{"id":813,"date":"2022-10-23T09:37:31","date_gmt":"2022-10-23T14:37:31","guid":{"rendered":"https:\/\/cloudlearning365.com\/?p=813"},"modified":"2022-10-27T08:46:26","modified_gmt":"2022-10-27T13:46:26","slug":"aviatrix-nat-use-case-use-spoke-gateway-as-egress-gateway-for-private-subnet","status":"publish","type":"post","link":"https:\/\/cloudlearning365.com\/?p=813","title":{"rendered":"Aviatrix NAT use case &#8211; Use spoke gateway as egress gateway for private subnet"},"content":{"rendered":"\n<p>In AWS, subnet that doesn&#8217;t have default 0.0.0.0\/0 point to Internet Gateway (IGW) is considered as private subnet. Where subnet that have default 0.0.0.0\/0 point to IGW is considered as public subnet. Instances running on private subnet still need to access Internet to download patches, packages etc. You may use AWS <a href=\"https:\/\/docs.aws.amazon.com\/vpc\/latest\/userguide\/vpc-nat-gateway.html\">NAT Gateway<\/a> on public subnet to provide this connectivity. NAT Gateway cost $0.045 USD per hour plus $0.045 per GB data processed.<\/p>\n\n\n\n<p>If you already have Aviatrix Spoke Gateway deployed, and need internet access (egress) from private subnet, also you don&#8217;t need any fancy egress control, then you may reuse the existing Aviatrix Spoke Gateway as Egress Gateway by using SNAT rule.<\/p>\n\n\n\n<p>If you need better control and traffic inspection, you should consider Aviatrix FQDN egress gateway for L7 egress control based on Fully Qualified Domain Name eg: allow https:\/\/github.com deny https:\/\/youtube.com. Or if deep packet inspection using Next Generation Firewall (NGFW) is required, then you may consider Aviatrix FireNet with NGFW integration.<\/p>\n\n\n\n<p>Simple diagram:<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1020\" height=\"720\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/SNAT-on-Aviatrix-Spoke-to-allow-egress.png\" alt=\"\" class=\"wp-image-847\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/SNAT-on-Aviatrix-Spoke-to-allow-egress.png 1020w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/SNAT-on-Aviatrix-Spoke-to-allow-egress-300x212.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/SNAT-on-Aviatrix-Spoke-to-allow-egress-768x542.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/SNAT-on-Aviatrix-Spoke-to-allow-egress-425x300.png 425w\" sizes=\"auto, (max-width: 1020px) 100vw, 1020px\" \/><\/figure>\n\n\n\n<!--more-->\n\n\n\n<p>Following is a typical private subnet that managed by Aviatrix, where Aviatrix insert RFC1918 routes, 10.0.0.0\/8, 172.16.0.0\/12 and 192.168.0.0\/16 into private subnet route table and point them to Aviatrix Spoke Gateway eth0 interface<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"860\" height=\"380\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-112.png\" alt=\"\" class=\"wp-image-814\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-112.png 860w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-112-300x133.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-112-768x339.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-112-500x221.png 500w\" sizes=\"auto, (max-width: 860px) 100vw, 860px\" \/><\/figure>\n\n\n\n<p>Try to access google.com from the private instance, getting connection timed out:<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"876\" height=\"670\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-124.png\" alt=\"\" class=\"wp-image-828\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-124.png 876w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-124-300x229.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-124-768x587.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-124-392x300.png 392w\" sizes=\"auto, (max-width: 876px) 100vw, 876px\" \/><\/figure>\n\n\n\n<p>To add SNAT rule to the Spoke Gateway, go to Aviatrix Controller -&gt; Gateways -&gt; Find the spoke gateway, then click on <strong>EDIT<\/strong> (If you have HA gateway, you will need to complete this same step on the -hagw as well)<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"845\" height=\"386\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-113.png\" alt=\"\" class=\"wp-image-815\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-113.png 845w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-113-300x137.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-113-768x351.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-113-500x228.png 500w\" sizes=\"auto, (max-width: 845px) 100vw, 845px\" \/><\/figure>\n\n\n\n<p>Scroll to Source NAT section, select Customized SNAT, make sure Sync to HA Gateway isn&#8217;t selected.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"763\" height=\"395\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-114.png\" alt=\"\" class=\"wp-image-816\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-114.png 763w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-114-300x155.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-114-500x259.png 500w\" sizes=\"auto, (max-width: 763px) 100vw, 763px\" \/><\/figure>\n\n\n\n<p>Click on ADD NEW<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>SRC CIDR : Local VPC&#8217;s CIDR, this is where the traffic would be originated<\/li><li>DST CIDR: Enter 0.0.0.0\/0 as that&#8217;s where anything we don&#8217;t locally have, hence Internet<\/li><li>INTERFACE: Traffic will be seen going out from Spoke Gateway&#8217;s eth0 interface<\/li><li>SNAT IPS: Since Traffic will be seen going out from Spoke Gateway&#8217;s eth0 interface, we need it&#8217;s eth0 interface IP<\/li><li>APPLY ROUTE ENTRY: Checked, with this Aviatrix will program VPC Route Table to add 0.0.0.0\/0 point to Aviatrix Spoke Gateway<\/li><li>EXCLUDE ROUTE TABLE: If you don&#8217;t want any specific Route Table to apply the 0.0.0.0\/0 route, then enter the name of the Route Table here.<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"95\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-115-1024x95.png\" alt=\"\" class=\"wp-image-817\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-115-1024x95.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-115-300x28.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-115-768x71.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-115-500x46.png 500w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-115.png 1366w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"92\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-116-1024x92.png\" alt=\"\" class=\"wp-image-818\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-116-1024x92.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-116-300x27.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-116-768x69.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-116-500x45.png 500w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-116.png 1381w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>After this is done remember to scroll to left and click on <strong>SAVE<\/strong><\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"489\" height=\"125\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-117.png\" alt=\"\" class=\"wp-image-820\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-117.png 489w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-117-300x77.png 300w\" sizes=\"auto, (max-width: 489px) 100vw, 489px\" \/><\/figure>\n\n\n\n<p>Also remember to click on UPDATE once the rule is saved to commit the change to the Spoke Gateway.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"282\" height=\"69\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-118.png\" alt=\"\" class=\"wp-image-821\"\/><\/figure>\n\n\n\n<p>You will be prompted to confirm customized SNAT rule:<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"426\" height=\"165\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-119.png\" alt=\"\" class=\"wp-image-822\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-119.png 426w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-119-300x116.png 300w\" sizes=\"auto, (max-width: 426px) 100vw, 426px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"556\" height=\"105\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-120.png\" alt=\"\" class=\"wp-image-823\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-120.png 556w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-120-300x57.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-120-500x94.png 500w\" sizes=\"auto, (max-width: 556px) 100vw, 556px\" \/><\/figure>\n\n\n\n<p>If you have HA Gateway, repeat above steps, but this time set up the SNAT rule on HA Gateway, and the SNAT IP would be HA Gateway&#8217;s eth0 IP<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"91\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-121-1024x91.png\" alt=\"\" class=\"wp-image-824\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-121-1024x91.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-121-300x27.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-121-768x68.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-121-500x44.png 500w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-121.png 1333w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"81\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-122-1024x81.png\" alt=\"\" class=\"wp-image-825\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-122-1024x81.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-122-300x24.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-122-768x60.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-122-500x39.png 500w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-122.png 1385w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>After this is done, refresh the private subnet route table, you can see 0.0.0.0\/0 gets added point to Spoke Gateway&#8217;s interface<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"838\" height=\"364\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-123.png\" alt=\"\" class=\"wp-image-827\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-123.png 838w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-123-300x130.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-123-768x334.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-123-500x217.png 500w\" sizes=\"auto, (max-width: 838px) 100vw, 838px\" \/><\/figure>\n\n\n\n<p>Test again from the private instance, now we are getting response back.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"983\" height=\"644\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-125.png\" alt=\"\" class=\"wp-image-829\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-125.png 983w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-125-300x197.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-125-768x503.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-125-458x300.png 458w\" sizes=\"auto, (max-width: 983px) 100vw, 983px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">How does it work?<\/h2>\n\n\n\n<p>Here&#8217;s a great NAT Processing Order diagram inspired from <a href=\"https:\/\/www.linkedin.com\/in\/barrysli\/\">Barry Li<\/a><\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"265\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/NAT-Processing-Order-1024x265.png\" alt=\"\" class=\"wp-image-841\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/NAT-Processing-Order-1024x265.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/NAT-Processing-Order-300x78.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/NAT-Processing-Order-768x199.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/NAT-Processing-Order-1536x397.png 1536w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/NAT-Processing-Order-2048x530.png 2048w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/NAT-Processing-Order-500x129.png 500w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>Aviatrix Spoke Gateway receives client 10.103.0.5 destination to google from eth0<\/li><li>There&#8217;s no DNAT rule apply, goes to routing decision, which will be send to subnet 10.103.0.32\/28 default gateway 10.103.0.33 via eth0<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-130-1024x77.png\" alt=\"\" class=\"wp-image-838\" width=\"614\" height=\"46\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-130-1024x77.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-130-300x23.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-130-768x58.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-130-1536x116.png 1536w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-130-500x38.png 500w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-130.png 1539w\" sizes=\"auto, (max-width: 614px) 100vw, 614px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"167\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-129-1024x167.png\" alt=\"\" class=\"wp-image-837\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-129-1024x167.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-129-300x49.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-129-768x125.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-129-1536x250.png 1536w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-129-500x81.png 500w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-129.png 1605w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>Once the routing decision has been made, SNAT rule comes in and replaced 10.103.0.5 with Spoke Gateway eth0 IP: 10.103.0.44, then leaves eth0 to AWS fabric towards subnet default gateway 10.103.0.33<\/li><li>Subnet route table tell the traffic would follow 0.0.0.0\/0 via IGW, then send to internet.<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"581\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-131-1024x581.png\" alt=\"\" class=\"wp-image-839\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-131-1024x581.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-131-300x170.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-131-768x436.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-131-500x284.png 500w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-131.png 1230w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>Packet capture on the spoke gateway, when curl google.com is happening<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"973\" height=\"777\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-127.png\" alt=\"\" class=\"wp-image-835\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-127.png 973w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-127-300x240.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-127-768x613.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-127-376x300.png 376w\" sizes=\"auto, (max-width: 973px) 100vw, 973px\" \/><\/figure>\n\n\n\n<p>10.103.0.5 is the private subnet client<br>10.10.0.44 is the Spoke Gateway<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"276\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-126-1024x276.png\" alt=\"\" class=\"wp-image-834\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-126-1024x276.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-126-300x81.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-126-768x207.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-126-1536x415.png 1536w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-126-2048x553.png 2048w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-126-500x135.png 500w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>Session view on the spoke way also shows the NAT translation.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"194\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-128-1024x194.png\" alt=\"\" class=\"wp-image-836\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-128-1024x194.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-128-300x57.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-128-768x145.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-128-1536x290.png 1536w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-128-2048x387.png 2048w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-128-500x95.png 500w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>In AWS, subnet that doesn&#8217;t have default 0.0.0.0\/0 point to Internet Gateway (IGW) is considered as private subnet. Where subnet that have default 0.0.0.0\/0 point to IGW is considered as public subnet. Instances running on private subnet still need to &hellip; <a href=\"https:\/\/cloudlearning365.com\/?p=813\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[2,3],"tags":[],"class_list":["post-813","post","type-post","status-publish","format-standard","hentry","category-aviatrix","category-aws"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/cloudlearning365.com\/index.php?rest_route=\/wp\/v2\/posts\/813","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cloudlearning365.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cloudlearning365.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cloudlearning365.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/cloudlearning365.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=813"}],"version-history":[{"count":13,"href":"https:\/\/cloudlearning365.com\/index.php?rest_route=\/wp\/v2\/posts\/813\/revisions"}],"predecessor-version":[{"id":860,"href":"https:\/\/cloudlearning365.com\/index.php?rest_route=\/wp\/v2\/posts\/813\/revisions\/860"}],"wp:attachment":[{"href":"https:\/\/cloudlearning365.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=813"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cloudlearning365.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=813"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cloudlearning365.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=813"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}