Menu
I am manually setting up an Amazon VPC network, and have a need to create a NAT instance. Amazon has VPC specialized AMIs that come in various scales. Due to budget considerations, I am ambling towards using a micro instance of ami-vpc-nat.
I am concerned that with only 613mb, a micro instance may struggle when as more instances are put behind the NAT instance. Please, can anyone who has deployed this microinstance ami-vpc-nat (especially in production) share their thoughts on its performance and throughput.
515
Amazon has VPC specialized AMIs that come in various scales. Due to budget considerations, I am ambling towards using a micro instance of ami-vpc-nat. I am concerned that with only 613mb, a micro instance may struggle when as more instances are put behind the NAT instance.
It must be in a public subnet (a subnet that has a route table with a route to the internet gateway), and it must have a public IP address or an Elastic IP address. Use the following procedure to set up a VPC and a NAT instance. Before you begin, create an AMI that's configured to run NAT on your instance.
The NAT instance then sends the traffic to the internet gateway for the VPC. The traffic is attributed to the Elastic IP address of the NAT instance.
Amazon VPC shares its API namespace with Amazon EC2. Policy actions in Amazon VPC use the following prefix before the action: ec2:. For example, to grant someone permission to create a VPC with the Amazon EC2 CreateVpc API operation, you include the ec2:CreateVpc action in their policy.
I'm responsible for a VPC estate, with long experience of using various instance types and a good understanding of their characteristics. These characteristics can easily be tested and profiled by anyone and relied-upon as (generally) constant with the exception of the t1.micro type.
The t1.micro instance-type is highly variable in both CPU and network performance, since it is essentially using aggregate 'spare' capacity on the host on which it is running (which of course will be running a variety of other instances and instance-types also). It is also subject to aggressive demand throttling on CPU and network usage -
there is a distinctive profile in force which limits extended high-load usage, and which then adaptively returns capacity to the instance after such a high-load threshold has been reached and capped.
When configuring my VPC estate, I initially downgraded the NAT instance from m1.small to t1.micro, reasoning that a simple network gateway appliance was unlikely to demand the capacity of the m1.small type, and since it was always-on then I should pay the lowest price possible. However, observation (and later confirmation by an Amazon engineer) showed that as the estate grew and NAT load went up, the t1.micro throttle profile presented a definite and measurable bottleneck. Switching back to m1.small, with its' pre-allocated and constant network bandwidth, eliminated that bottleneck.
In short, your NAT instance will choke your VPC estate internet access if it is a t1.micro - traffic into and out of the VPC (other than over a VPN) will quickly trigger the bandwidth throttle as soon as throughput rises for longer than the duration limit, and will stay throttled until demand drops (after which the throttle will adaptively release). Your network throughput through the NAT will be choppy and sluggish in all but minimum load scenarios.
145
Network and CPU performance are also defined by instance type, and final performance is subject to many factors, so you would need to test and measure in your context to be sure.
That being said, i just ran iperf on my untuned, out-of-the-box m1.micro and got around 80 Mbits/sec. But that's just me...
40
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
