VCN - Virtual Cloud Network
Q) What is the different between Internet Gateway Vs NAT gateway?
🔹 Internet Gateway (IG):
-
It allows bi-directional traffic (inbound & outbound) between the public internet and resources in a public subnet.
-
Resources must have a public IP address to use an Internet Gateway.
-
Used when your compute instances or load balancers need to be directly accessible from the internet.
-
You can have only one Internet Gateway per VCN.
-
Requires updating route tables and security lists to allow traffic.
✅ Example: Hosting a public web application server that users access via the internet.
🔹 NAT Gateway:
-
It allows outbound-only internet access for instances in a private subnet (i.e., instances without public IPs).
-
No inbound traffic from the internet is allowed, which makes it more secure.
-
It allows downloading patches, software updates, or communicating with external services without exposing the instance.
-
You can create multiple NAT Gateways in a VCN, but a subnet can route traffic to only one NAT Gateway.
-
Requires route table entries to direct traffic from private subnets to the NAT Gateway.
✅ Example: A private application server that needs to install OS updates from the internet but must remain unreachable from outside.
🔸 Summary Comparison:
| Feature | Internet Gateway | NAT Gateway |
|---|---|---|
| Used With | Public Subnets | Private Subnets |
| Public IP Required | Yes | No |
| Traffic Type | Inbound and Outbound | Outbound Only |
| Security | Less Secure (Exposed) | More Secure (No Internet Inbound) |
| Number Allowed per VCN | 1 | Multiple |
| Subnet Routing Limitation | N/A | One NAT per subnet (via route table) |
No comments:
Post a Comment