NAT GW Flashcards
What does NAT mean?
Network address translation
Definition of NAT
Set of different processes that can address IP packets by changing their source or destination addresses.
What does IP Masquerading do? What does IP Masquerading allow?
it hides CIDR blocks behind one IP. It allows many IPv4 addresses to use one public IP for “outgoing only” internet access.
What does normally happen to incoming connections when using NAT or IP masquerading?
The incoming connections don’t work unless they are a response to an outgoing communication.
What does normally happen to outgoing connections when using NAT or IP masquerading?
NAT is designed to let outgoing communication pass, any response traffic result of the outgoing communication is allowed.
Which type of subnet should be chosen for using NAT GWs? Private or public and why?
Public, to be able to allocate a public IPv4 to the NAT GW.
For what are public subnets needed in your VPC when using NAT GWs?
To allocate public IPv4 addresses.
Is there anything to be configured in Route tables to use NAT GWs?
Default routes are required to point to the IGW so that the traffic can be routed.
Which type of IPs are used by NAT GWs?
Elastic IPs (static public IPv4.
Where are elastic IPs allocated?
To your account in a region.
What type of resilience do NAT GWs offer?
AZ resilience.
Are NAT GWs highly available?
Yes, they are highly available within the AZ.
What happens to NAT GWs if a whole AZ fails?
As NAT GWs are AZ resilient, there would not be any recovery.
What can you do to have a fully region resilient service?
You must deploy one NATGW in each AZ with a route table in each AZ with NATGW as target
Is there any disadvantage when designing a fully region resilient service?
Yes, it is pricy
Are NAT GWs managed by AWS?
Yes, they are provided as a managed service
What can you do to increase bandwidth?
you can deploy multiple NAT GWs and distribute your services to use more NAT GWs.
What are NAT GWs billed for?
- Usage per hour - 4 cents per hour approx.
2. Data volume processed - 4 cents per GB of processed data.
Can NAT GWs be used to do port forwarding or be bastion hosts?
No, EC2 instances are used for this, you can run a NAT EC2 instance.
What do you need to adjust in the EC2 configuration to use EC2 as a NAT?
You must disable the feature “Source/Destination Checks”
What do NAT EC2 and NAT GWs have in common?
They need to run in a public subnet.
They both need a functional IGW.
Which is easier to be used, NAT GWs or NAT EC2 instances?
In most situations, NAT GWs.
What are the disadvantages of using NAT EC2 instances?
- It has more points of failure (Storage, instance itself, network, AZ)
- Limited to the resources assigned to the EC2 instance
When are NAT EC2 instances good?
- Test VPC
- For scenarios with really low volume
- Costs are predictable
- It can be used for multiple purposes (it is an EC2 in the end)
