AWS NAT vs AWS IGW vs AWS Router












10















As per this answer, router and gateway are same devices, in terms of functionality.



In AWS world, we have internet gateway, NAT gateway and router



Are these three not the same?










share|improve this question





























    10















    As per this answer, router and gateway are same devices, in terms of functionality.



    In AWS world, we have internet gateway, NAT gateway and router



    Are these three not the same?










    share|improve this question



























      10












      10








      10








      As per this answer, router and gateway are same devices, in terms of functionality.



      In AWS world, we have internet gateway, NAT gateway and router



      Are these three not the same?










      share|improve this question
















      As per this answer, router and gateway are same devices, in terms of functionality.



      In AWS world, we have internet gateway, NAT gateway and router



      Are these three not the same?







      amazon-web-services amazon-vpc gateway amazon-nat-gateway






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Jan 8 at 9:26









      I-P-X

      1289




      1289










      asked Jan 8 at 4:29









      user1787812user1787812

      1685




      1685






















          1 Answer
          1






          active

          oldest

          votes


















          18














          No they are not the same.





          1. Internet Gateway




            • Routes traffic from instances with Public IPs to the Internet.

            • It simply forwards traffic between Public IPs in your VPC and Public IPs in the internet back and forth, mostly unchanged.

            • Gateways can sometimes be called routers but AWS doesn't use this term.




          2. NAT Gateway




            • Routes traffic from instances with only Private IPs (i.e. without Public IPs) to the Internet.

            • It translates the Private source IPs of your instances to the NAT Gateway's Public IP - hence it's called NAT - Network Address Translation.




          3. VPN Gateway




            • Routes traffic between Private IPs in your VPC and Private IPs in your data-centre.

            • It's not used to access Internet and doesn't change any addresses.




          4. VPC Peering




            • Routes traffic between Private IPs of instances in different VPCs

            • It's not used to access Internet and doesn't change any addresses.




          5. Hosted router appliances




            • Routing / firewalling software running on EC2, e.g. Cisco CSR 1000, OpenVPN or similar gateways.

            • Used for special purposes, if you need it you probably know what you're doing.




          Your link to "router" actually links to Route Tables





          • Route Table is essentially a list of rules - IP address prefixes and their gateways.

          • The rules are evaluated from the most specific to the least specific, i.e. the best match is used.

          • Default route 0.0.0.0/0 covers all addresses in the whole internet.


            • In Public VPC subnets this default route usually points to IGW

            • In Private VPC subnets this default route usually points to NAT GW



          • More specific routes (e.g. 10.20.30.0/24) may point to VPN GW or VPC Peering GW or Router appliance.


          Hope that answers the question :)






          share|improve this answer
























          • Really good answer. Something I'd like clarified: does the NAT Gateway allow port forwards? (or other features of a home NAT router) Do any of these act as a firewall? (I believe no--firewalling is handled at the instances via security groups)

            – Aleksandr Dubinsky
            17 hours ago











          • @AleksandrDubinsky Nope, NAT GW can’t do port forwarding from outside. You can use Network Load Balancer to achieve the same though.

            – MLu
            11 hours ago











          Your Answer








          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "2"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f948018%2faws-nat-vs-aws-igw-vs-aws-router%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes









          18














          No they are not the same.





          1. Internet Gateway




            • Routes traffic from instances with Public IPs to the Internet.

            • It simply forwards traffic between Public IPs in your VPC and Public IPs in the internet back and forth, mostly unchanged.

            • Gateways can sometimes be called routers but AWS doesn't use this term.




          2. NAT Gateway




            • Routes traffic from instances with only Private IPs (i.e. without Public IPs) to the Internet.

            • It translates the Private source IPs of your instances to the NAT Gateway's Public IP - hence it's called NAT - Network Address Translation.




          3. VPN Gateway




            • Routes traffic between Private IPs in your VPC and Private IPs in your data-centre.

            • It's not used to access Internet and doesn't change any addresses.




          4. VPC Peering




            • Routes traffic between Private IPs of instances in different VPCs

            • It's not used to access Internet and doesn't change any addresses.




          5. Hosted router appliances




            • Routing / firewalling software running on EC2, e.g. Cisco CSR 1000, OpenVPN or similar gateways.

            • Used for special purposes, if you need it you probably know what you're doing.




          Your link to "router" actually links to Route Tables





          • Route Table is essentially a list of rules - IP address prefixes and their gateways.

          • The rules are evaluated from the most specific to the least specific, i.e. the best match is used.

          • Default route 0.0.0.0/0 covers all addresses in the whole internet.


            • In Public VPC subnets this default route usually points to IGW

            • In Private VPC subnets this default route usually points to NAT GW



          • More specific routes (e.g. 10.20.30.0/24) may point to VPN GW or VPC Peering GW or Router appliance.


          Hope that answers the question :)






          share|improve this answer
























          • Really good answer. Something I'd like clarified: does the NAT Gateway allow port forwards? (or other features of a home NAT router) Do any of these act as a firewall? (I believe no--firewalling is handled at the instances via security groups)

            – Aleksandr Dubinsky
            17 hours ago











          • @AleksandrDubinsky Nope, NAT GW can’t do port forwarding from outside. You can use Network Load Balancer to achieve the same though.

            – MLu
            11 hours ago
















          18














          No they are not the same.





          1. Internet Gateway




            • Routes traffic from instances with Public IPs to the Internet.

            • It simply forwards traffic between Public IPs in your VPC and Public IPs in the internet back and forth, mostly unchanged.

            • Gateways can sometimes be called routers but AWS doesn't use this term.




          2. NAT Gateway




            • Routes traffic from instances with only Private IPs (i.e. without Public IPs) to the Internet.

            • It translates the Private source IPs of your instances to the NAT Gateway's Public IP - hence it's called NAT - Network Address Translation.




          3. VPN Gateway




            • Routes traffic between Private IPs in your VPC and Private IPs in your data-centre.

            • It's not used to access Internet and doesn't change any addresses.




          4. VPC Peering




            • Routes traffic between Private IPs of instances in different VPCs

            • It's not used to access Internet and doesn't change any addresses.




          5. Hosted router appliances




            • Routing / firewalling software running on EC2, e.g. Cisco CSR 1000, OpenVPN or similar gateways.

            • Used for special purposes, if you need it you probably know what you're doing.




          Your link to "router" actually links to Route Tables





          • Route Table is essentially a list of rules - IP address prefixes and their gateways.

          • The rules are evaluated from the most specific to the least specific, i.e. the best match is used.

          • Default route 0.0.0.0/0 covers all addresses in the whole internet.


            • In Public VPC subnets this default route usually points to IGW

            • In Private VPC subnets this default route usually points to NAT GW



          • More specific routes (e.g. 10.20.30.0/24) may point to VPN GW or VPC Peering GW or Router appliance.


          Hope that answers the question :)






          share|improve this answer
























          • Really good answer. Something I'd like clarified: does the NAT Gateway allow port forwards? (or other features of a home NAT router) Do any of these act as a firewall? (I believe no--firewalling is handled at the instances via security groups)

            – Aleksandr Dubinsky
            17 hours ago











          • @AleksandrDubinsky Nope, NAT GW can’t do port forwarding from outside. You can use Network Load Balancer to achieve the same though.

            – MLu
            11 hours ago














          18












          18








          18







          No they are not the same.





          1. Internet Gateway




            • Routes traffic from instances with Public IPs to the Internet.

            • It simply forwards traffic between Public IPs in your VPC and Public IPs in the internet back and forth, mostly unchanged.

            • Gateways can sometimes be called routers but AWS doesn't use this term.




          2. NAT Gateway




            • Routes traffic from instances with only Private IPs (i.e. without Public IPs) to the Internet.

            • It translates the Private source IPs of your instances to the NAT Gateway's Public IP - hence it's called NAT - Network Address Translation.




          3. VPN Gateway




            • Routes traffic between Private IPs in your VPC and Private IPs in your data-centre.

            • It's not used to access Internet and doesn't change any addresses.




          4. VPC Peering




            • Routes traffic between Private IPs of instances in different VPCs

            • It's not used to access Internet and doesn't change any addresses.




          5. Hosted router appliances




            • Routing / firewalling software running on EC2, e.g. Cisco CSR 1000, OpenVPN or similar gateways.

            • Used for special purposes, if you need it you probably know what you're doing.




          Your link to "router" actually links to Route Tables





          • Route Table is essentially a list of rules - IP address prefixes and their gateways.

          • The rules are evaluated from the most specific to the least specific, i.e. the best match is used.

          • Default route 0.0.0.0/0 covers all addresses in the whole internet.


            • In Public VPC subnets this default route usually points to IGW

            • In Private VPC subnets this default route usually points to NAT GW



          • More specific routes (e.g. 10.20.30.0/24) may point to VPN GW or VPC Peering GW or Router appliance.


          Hope that answers the question :)






          share|improve this answer













          No they are not the same.





          1. Internet Gateway




            • Routes traffic from instances with Public IPs to the Internet.

            • It simply forwards traffic between Public IPs in your VPC and Public IPs in the internet back and forth, mostly unchanged.

            • Gateways can sometimes be called routers but AWS doesn't use this term.




          2. NAT Gateway




            • Routes traffic from instances with only Private IPs (i.e. without Public IPs) to the Internet.

            • It translates the Private source IPs of your instances to the NAT Gateway's Public IP - hence it's called NAT - Network Address Translation.




          3. VPN Gateway




            • Routes traffic between Private IPs in your VPC and Private IPs in your data-centre.

            • It's not used to access Internet and doesn't change any addresses.




          4. VPC Peering




            • Routes traffic between Private IPs of instances in different VPCs

            • It's not used to access Internet and doesn't change any addresses.




          5. Hosted router appliances




            • Routing / firewalling software running on EC2, e.g. Cisco CSR 1000, OpenVPN or similar gateways.

            • Used for special purposes, if you need it you probably know what you're doing.




          Your link to "router" actually links to Route Tables





          • Route Table is essentially a list of rules - IP address prefixes and their gateways.

          • The rules are evaluated from the most specific to the least specific, i.e. the best match is used.

          • Default route 0.0.0.0/0 covers all addresses in the whole internet.


            • In Public VPC subnets this default route usually points to IGW

            • In Private VPC subnets this default route usually points to NAT GW



          • More specific routes (e.g. 10.20.30.0/24) may point to VPN GW or VPC Peering GW or Router appliance.


          Hope that answers the question :)







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Jan 8 at 5:02









          MLuMLu

          6,76211739




          6,76211739













          • Really good answer. Something I'd like clarified: does the NAT Gateway allow port forwards? (or other features of a home NAT router) Do any of these act as a firewall? (I believe no--firewalling is handled at the instances via security groups)

            – Aleksandr Dubinsky
            17 hours ago











          • @AleksandrDubinsky Nope, NAT GW can’t do port forwarding from outside. You can use Network Load Balancer to achieve the same though.

            – MLu
            11 hours ago



















          • Really good answer. Something I'd like clarified: does the NAT Gateway allow port forwards? (or other features of a home NAT router) Do any of these act as a firewall? (I believe no--firewalling is handled at the instances via security groups)

            – Aleksandr Dubinsky
            17 hours ago











          • @AleksandrDubinsky Nope, NAT GW can’t do port forwarding from outside. You can use Network Load Balancer to achieve the same though.

            – MLu
            11 hours ago

















          Really good answer. Something I'd like clarified: does the NAT Gateway allow port forwards? (or other features of a home NAT router) Do any of these act as a firewall? (I believe no--firewalling is handled at the instances via security groups)

          – Aleksandr Dubinsky
          17 hours ago





          Really good answer. Something I'd like clarified: does the NAT Gateway allow port forwards? (or other features of a home NAT router) Do any of these act as a firewall? (I believe no--firewalling is handled at the instances via security groups)

          – Aleksandr Dubinsky
          17 hours ago













          @AleksandrDubinsky Nope, NAT GW can’t do port forwarding from outside. You can use Network Load Balancer to achieve the same though.

          – MLu
          11 hours ago





          @AleksandrDubinsky Nope, NAT GW can’t do port forwarding from outside. You can use Network Load Balancer to achieve the same though.

          – MLu
          11 hours ago


















          draft saved

          draft discarded




















































          Thanks for contributing an answer to Server Fault!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f948018%2faws-nat-vs-aws-igw-vs-aws-router%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          Popular posts from this blog

          Mario Kart Wii

          The Binding of Isaac: Rebirth/Afterbirth

          What does “Dominus providebit” mean?