Share via

Inquiry about Migrating From Load Balancer SNAT to Nat Gateway

Ahmed Sameh 50 Reputation points Microsoft Employee
2023-03-22T15:05:34.8033333+00:00

Hey,
i hope you have a good day.
I'm Ahmed from OneService Team for Microsoft News Backend and Infrastructure
we currently handling our Outbound traffic using the SNAT of public load balancers, but we are planning to migrate our outbound traffic to NAT Gateway
we are wondering if after migrating to Nat Gateways Can we decrease the number of public IPs for the load balancers (splitting the load balancer public IPs between Load Balancer and The Nat Gateway)
and (if possible) how we can find the correct ratio of splitting.

Regards
Ahmed

Azure Traffic Manager
Azure Traffic Manager
An Azure service that is used to route incoming network traffic for high performance and availability.
111 questions
Azure Load Balancer
Azure Load Balancer
An Azure service that delivers high availability and network performance to applications.
411 questions
0 comments
Accepted answer
  1. KapilAnanth-MSFT 37,406 Reputation points Microsoft Employee
    2023-03-23T05:34:49+00:00

    @Ahmed Sameh

    Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.

    I understand that you would like to know more about NAT Gateway.

    The main and notable difference between a Load Balancer SNAT and NAT Gateway is that,

    • NAT Gateway uses dynamic ports for new connections based on demand of each VM
    • User's image
    • where as, Azure LB has already pre allocated the ports to a backend VM and will only use the ports from this pre allocated pool of ports.
    • User's image

    NAT gateway can scale up to over 1 million SNAT ports, supporting upto 16 Public IP Addresses.

    A single public IP address provides 64,512 SNAT ports to make outbound connections.

    Also, the NAT Gateway can resuse a SNAT port in case new connections are being made to a different IP. So, even after 64,512 SNAT connections, there will still be newer connections using a single IP.

    As you can see, with NAT Gateway, there is no concept of manually allocating ports to individual VMs. Every thins is automatically taken care of by Azure Platform.

    P.S :

    • NAT gateway takes precedence over other outbound scenarios (including Load balancer and instance-level public IP addresses) and replaces the default Internet destination of a subnet
    • This is by design and you cannot distribute traffic between LB and NAT Gateway

    References:

    Kindly let us know if this helps or you need further assistance on this issue.

    Thanks,

    Kapil

    Please don’t forget to close the thread by clicking "Accept the answer" wherever the information provided helps you, as this can be beneficial to other community members.

    2 people found this answer helpful.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest