NAT GW

Question 1

What does NAT mean?

Answer 1

Network address translation

Question 2

Definition of NAT

Answer 2

Set of different processes that can address IP packets by changing their source or destination addresses.

Question 3

What does IP Masquerading do? What does IP Masquerading allow?

Answer 3

it hides CIDR blocks behind one IP. It allows many IPv4 addresses to use one public IP for “outgoing only” internet access.

Question 4

What does normally happen to incoming connections when using NAT or IP masquerading?

Answer 4

The incoming connections don’t work unless they are a response to an outgoing communication.

Question 5

What does normally happen to outgoing connections when using NAT or IP masquerading?

Answer 5

NAT is designed to let outgoing communication pass, any response traffic result of the outgoing communication is allowed.

Question 6

Which type of subnet should be chosen for using NAT GWs? Private or public and why?

Answer 6

Public, to be able to allocate a public IPv4 to the NAT GW.

Question 7

For what are public subnets needed in your VPC when using NAT GWs?

Answer 7

To allocate public IPv4 addresses.

Question 8

Is there anything to be configured in Route tables to use NAT GWs?

Answer 8

Default routes are required to point to the IGW so that the traffic can be routed.

Question 9

Which type of IPs are used by NAT GWs?

Answer 9

Elastic IPs (static public IPv4.

Question 10

Where are elastic IPs allocated?

Answer 10

To your account in a region.

Question 11

What type of resilience do NAT GWs offer?

Answer 11

AZ resilience.

Question 12

Are NAT GWs highly available?

Answer 12

Yes, they are highly available within the AZ.

Question 13

What happens to NAT GWs if a whole AZ fails?

Answer 13

As NAT GWs are AZ resilient, there would not be any recovery.

Question 14

What can you do to have a fully region resilient service?

Answer 14

You must deploy one NATGW in each AZ with a route table in each AZ with NATGW as target

Question 15

Is there any disadvantage when designing a fully region resilient service?

Answer 15

Yes, it is pricy

Question 16

Are NAT GWs managed by AWS?

Answer 16

Yes, they are provided as a managed service

Question 17

What can you do to increase bandwidth?

Answer 17

you can deploy multiple NAT GWs and distribute your services to use more NAT GWs.

Question 18

What are NAT GWs billed for?

Answer 18

1. Usage per hour - 4 cents per hour approx.

2. Data volume processed - 4 cents per GB of processed data.

Question 19

Can NAT GWs be used to do port forwarding or be bastion hosts?

Answer 19

No, EC2 instances are used for this, you can run a NAT EC2 instance.

Question 20

What do you need to adjust in the EC2 configuration to use EC2 as a NAT?

Answer 20

You must disable the feature “Source/Destination Checks”

Question 21

What do NAT EC2 and NAT GWs have in common?

Answer 21

They need to run in a public subnet.

They both need a functional IGW.

Question 22

Which is easier to be used, NAT GWs or NAT EC2 instances?

Answer 22

In most situations, NAT GWs.

Question 23

What are the disadvantages of using NAT EC2 instances?

Answer 23

1. It has more points of failure (Storage, instance itself, network, AZ)
2. Limited to the resources assigned to the EC2 instance

Question 24

When are NAT EC2 instances good?

Answer 24

1. Test VPC
2. For scenarios with really low volume
3. Costs are predictable
4. It can be used for multiple purposes (it is an EC2 in the end)

Question 25

When are NAT GWs better than NAT EC2 instances?

Answer 25

If you prefer:

1. Availability
2. Bandwidth
3. Lower level of maintenance
4. High performance

Question 26

What are the limitations of NAT GWs?

Answer 26

It is not free tier.
It can’t do portforwarding.
It can’t be used as a bastion host.
It can only use NACLs, not SGs.

Question 27

Are NATs required for IPv6 addresses?

Answer 27

No, IPv6 addresses are publicly routable.

Question 28

How do you configure your route tables and IGW to have bi-directional traffic when using IPv6 addreses?

Answer 28

::/0 route pointing to the IGW

Question 29

How do you configure your route tables and IGW to have outbound-only traffic when using IPv6 addreses?

Answer 29

::/0 route pointing to a Egress-only internet gateway

Question 30

When creating a NAT GW, does it get automatically an elastic IP?

Answer 30

No, this is a manual configuration

Question 31

What is the main use for NAT GWs?

Answer 31

It is used to allow private instances to have outgoing-only communication to the public internet, this can be for example Software updates…