When setting up a NAT gateway with Amazon VPCs, size matters


Amazon’s cloud computing services have made launching an app or a startup easier than it has ever been. Sometimes getting set up may be a little too easy and you can overlook a simple step that can save your business time, frustration and money.

Paying attention to the size of your NAT gateway is really important when creating your Amazon Virtual Private Cloud (VPC) computing environment, and it’s important to monitor as your business scales.

The NAT gateway is what allows your VPC to communicate with Amazon services, the Internet, and more importantly — your customers. It will impact the speed with which your end users will be able to complete the tasks they want to perform through your service. The selection of the NAT gateway instance size is a simple drop-down menu. But it’s a drop-down menu you should pay attention to!

The size of the NAT gateway instance you select depends on the characteristics of the network traffic between your VPC and the Internet. It’s a balance you’ll have to determine between size and cost. You may be able to get by with a smaller size when you are just starting out, but as  your traffic demands go up, be sure to check the throughput periodically to make sure that you are running a fast enough NAT gateway.

You may have to experiment to strike the right mix to keep up with your growth. If you don’t, the result can be sluggish performance even though everything inside your VPC is working just fine. You’ll be getting diminished returns, but there won’t be any alarm bells going off. When the NAT gateway starts throttling everything to the maximum throughput of your gateway, it can be difficult to tell that your NAT gateway is saturated because the instance load average will remain low. Amazon grades instance network connectivity for their instances as High, Moderate, and Low, without hard numbers. Some who have tested suggest that Low can sustain 10-15 megabits/second, Moderate 80-90 Megabits/s, and High 750-800 Megabits/second.

In addition to adjusting the size of your NAT gateway, consider splitting loads across multiple gateways as your requests scale up. This will allow you better load balance and alleviate pressure on a single instance.

This used to be a worse problem for services running on Amazon before Amazon released its VPC endpoints. Prior to the VPC endpoints release, all traffic from your VPC to the internet and even to Amazon S3 ran through your NAT gateway. The release of the endpoint alleviated some of that congestion by removing S3 network traffic from the NAT gateway. Only S3 is supported by VPC endpoints today, expect additional endpoints to support other Amazon services at some point.

This all probably seems extremely simple. There isn’t much of a technical answer on this particular topic because the installation is easy and maintenance is nearly non-existent. For us, when we noticed a problem, it was faster and easier to just drop in a bigger instance and see if performance improved (it did).

Consider this post an important reminder that once you set up your NAT gateway, remember its sizing as a possible pain point in your Ops resources. Thankfully, it’s an easy fix. For more help, here’s a good checklist for some Amazon VPC best practices.