NAT Instances & NAT Gateways

NAT Instances & NAT Gateway


NAT Instances & NAT Gateways are used to provide internet to Private Subnet instances.

NAT Instances are similar to the EC2 Instances except that they are used for NAT predominantly. These are Amazon provided Amazon Linux AMIs configured to be used as NAT Instances. These are created in the Public Subnet to provide internet connectivity for instances in Private Subnet thus it is important to have the right route tables associated with the Private Subnets updated to point the internet routes towards these.

Since these are internet instances so they are to be linked with the Security Groups just like any other EC2 instances to allow traffic towards these instances.

Each EC2 instances perform Source/Destination checks by default i.e. the EC2 instance must be either the source or destination of the traffic flows it sends or receive. For NAT instance this needs to be disabled as NAT instance will not be source or destination but will only be performing NATting.

NAT instances if down can black hole the traffic.


NAT Gateways on the hand are gateways created under Public subnet to allow internet to Private Subnets. They are more robust and available in comparison to NAT instances. NAT gateways do not span Availability Zone thus it is recommended to have NAT gateway in each Availability Zone in case we have more than 1 Availability Zone.



Comments

Post a Comment

Popular posts from this blog

BUM traffic flow in ACI

Image
BUM traffic flow in ACI (Single Pod) Below article details the insights on the BUM traffic flow within ACI. The article is based on the assumption that reader is aware of the ACI basic terminology. Cisco ACI as understood uses the hardware VTEP Leaf/Spine architecture. Both Leaf and Spine are allocated the VTEP address assigned dynamically from the pool provided in the APIC configuration. ACI works efficiently in a way to reduce the flooding within the ACI fabric. The bridge domain is defined as the broadcast domain within the  ACI architecture. There can exist different EPGs within the same bridge domain. The EPGs within the same bridge domain can be associated with different VLANs. Thus inspite of being in different VLANs the EPGs associated in the same bridge domain are bound to experience flood traffic within the same Bridge domain unlike to the traditional architecture where every VLAN is a different broadcast domain. ACI works on the concept of n...
Read more

Wireless Classification Types

Image
Classification Types Based on Distance  Wireless Personal Area Network (WPAN) Personal Area Network is usually defined as anything at one arm distance from a person. It extends upto 30feet / 10m. Applications such as Infra red, Bluetooth, Passive RFIDs are generally considered in this. Wireless Local Area Network (WLAN) Extending PAN by 10 times approx. makes it within the boundaries of LAN thereby defining its range upto 300 feet / 100m. Cordless phones and Zigbees are its typical examples. Wireless Metropolitan Area Network (WMAN) There is no specific range defined for this but it generally extends to few kms/miles. Cellular, WiMAX are few of its examples. Wireless Wide Area Network (WWAN) This exists beyond a country or nation or entire world. It is generally extended to several hundreds/thousand miles/km. Typical examples include Satellite communication, long range cellular communications.  2.  Based on Modes ...
Read more

Traffic flow within NSX

Image
Below article details the traffic flow that happens within NSX Host preparation process during NSX installation creates the VXLAN (netcpa) and firewall (vsfwd) capabilities within every host or cluster. Thus every host gets ready to operate NSX attributes. Transport Zone are considered as the boundary of the VXLANs or the logical switches. Whenever a logical switch is created it is attached to a Transport Zone (Global or Universal). Since the hosts or the clusters are VXLAN ready thus they communicate with NSX Controllers through User World Agent (UWA) process that operates via netcpa services. NSX Controllers are privotal in NSX architecture and are part of control plane of NSX architecture as they build and retain VTEP table, MAC table and ARP table for every VNI or VXLAN. In case any host that is not having any of these information first contacts NSX Controllers to gain respective destination MAC/IP details. NSX Controllers on the other hand build these tables (VTEP tabl...
Read more