gcloud compute routers nats create - add a NAT to a Compute Engine router

gcloud compute routers nats createNAME--router=ROUTER[--async][--auto-network-tier=AUTO_NETWORK_TIER][--[no-]enable-dynamic-port-allocation][--enable-endpoint-independent-mapping][--enable-logging][--endpoint-types=[ENDPOINT_TYPE,…]][--icmp-idle-timeout=ICMP_IDLE_TIMEOUT][--log-filter=LOG_FILTER][--max-ports-per-vm=MAX_PORTS_PER_VM][--min-ports-per-vm=MIN_PORTS_PER_VM][--region=REGION][--rules=RULES][--tcp-established-idle-timeout=TCP_ESTABLISHED_IDLE_TIMEOUT][--tcp-time-wait-timeout=TCP_TIME_WAIT_TIMEOUT][--tcp-transitory-idle-timeout=TCP_TRANSITORY_IDLE_TIMEOUT][--type=TYPE][--udp-idle-timeout=UDP_IDLE_TIMEOUT][--auto-allocate-nat-external-ips    |--nat-external-ip-pool=IP_ADDRESS,[IP_ADDRESS,…]][--nat-all-subnet-ip-ranges    |--nat-custom-subnet-ip-ranges=SUBNETWORK[:RANGE_NAME|:ALL],[…]    |--nat-primary-subnet-ip-ranges][--nat64-all-v6-subnet-ip-ranges    |--nat64-custom-v6-subnet-ip-ranges=SUBNETWORK,[SUBNETWORK,…]][GCLOUD_WIDE_FLAG …]

gcloudcomputeroutersnatscreatenat1--router=my-router--auto-allocate-nat-external-ips--nat-all-subnet-ip-ranges

Specify IP addresses for NAT: Each IP address is the name of a reserved staticIP address resource in the same region.

gcloudcomputeroutersnatscreatenat1--router=my-router--nat-external-ip-pool=ip-address1,ip-address2

Specify subnet ranges for NAT:

By default, NAT works for all primary and secondary IP ranges for all subnets inthe region for the given VPC network. You can restrict which subnet primary andsecondary ranges can use NAT.

gcloudcomputeroutersnatscreatenat1--router=my-router--auto-allocate-nat-external-ips--nat-custom-subnet-ip-ranges=subnet-1,subnet-3:secondary-range-1

NAME

Name of the NAT to create

--router=ROUTER

Router to use for NAT.

--async

Return immediately, without waiting for the operation in progress to complete.

--auto-network-tier=AUTO_NETWORK_TIER

Network tier to use when automatically reserving NAT IP addresses.AUTO_NETWORK_TIER must be one of:

PREMIUM

High quality, Google-grade network tier with support for all networkingproducts.

STANDARD

Public internet quality, with only limited support for other networkingproducts.

--[no-]enable-dynamic-port-allocation

Enable dynamic port allocation.

If not specified, Dynamic Port Allocation is disabled by default.

Use--enable-dynamic-port-allocation to enable and--no-enable-dynamic-port-allocation to disable.

--enable-endpoint-independent-mapping

Enable endpoint-independent mapping for the NAT (as defined in RFC 5128).

If not specified, NATs have endpoint-independent mapping disabled by default.

Use--no-enable-endpoint-independent-mapping to disableendpoint-independent mapping.

--enable-logging

Enable logging for the NAT. Logs will be exported to Stackdriver. NAT logging isdisabled by default. To disable logging for the NAT, use $gcloud compute routersnats update MY-NAT --no-enable-logging \ --router ROUTER --region REGION

--endpoint-types=[ENDPOINT_TYPE,…]

Endpoint Types supported by the NAT Gateway.

ENDPOINT_TYPEmustbeoneof:

ENDPOINT_TYPE_VMForVMEndpointsENDPOINT_TYPE_SWGForSecureWebGatewayEndpointsENDPOINT_TYPE_MANAGED_PROXY_LBForregionalApplicationLoadBalancers(internalandexternal)andregionalproxyNetworkLoadBalancers(internalandexternal)endpoints

The default is ENDPOINT_TYPE_VM.

ENDPOINT_TYPE must be one of:ENDPOINT_TYPE_VM,ENDPOINT_TYPE_SWG,ENDPOINT_TYPE_MANAGED_PROXY_LB.

--icmp-idle-timeout=ICMP_IDLE_TIMEOUT

Timeout for ICMP connections. Seehttps://cloud.google.com/sdk/gcloud/reference/topic/datetimesfor information on duration formats.

--log-filter=LOG_FILTER

Filter for logs exported to stackdriver.

The default is ALL.

If logging is not enabled, filter settings will be persisted but will have noeffect.

Use --[no-]enable-logging to enable and disable logging.

LOG_FILTER must be one of:

ALL

Export logs for all connections handled by this NAT.

ERRORS_ONLY

Export logs for connection failures only.

TRANSLATIONS_ONLY

Export logs for successful connections only.

--max-ports-per-vm=MAX_PORTS_PER_VM

Maximum ports to be allocated to a VM.

This field can only be set when Dynamic Port Allocation is enabled and defaultsto 65536. It must be set to a power of 2 that is greater than minPortsPerVm andat most 65536.

--min-ports-per-vm=MIN_PORTS_PER_VM

Minimum ports to be allocated to a VM.

If Dynamic Port Allocation is disabled, this defaults to 64.

If Dynamic Port Allocation is enabled, this defaults to 32 and must be set to apower of 2 that is at least 32 and lower than maxPortsPerVm.

--region=REGION

Region of the NAT to create. If not specified, you might be prompted to select aregion (interactive mode only).

To avoid prompting when this flag is omitted, you can set thecompute/region property:

gcloudconfigsetcompute/regionREGION

A list of regions can be fetched by running:

gcloudcomputeregionslist

To unset the property, run:

gcloudconfigunsetcompute/region

Alternatively, the region can be stored in the environment variableCLOUDSDK_COMPUTE_REGION.

--rules=RULES

Path to YAML file containing NAT Rules applied to the NAT. The YAML file formatmust follow the REST API schema for NAT Rules. SeeAPIDiscovery docs for reference.

--tcp-established-idle-timeout=TCP_ESTABLISHED_IDLE_TIMEOUT

Timeout for TCP established connections. Seehttps://cloud.google.com/sdk/gcloud/reference/topic/datetimesfor information on duration formats.

--tcp-time-wait-timeout=TCP_TIME_WAIT_TIMEOUT

Timeout for TCP connections in the TIME_WAIT state. Seehttps://cloud.google.com/sdk/gcloud/reference/topic/datetimesfor information on duration formats.

--tcp-transitory-idle-timeout=TCP_TRANSITORY_IDLE_TIMEOUT

Timeout for TCP transitory connections. Seehttps://cloud.google.com/sdk/gcloud/reference/topic/datetimesfor information on duration formats.

--type=TYPE

Type of the NAT Gateway. Defaults to PUBLIC if not specified.TYPE must be one of:

PRIVATE

Used for private-to-private NAT translations. Allows communication between VPCNetworks.

PUBLIC

Used for private-to-public NAT translations. Allows VM instances to communicatewith the internet.

--udp-idle-timeout=UDP_IDLE_TIMEOUT

Timeout for UDP connections. Seehttps://cloud.google.com/sdk/gcloud/reference/topic/datetimesfor information on duration formats.

At most one of these can be specified:

--auto-allocate-nat-external-ips

Automatically allocate external IP addresses for Cloud NAT

--nat-external-ip-pool=IP_ADDRESS,[IP_ADDRESS,…]

External IP Addresses to use for Cloud NAT

Options for IPv4 subnetwork ranges. If not specified, one of the options forIPv6 subnetwork ranges must be provided.

At most one of these can be specified:

--nat-all-subnet-ip-ranges

Allow all IP ranges of all subnetworks in the region, including primary andsecondary ranges, to use NAT.

--nat-custom-subnet-ip-ranges=SUBNETWORK[:RANGE_NAME|:ALL],[…]

List of subnetwork primary and secondary IP ranges to be allowed to use NAT.

• SUBNETWORK:ALL - specifying a subnetwork name with ALL includes theprimary range and all secondary ranges of the subnet.
• SUBNETWORK - including a subnetwork name includes only the primarysubnet range of the subnetwork.
• SUBNETWORK:RANGE_NAME - specifying a subnetwork and secondary rangename includes only that secondary range. It does not include the primary rangeof the subnet.

--nat-primary-subnet-ip-ranges

Allow only primary IP ranges of all subnetworks in the region to use NAT.

Options for IPv6 subnetwork ranges. If not specified, one of the options forIPv4 subnetwork ranges must be provided.

At most one of these can be specified:

--nat64-all-v6-subnet-ip-ranges

Allow all IPv6 subnetwork ranges in the region to use NAT.

--nat64-custom-v6-subnet-ip-ranges=SUBNETWORK,[SUBNETWORK,…]

List of subnetworks with IPv6 ranges to be allowed to use NAT.

Run$gcloud help for details.

The beta command uses the compute/beta/routers API. The full documentation forthis API can be found at:https://cloud.google.com/compute/docs/reference/rest/beta/routers/

The alpha command uses the compute/alpha/routers API. Full documentation is notavailable for the alpha API.