud > NAT Gateways.
- To construct the NAT Gateway, choose a public subnet from the Subnet drop-down list on the newly created page.
- Assign the NAT Gateway an Elastic IP Address.
- Click Create a NAT Gateway.
Deleting a NAT Gateway
Follow the below steps to delete a NAT Gateway:
- Navigate to the Amazon VPC console.
- From the Navigation pane choose NAT Gateways.
- Locate the radio button for the NAT Gateway, from there go to Actions and Delete NAT Gateway.
- Select Delete when the confirmation window appears.
Pricing
You will be billed for each “NAT Gateway-hour” that your NAT Gateway is created and active if you create one in your VPC.
Independent of source or destination, data processing fees are charged for each gigabyte of traffic processed via the NAT Gateway.
Each partial NAT Gateway usage is invoiced at the full hourly rate.
The exact price received will differ since AWS NAT Gateway prices are region-specific.
Conclusion
In this blog, we discussed AWS NAT Gateways and how it is used for connecting Instances to services outside your VPC in a private subnet. We also compared it with NAT Instances, which is an older solution by Amazon for providing internet connectivity to Instances.