You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Azure NAT Gateway is a fully managed and highly resilient Network Address Translation (NAT) service. You can use Azure NAT Gateway to let all instances in a private subnet connect outbound to the internet while remaining fully private. Unsolicited inbound connections from the internet are not permitted through a NAT gateway. Only packets arriving as response packets to an outbound connection can pass through a NAT gateway.
17
+
Azure NAT Gateway is a fully managed and highly resilient Network Address Translation (NAT) service. You can use Azure NAT Gateway to let all instances in a private subnet connect outbound to the internet while remaining fully private. Unsolicited inbound connections from the internet aren't permitted through a NAT gateway. Only packets arriving as response packets to an outbound connection can pass through a NAT gateway.
18
18
19
19
NAT Gateway provides dynamic SNAT port functionality to automatically scale outbound connectivity and reduce the risk of SNAT port exhaustion.
20
20
@@ -34,7 +34,7 @@ Azure NAT Gateway provides outbound connectivity for many Azure resources, inclu
34
34
35
35
### Simple Setup
36
36
37
-
Deployments are intentionally made simple with NAT gateway. Attach NAT gateway to a subnet and public IP address and start connecting outbound to the internet right away. There is zero maintenance and routing configurations required. More public IPs or subnets can be addded later without impact to your existing configuration.
37
+
Deployments are intentionally made simple with NAT gateway. Attach NAT gateway to a subnet and public IP address and start connecting outbound to the internet right away. There's zero maintenance and routing configurations required. More public IPs or subnets can be added later without impact to your existing configuration.
NAT Gateway is built on the zero trust network security model and is secure by default. With NAT gateway, private instances within a subnet don't need public IP addresses to reach the internet. Private resources can reach external sources outside the virtual network by source network address translating (SNAT) to NAT gateway's static public IP addresses or prefixes. You can associate a public IP prefix to ensure that a contiguous set of IPs will be used for outbound. Destination firewall rules can be configured based on this predictable IP list.
48
+
NAT Gateway is built on the zero trust network security model and is secure by default. With NAT gateway, private instances within a subnet don't need public IP addresses to reach the internet. Private resources can reach external sources outside the virtual network by source network address translating (SNAT) to NAT gateway's static public IP addresses or prefixes. You can provide a contiguous set of IPs for outbound connectivity by using a public IP prefix. Destination firewall rules can be configured based on this predictable IP list.
49
49
50
50
### Resiliency
51
51
@@ -55,13 +55,13 @@ Azure NAT Gateway is a fully managed and distributed service. It doesn't depend
55
55
56
56
NAT gateway is scaled out from creation. There isn't a ramp up or scale-out operation required. Azure manages the operation of NAT gateway for you.
57
57
58
-
A NAT gateway resource can be associated to a subnet and can be used by all private resources in that subnet. All subnets in a virtual network can use the same NAT gateway resource. Outbound connectivity can be scaled out by assigning up to 16 public IP addresses or a /28 size public IP prefix to NAT gateway. When a NAT gateway is associated to a public IP prefix, it automatically scales to the number of IP addresses needed for outbound.
58
+
Attach NAT gateway to a subnet to provide outbound connectivity for all private resources in that subnet. All subnets in a virtual network can use the same NAT gateway resource. Outbound connectivity can be scaled out by assigning up to 16 public IP addresses or a /28 size public IP prefix to NAT gateway. When a NAT gateway is associated to a public IP prefix, it automatically scales to the number of IP addresses needed for outbound.
59
59
60
60
### Performance
61
61
62
62
Azure NAT Gateway is a software defined networking service. Each NAT gateway can process up to 50 Gbps of data for both outbound and return traffic.
63
63
64
-
A NAT gateway won't affect the network bandwidth of your compute resources. Learn more about [NAT gateway's performance](nat-gateway-resource.md#performance).
64
+
A NAT gateway doesn't affect the network bandwidth of your compute resources. Learn more about [NAT gateway's performance](nat-gateway-resource.md#performance).
65
65
66
66
## Azure NAT Gateway basics
67
67
@@ -78,17 +78,17 @@ A NAT gateway won't affect the network bandwidth of your compute resources. Lear
78
78
79
79
* NAT gateway takes precedence over other outbound connectivity methods, including Load balancer, instance-level public IP addresses, and Azure Firewall.
80
80
81
-
* When NAT gateway is configured to a virtual network where a different outbound connectivity method already exists, NAT gateway will take over all outbound traffic moving forward. There will be no drops in traffic flow for existing connections on Load balancer. All new connections will use NAT gateway.
81
+
* When NAT gateway is configured to a virtual network where a different outbound connectivity method already exists, NAT gateway takes over all outbound traffic moving forward. There are no drops in traffic flow for existing connections on Load balancer. All new connections use NAT gateway.
82
82
83
83
* NAT gateway doesn't have the same limitations of SNAT port exhaustion as does [default outbound access](../virtual-network/ip-services/default-outbound-access.md) and [outbound rules of a load balancer](../load-balancer/outbound-rules.md).
*A subnet’s default route to the internet is replaced by NAT gateway when configured. All traffic within the 0.0.0.0/0 prefix will have a next hop type to NAT gateway before connecting outbound to the internet.
89
+
*NAT gateway replaces a subnet’s default route to the internet when configured. All traffic within the 0.0.0.0/0 prefix have a next hop type to NAT gateway before connecting outbound to the internet.
90
90
91
-
* You can override a subnet’s default route to the internet through a NAT gateway with the creation of a custom user-defined route (UDR).
91
+
* You can override NAT gateway as a subnet’s next hop to the internet with the creation of a custom user-defined route (UDR).
92
92
93
93
* Presence of custom UDRs for virtual appliances and ExpressRoute override NAT gateway for directing internet bound traffic (route to the 0.0.0.0/0 address prefix).
94
94
@@ -115,7 +115,7 @@ Virtual appliance UDR / ExpressRoute >> NAT gateway >> Instance-level public IP
115
115
116
116
* NAT gateway can’t be associated to an IPv6 public IP address or IPv6 public IP prefix.
117
117
118
-
* NAT gateway can be used in conjunction with Load balancer using outbound rules to provide dual-stack outbound connectivity, see [dual stack outbound connectivity with NAT gateway and Load balancer](/azure/virtual-network/nat-gateway/tutorial-dual-stack-outbound-nat-load-balancer?tabs=dual-stack-outbound-portal).
118
+
* NAT gateway can be used with Load balancer using outbound rules to provide dual-stack outbound connectivity, see [dual stack outbound connectivity with NAT gateway and Load balancer](/azure/virtual-network/nat-gateway/tutorial-dual-stack-outbound-nat-load-balancer?tabs=dual-stack-outbound-portal).
119
119
120
120
* NAT gateway works with any virtual machine network interface or IP configuration. NAT gateway can SNAT multiple IP configurations on a NIC.
121
121
@@ -143,11 +143,11 @@ Virtual appliance UDR / ExpressRoute >> NAT gateway >> Instance-level public IP
143
143
144
144
### Connection timeouts and timers
145
145
146
-
* NAT gateway sends a TCP Reset (RST) packet for any connection flow that it does not recognize as an existing connection. The connection flow may no longer exist if the NAT gateway idle timeout was reached or the connection was closed earlier.
146
+
* NAT gateway sends a TCP Reset (RST) packet for any connection flow that it doesn't recognize as an existing connection. The connection flow may no longer exist if the NAT gateway idle timeout was reached or the connection was closed earlier.
147
147
148
-
* When the NAT gateway TCP RST packet is received by the sender of traffic on the nonexisting connection flow, this signifies that the connection is no longer usable.
148
+
* When the sender of traffic on the nonexisting connection flow receives the NAT gateway TCP RST packet, the connection is no longer usable.
149
149
150
-
* SNAT ports are not readily available for reuse to the same destination endpoint after a connection closes. NAT gateway places SNAT ports in a cool down state before they can be reused to connect to the same destination endpoint.
150
+
* SNAT ports aren't readily available for reuse to the same destination endpoint after a connection closes. NAT gateway places SNAT ports in a cool down state before they can be reused to connect to the same destination endpoint.
151
151
152
152
* SNAT port reuse (cool down) timer durations vary for TCP traffic depending on how the connection closes. To learn more, see [Port Reuse Timers](./nat-gateway-resource.md#port-reuse-timers).
0 commit comments