Skip to main content

Common scenarios

Secure Access to the Internet Using SNAT

For cloud-deployed services that require Internet access, usually, one ECS instance is associated with one EIP. The EIP cannot handle large numbers of requests when the workload of the ECS instance spikes. In this case, more EIPs and SNAT rules are required.

Bandwidth Sharing with Multiple Applications Using DNAT

When an enterprise expands, more than one ECS instance is necessary to provide external services. Each ECS instance is deployed with an application service, which provides services to the Internet. The ECS instances have different bandwidth requirements at different times. This may waste resources if you purchase bandwidth resources separately for each ECS instance.

Workload Isolation Between NAT Gateway in One VPC

When a business expands, different workloads deployed in the same VPC must be securely isolated from one another, and their access to the Internet must be controlled.
In this case, you can create multiple enhanced NAT Gateway in the VPC to forward traffic to different destinations. You can also create different access control policies for the NAT Gateway to precisely manage access to the Internet.

Access the Internet Through One Public IP Address

If an ECS instance in a VPC is assigned a public IP address and other ECS instances in the VPC access the Internet using the SNAT feature of NAT Gateway, the ECS instances in the VPC use different IP addresses to access the Internet.
In this case, you can create a NAT gateway for the ECS instances so they can use the same public IP address to access the Internet. The ECS instances that do not have public IP addresses in the VPC can access the Internet using SNAT.

Overlapping Network Addresses of Enterprises

After the merger and acquisition of enterprises, multiple branches are connected over networks. As a result, IP address conflicts are common on cloud networks and data center networks. The enterprises need a solution to effectively manage IP address conflicts. In addition, they need to implement communication between VPCs and data centers and between VPCs.

Cloud Compliance Supervision for the Financial Industry

With the development of business, enterprises in the financial industry have gradually migrated their business to the cloud. They connect to the data centers of regulatory agencies by using leased lines. VPC NAT Gateway can be deployed to manage leased line traffic. They provide NAT services to allow enterprises to provide services with specified IP addresses. This meets the compliance and regulatory requirements of enterprises. In addition, traceability before and after NAT is provided to meet the needs of regular compliance audits.