Azure Proactive Resiliency Library v2
Tools Glossary GitHub GitHub Issues Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Back to homepage

natGateways

Summary

RecommendationImpactCategoryAutomation AvailableIn Azure Advisor
Scale a NAT gateway to meet the demand of a dynamic workloadMediumScalabilityNoNo
Configure monitoring and alerting for NAT gatewayHighMonitoring and AlertingNoNo
Consider zonal NAT gateway deployment for zone isolation scenariosMediumHigh AvailabilityNoNo

Details


Scale a NAT gateway to meet the demand of a dynamic workload

Impact:  Medium Category:  Scalability

APRL GUID:  4281631c-3d19-4994-8d96-084c2a51a534

Description:

NAT Gateway provides 64,512 SNAT ports per public IP address and supports up to 16 public IP addresses. Monitor "Total SNAT connection count" metric to determine if you're nearing the connection limit of NAT gateway. You can scale the NAT gateway by adding more public IP addresses.

Potential Benefits:

Enhances reliability and scalability
Learn More:
Scale a NAT gateway to meet the demand of a dynamic workload
Total SNAT Connection Count

ARG Query:

Click the Azure Resource Graph tab to view the query

// under-development



Configure monitoring and alerting for NAT gateway

Impact:  High Category:  Monitoring and Alerting

APRL GUID:  babf75d6-6407-4d90-b01e-5a1768e621f5

Description:

Use Network Insights for monitoring and alerting on your NAT gateway.Use Total SNAT connection count metric to determine if you're nearing the connection limit of NAT gateway. Set alerts based on Azure Monitor Baseline Alerts (AMBA) thresholds for NAT Gateway

Potential Benefits:

Enhanced network performance and health
Learn More:
What is Azure NAT Gateway metrics and alerts?
AMBA - NAT Gateway

ARG Query:

Click the Azure Resource Graph tab to view the query

// under-development



Consider zonal NAT gateway deployment for zone isolation scenarios

Impact:  Medium Category:  High Availability

APRL GUID:  419df1ea-336b-460a-b6b2-fefe2588fcef

Description:

A zonal promise for zone isolation scenarios exists when a virtual machine instance using a NAT gateway resource is in the same zone as the NAT gateway resource and its public IP addresses. The pattern you want to use for zone isolation is creating a "zonal stack" per availability zone.

Potential Benefits:

Enhances reliability and scalability
Learn More:
Zonal NAT gateway resource for each zone in a region to create zone-resiliency

ARG Query:

Click the Azure Resource Graph tab to view the query

// under-development