NAT Gateways: Common Misconceptions

Incorrect Statement About NAT Gateways

Prev Question Next Question

Question

Which of the following statements on NAT gateways is incorrect?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Answer - C.

The AWS documentation mentions the following on NAT gateways.

A NAT gateway has the following characteristics:

· A NAT gateway supports bursts of up to 10 Gbps of bandwidth.

If you require more than 10 Gbps bursts, you can distribute the workload by splitting your resources into multiple subnets, and creating a NAT gateway in each subnet.

· You can associate exactly one Elastic IP address with a NAT gateway.

You cannot disassociate an Elastic IP address from a NAT gateway after it's created.

To use a different Elastic IP address for your NAT gateway, you must create a new NAT gateway with the required address, update your route tables, and then delete the existing NAT gateway if it's no longer required.

· A NAT gateway supports the following protocols: TCP, UDP, and ICMP.

· You cannot associate a security group with a NAT gateway.

You can use security groups for your instances in the private subnets to control the traffic to and from those instances.

For more information on NAT gateways, please visit the below URL:

http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-nat-gateway.html

The incorrect statement about NAT gateways is option A: "A NAT gateway supports bursts of up to 10 Gbps of bandwidth."

Explanation:

A NAT gateway is an AWS-managed service that provides network address translation (NAT) for instances in private subnets without internet connectivity. NAT gateways enable instances in a private subnet to connect to the internet or other AWS services, but prevent the internet from initiating connections with those instances.

The correct statements about NAT gateways are:

B. You can associate exactly one Elastic IP address with a NAT gateway: NAT gateways require an Elastic IP address (EIP) to communicate with the internet or other AWS services. Each NAT gateway can have exactly one EIP associated with it.

C. You can associate a security group with a NAT gateway: You can associate a security group with a NAT gateway to control the traffic that's allowed to flow through the NAT gateway. Security groups act as virtual firewalls for instances, and the same concept applies to NAT gateways.

D. A NAT gateway supports the TCP and UDP protocol: NAT gateways support both Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) traffic. They do not support other protocols such as Internet Control Message Protocol (ICMP).

Option A is incorrect because a NAT gateway can support up to 45 Gbps of bandwidth, not 10 Gbps. However, the actual throughput of a NAT gateway depends on several factors, such as the instance size of the NAT gateway and the network performance of the instance's underlying hardware.