action.skip
Megaport Documentation
Features
Copy for LLM ▼
Copy Page Content Open in ChatGPT Open in Claude Open in VS Code View Markdown
PDF

NAT Gateway Features

A Megaport NAT Gateway (NAT Gateway) provides Network Address Translation (NAT)Network Address Translation (NAT) translates private, unregistered IP addresses used within an organization’s internal network into a single registered public IP address before sending packets to an external network. NAT enables private IP networks to access the internet and cloud services.
 and routing services for your network traffic. This topic describes the features of NAT Gateways, including supported routing features, public IP address allocation, and security options.

VXC connections

NAT Gateway supports VXC connections to Cloud Service Providers (CSPs), other Megaport services, and private networks. You can create multiple connections from a NAT Gateway.

For more information, see Creating a NAT Gateway VXC.

Secure VLANs

The Q-in-Q802.1Q tunneling (also known as Q-in-Q or 802.1ad) is a technique used by OSI Layer 2 providers for customers. 802.1ad provides for both an inner and an outer tag whereby the outer (sometimes called S-tag for service provider) can be removed to expose the inner (C-tag or customer) tags that segment the data.
 Connection option allows either a single VLAN (non Q-in-Q, also known as 802.1Q) or stacked VLANs (Q-in-Q, also known as 802.1ad) to be carried over a VXC. In most cases, you will use a single VLAN that is exposed on the destination physical port as a trunked port instance, allowing the port to contain multiple VXCs to destinations other than the NAT Gateway being configured.

For certain use cases, you might need multiple inner VLANs exposed to a Port using Q-in-Q.

For more information about Q-in-Q, see Configuring Q-in-Q.

Note

NAT Gateway supports the standard Ethernet MTU of 1500 bytes.

Public IP address allocation

When ordering the NAT Gateway, public IP addresses are provided as needed, based on specific CSP requirements. Megaport allocates up to a /29 free of charge from the Megaport address space for this connectivity. You can also use your own public IP addresses.

For an Azure ExpressRoute primary and secondary IP address, Megaport provides a /30 or 4 addresses for each.

IP MTU (Maximum Transmission Unit)

IP MTU (Maximum Transmission Unit) refers to the largest size (in bytes) of an IP packet that can be sent over a network interface (VXC). Jumbo packets are larger than the standard 1500 bytes (MTU), and are typically used in high-performance networks to reduce overhead and improve efficiency.

You can set the IP MTU value on a NAT Gateway up to a maximum of 9070 (if Q-in-Q is enabled) or 9074 (if Q-in-Q is disabled).

Fewer, larger packets ensure faster data transfer with reduced packet processing overhead. This is ideal for transferring large files between clouds or improving performance for high-throughput applications, such as machine learning workloads.

Dynamic routing with BGP

Dynamic routing propagates route table updates from the NAT Gateway across VXCs to destination ports. NAT Gateway uses the Border Gateway Protocol (BGP) to provide flexible routing by exchanging routing information between peers.

NAT Gateway supports these BGP routing features:

Bidirectional forwarding detection (BFD)

Bidirectional Forwarding Detection (BFD) is a network fault detection protocol that detects any path failures between directly connected BGP neighbors. It provides fast failure detection times, which facilitates faster re-convergence time for dynamic BGP routing protocols. It is independent of media, routing protocol, and data.

Enabling BFD on a VXC connection provides fast link failure detection and failover when connecting to services that support BFD on the remote peer. After BFD is enabled, a BGP peer relationship can be torn down quickly after notifications from BFD, failing over to another BGP peer.

Multiple exit discriminator (MED)

Multi-Exit Discriminator (MED) is a BGP path attribute that can influence a BGP neighbor to take a preferred route when the advertising autonomous system (AS) is the same for candidate routes, and there are multiple entry points for that AS. A lower MED metric is preferred over a higher metric.

BGP administrative shutdown

BGP shutdown provides an easy way to administratively shut down a BGP connection without removing it. This feature can be useful while setting up a new route, performing maintenance, and so on.

Static routing

Without BGP, NAT Gateways use static routing to directly connect manually configured routes that access a single route. Static routing is generally used in place of BGP when a customer device does not support BGP or the target device requires manually configured IP addressing and routes.

Autonomous system number (ASN) support

An autonomous system (AS) is a single network or a set of networks and routers that are managed and supervised by a common network administrator (or group of administrators) on behalf of a single administrative entity, such as a business division. An AS is assigned a globally unique number that identifies the network to the world. NAT Gateway supports both 2-byte and 4-byte autonomous system numbers (ASNs).

ASN support includes per-peer local ASNs.

Limitations

Only Source NAT (outbound) is supported. The NAT Gateway translates private source addresses to a public IP for traffic initiated from within your private network. Destination NAT, which would translate a public IP address originating from the internet to a private destination address, is not supported.

For workloads requiring fewer than 128,000 concurrent NAT sessions, a Megaport Cloud Router (MCR) might be more appropriate. MCRs include built-in NAT functionality suited to lower-volume use cases. For more information, see How MCR Performs NAT.

Helpful references