AWS NAT vs AWS IGW vs AWS Router
As per this answer, router and gateway are same devices, in terms of functionality.
In AWS world, we have internet gateway, NAT gateway and router
Are these three not the same?
amazon-web-services amazon-vpc gateway amazon-nat-gateway
add a comment |
As per this answer, router and gateway are same devices, in terms of functionality.
In AWS world, we have internet gateway, NAT gateway and router
Are these three not the same?
amazon-web-services amazon-vpc gateway amazon-nat-gateway
add a comment |
As per this answer, router and gateway are same devices, in terms of functionality.
In AWS world, we have internet gateway, NAT gateway and router
Are these three not the same?
amazon-web-services amazon-vpc gateway amazon-nat-gateway
As per this answer, router and gateway are same devices, in terms of functionality.
In AWS world, we have internet gateway, NAT gateway and router
Are these three not the same?
amazon-web-services amazon-vpc gateway amazon-nat-gateway
amazon-web-services amazon-vpc gateway amazon-nat-gateway
edited Jan 8 at 9:26
I-P-X
1289
1289
asked Jan 8 at 4:29
user1787812user1787812
1685
1685
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
No they are not the same.
Internet Gateway
- Routes traffic from instances with Public IPs to the Internet.
- It simply forwards traffic between Public IPs in your VPC and Public IPs in the internet back and forth, mostly unchanged.
- Gateways can sometimes be called routers but AWS doesn't use this term.
NAT Gateway
- Routes traffic from instances with only Private IPs (i.e. without Public IPs) to the Internet.
- It translates the Private source IPs of your instances to the NAT Gateway's Public IP - hence it's called NAT - Network Address Translation.
VPN Gateway
- Routes traffic between Private IPs in your VPC and Private IPs in your data-centre.
- It's not used to access Internet and doesn't change any addresses.
VPC Peering
- Routes traffic between Private IPs of instances in different VPCs
- It's not used to access Internet and doesn't change any addresses.
- Routes traffic between Private IPs of instances in different VPCs
Hosted router appliances
- Routing / firewalling software running on EC2, e.g. Cisco CSR 1000, OpenVPN or similar gateways.
- Used for special purposes, if you need it you probably know what you're doing.
Your link to "router" actually links to Route Tables
Route Table is essentially a list of rules - IP address prefixes and their gateways.- The rules are evaluated from the most specific to the least specific, i.e. the best match is used.
- Default route
0.0.0.0/0
covers all addresses in the whole internet.
- In Public VPC subnets this default route usually points to IGW
- In Private VPC subnets this default route usually points to NAT GW
- In Public VPC subnets this default route usually points to IGW
- More specific routes (e.g.
10.20.30.0/24
) may point to VPN GW or VPC Peering GW or Router appliance.
Hope that answers the question :)
Really good answer. Something I'd like clarified: does the NAT Gateway allow port forwards? (or other features of a home NAT router) Do any of these act as a firewall? (I believe no--firewalling is handled at the instances via security groups)
– Aleksandr Dubinsky
17 hours ago
@AleksandrDubinsky Nope, NAT GW can’t do port forwarding from outside. You can use Network Load Balancer to achieve the same though.
– MLu
11 hours ago
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "2"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f948018%2faws-nat-vs-aws-igw-vs-aws-router%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
No they are not the same.
Internet Gateway
- Routes traffic from instances with Public IPs to the Internet.
- It simply forwards traffic between Public IPs in your VPC and Public IPs in the internet back and forth, mostly unchanged.
- Gateways can sometimes be called routers but AWS doesn't use this term.
NAT Gateway
- Routes traffic from instances with only Private IPs (i.e. without Public IPs) to the Internet.
- It translates the Private source IPs of your instances to the NAT Gateway's Public IP - hence it's called NAT - Network Address Translation.
VPN Gateway
- Routes traffic between Private IPs in your VPC and Private IPs in your data-centre.
- It's not used to access Internet and doesn't change any addresses.
VPC Peering
- Routes traffic between Private IPs of instances in different VPCs
- It's not used to access Internet and doesn't change any addresses.
- Routes traffic between Private IPs of instances in different VPCs
Hosted router appliances
- Routing / firewalling software running on EC2, e.g. Cisco CSR 1000, OpenVPN or similar gateways.
- Used for special purposes, if you need it you probably know what you're doing.
Your link to "router" actually links to Route Tables
Route Table is essentially a list of rules - IP address prefixes and their gateways.- The rules are evaluated from the most specific to the least specific, i.e. the best match is used.
- Default route
0.0.0.0/0
covers all addresses in the whole internet.
- In Public VPC subnets this default route usually points to IGW
- In Private VPC subnets this default route usually points to NAT GW
- In Public VPC subnets this default route usually points to IGW
- More specific routes (e.g.
10.20.30.0/24
) may point to VPN GW or VPC Peering GW or Router appliance.
Hope that answers the question :)
Really good answer. Something I'd like clarified: does the NAT Gateway allow port forwards? (or other features of a home NAT router) Do any of these act as a firewall? (I believe no--firewalling is handled at the instances via security groups)
– Aleksandr Dubinsky
17 hours ago
@AleksandrDubinsky Nope, NAT GW can’t do port forwarding from outside. You can use Network Load Balancer to achieve the same though.
– MLu
11 hours ago
add a comment |
No they are not the same.
Internet Gateway
- Routes traffic from instances with Public IPs to the Internet.
- It simply forwards traffic between Public IPs in your VPC and Public IPs in the internet back and forth, mostly unchanged.
- Gateways can sometimes be called routers but AWS doesn't use this term.
NAT Gateway
- Routes traffic from instances with only Private IPs (i.e. without Public IPs) to the Internet.
- It translates the Private source IPs of your instances to the NAT Gateway's Public IP - hence it's called NAT - Network Address Translation.
VPN Gateway
- Routes traffic between Private IPs in your VPC and Private IPs in your data-centre.
- It's not used to access Internet and doesn't change any addresses.
VPC Peering
- Routes traffic between Private IPs of instances in different VPCs
- It's not used to access Internet and doesn't change any addresses.
- Routes traffic between Private IPs of instances in different VPCs
Hosted router appliances
- Routing / firewalling software running on EC2, e.g. Cisco CSR 1000, OpenVPN or similar gateways.
- Used for special purposes, if you need it you probably know what you're doing.
Your link to "router" actually links to Route Tables
Route Table is essentially a list of rules - IP address prefixes and their gateways.- The rules are evaluated from the most specific to the least specific, i.e. the best match is used.
- Default route
0.0.0.0/0
covers all addresses in the whole internet.
- In Public VPC subnets this default route usually points to IGW
- In Private VPC subnets this default route usually points to NAT GW
- In Public VPC subnets this default route usually points to IGW
- More specific routes (e.g.
10.20.30.0/24
) may point to VPN GW or VPC Peering GW or Router appliance.
Hope that answers the question :)
Really good answer. Something I'd like clarified: does the NAT Gateway allow port forwards? (or other features of a home NAT router) Do any of these act as a firewall? (I believe no--firewalling is handled at the instances via security groups)
– Aleksandr Dubinsky
17 hours ago
@AleksandrDubinsky Nope, NAT GW can’t do port forwarding from outside. You can use Network Load Balancer to achieve the same though.
– MLu
11 hours ago
add a comment |
No they are not the same.
Internet Gateway
- Routes traffic from instances with Public IPs to the Internet.
- It simply forwards traffic between Public IPs in your VPC and Public IPs in the internet back and forth, mostly unchanged.
- Gateways can sometimes be called routers but AWS doesn't use this term.
NAT Gateway
- Routes traffic from instances with only Private IPs (i.e. without Public IPs) to the Internet.
- It translates the Private source IPs of your instances to the NAT Gateway's Public IP - hence it's called NAT - Network Address Translation.
VPN Gateway
- Routes traffic between Private IPs in your VPC and Private IPs in your data-centre.
- It's not used to access Internet and doesn't change any addresses.
VPC Peering
- Routes traffic between Private IPs of instances in different VPCs
- It's not used to access Internet and doesn't change any addresses.
- Routes traffic between Private IPs of instances in different VPCs
Hosted router appliances
- Routing / firewalling software running on EC2, e.g. Cisco CSR 1000, OpenVPN or similar gateways.
- Used for special purposes, if you need it you probably know what you're doing.
Your link to "router" actually links to Route Tables
Route Table is essentially a list of rules - IP address prefixes and their gateways.- The rules are evaluated from the most specific to the least specific, i.e. the best match is used.
- Default route
0.0.0.0/0
covers all addresses in the whole internet.
- In Public VPC subnets this default route usually points to IGW
- In Private VPC subnets this default route usually points to NAT GW
- In Public VPC subnets this default route usually points to IGW
- More specific routes (e.g.
10.20.30.0/24
) may point to VPN GW or VPC Peering GW or Router appliance.
Hope that answers the question :)
No they are not the same.
Internet Gateway
- Routes traffic from instances with Public IPs to the Internet.
- It simply forwards traffic between Public IPs in your VPC and Public IPs in the internet back and forth, mostly unchanged.
- Gateways can sometimes be called routers but AWS doesn't use this term.
NAT Gateway
- Routes traffic from instances with only Private IPs (i.e. without Public IPs) to the Internet.
- It translates the Private source IPs of your instances to the NAT Gateway's Public IP - hence it's called NAT - Network Address Translation.
VPN Gateway
- Routes traffic between Private IPs in your VPC and Private IPs in your data-centre.
- It's not used to access Internet and doesn't change any addresses.
VPC Peering
- Routes traffic between Private IPs of instances in different VPCs
- It's not used to access Internet and doesn't change any addresses.
- Routes traffic between Private IPs of instances in different VPCs
Hosted router appliances
- Routing / firewalling software running on EC2, e.g. Cisco CSR 1000, OpenVPN or similar gateways.
- Used for special purposes, if you need it you probably know what you're doing.
Your link to "router" actually links to Route Tables
Route Table is essentially a list of rules - IP address prefixes and their gateways.- The rules are evaluated from the most specific to the least specific, i.e. the best match is used.
- Default route
0.0.0.0/0
covers all addresses in the whole internet.
- In Public VPC subnets this default route usually points to IGW
- In Private VPC subnets this default route usually points to NAT GW
- In Public VPC subnets this default route usually points to IGW
- More specific routes (e.g.
10.20.30.0/24
) may point to VPN GW or VPC Peering GW or Router appliance.
Hope that answers the question :)
answered Jan 8 at 5:02
MLuMLu
6,76211739
6,76211739
Really good answer. Something I'd like clarified: does the NAT Gateway allow port forwards? (or other features of a home NAT router) Do any of these act as a firewall? (I believe no--firewalling is handled at the instances via security groups)
– Aleksandr Dubinsky
17 hours ago
@AleksandrDubinsky Nope, NAT GW can’t do port forwarding from outside. You can use Network Load Balancer to achieve the same though.
– MLu
11 hours ago
add a comment |
Really good answer. Something I'd like clarified: does the NAT Gateway allow port forwards? (or other features of a home NAT router) Do any of these act as a firewall? (I believe no--firewalling is handled at the instances via security groups)
– Aleksandr Dubinsky
17 hours ago
@AleksandrDubinsky Nope, NAT GW can’t do port forwarding from outside. You can use Network Load Balancer to achieve the same though.
– MLu
11 hours ago
Really good answer. Something I'd like clarified: does the NAT Gateway allow port forwards? (or other features of a home NAT router) Do any of these act as a firewall? (I believe no--firewalling is handled at the instances via security groups)
– Aleksandr Dubinsky
17 hours ago
Really good answer. Something I'd like clarified: does the NAT Gateway allow port forwards? (or other features of a home NAT router) Do any of these act as a firewall? (I believe no--firewalling is handled at the instances via security groups)
– Aleksandr Dubinsky
17 hours ago
@AleksandrDubinsky Nope, NAT GW can’t do port forwarding from outside. You can use Network Load Balancer to achieve the same though.
– MLu
11 hours ago
@AleksandrDubinsky Nope, NAT GW can’t do port forwarding from outside. You can use Network Load Balancer to achieve the same though.
– MLu
11 hours ago
add a comment |
Thanks for contributing an answer to Server Fault!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f948018%2faws-nat-vs-aws-igw-vs-aws-router%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown