Alkira Resources / Wiki / Understanding Data Charges for Network Address Translation (NAT) in the Cloud
Understanding Data Charges for Network Address Translation (NAT) in the Cloud
There are multiple tools offered by the CSPs, 3rd party vendors offering services, blogs which help cloud administrators with knowledge around cloud costs and specially around data pricing. Data pricing offered by each cloud provider is pretty complex to understand and needs you to know all possible resources sending and receiving traffic (across your cloud workloads and over the internet) and the traffic paths.
One key callout is the NAT Gateway which is offered as a managed service by the cloud providers. Most workloads in the cloud need Internet access which could be for OS patches or application upgrades. For Internet access, one method is to deploy a NAT Gateway in a public subnet and deploy the workloads in a private subnet. The NAT Gateway has a public IP address assigned to it which allows the workloads to communicate with the Internet, using its public IP address, but prevents any communication inbound from the Internet.
Since cloud providers offer it as a service there is a per-hour NAT Gateway cost. In addition,there is a data charge associated with the data that is processed by the NAT Gateway. For example, in the case of AWS US East (N.Virgina) region, the NAT Gateway hourly cost is $0.045/hour and the NAT Gateway data processing cost is $0.045/GB.
Are these the only costs you incur? Let’s draw a simple topology diagram. If you notice the total cost for a GB sent out from a workload would be $0.135/GB (these data rates differ across AWS regions and tiers, so please cross check what you might pay depending on the region and tier)
Since public cloud promises resiliency you could have workloads hosted in either availability zone (AZ) share the same NAT Gateway if needed. If the data traffic crosses the AZ boundary i.e. the workload is in AZ2 and NAT Gateway is in AZ1 there is a data charge for data egress of $0.01 at AZ2 and data ingress charge of $0.01 at AZ1. If we do the math the GB of traffic that exits from the workload to the Internet via the NAT Gateway hosted in a different AZ now amounts to $0.155
Above is an illustration of a specific scenario and data transfer costs change depending on the cloud provider, region and the services used.