NAT is a method of remapping one IP address space into another. Advanced NAT implementations feature IP masquerading, which allows to share one Internet-routable IP address of a NAT gateway for an entire private network. In AWS, you can either use a NAT instance or a NAT gateway.
NAT instance is an EC2 instance configured to work as a NAT gateway. We need to select a security group with HTTP as NAT instances stay behind a security group. There are already some NAT instances available as community AMIs. Amount of traffic a NAT instance can support depend on instance types and hence you may have to increase the instance types if required.
NAT gateways are elastic gateways that is fully managed by Amazon. Unlike NAT instances, with NAT gateways, we do not have to select a security group as Amazon handles it for us. NAT gateways are also auto scalable and will also be taken care by Amazon.
Important Points (Exam Tips)
-
Need to provide a security group for NAT instance, but not for NAT gateways.
-
Need to handle autoscaling on our own for NAT instances, whereas it will be handled by Amazon for NAT gateways.
-
NAT gateways are elastic and Amazon will take care of its availability. NAT instances can become single point of failure or you will need to put in extra effort in doing auto scaling for it.
-
When creating a NAT instance, you need to disable source/destination check.
-
NAT instances must be in a public subnet.
-
There must be a route out from the private instance to the NAT instance, to use it.
-
NAT instances should have a public IP address.
-
NAT gateways are preferred by many now.
-
NAT Gateways can auto scale upto 10 Gbps.
-
With NAT Gateways also, you need to create a route out to NAT gateway.
-
NAT Gateways are automatically assigned a public IP.
-
Read more about differences between NAT instances and NAT gateways here: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-nat-comparison.html
- heartin's blog
- Log in or register to post comments
Recent comments