![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(60.8, 40%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EX%3C/text%3E%3C/svg%3E)
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,515 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 71%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGP%3C/text%3E%3C/svg%3E)
Hi Xiaoxi,
Greetings,
Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.
NOTE: A zonal promise for zone isolation scenarios exists when a virtual machine instance using a NAT gateway resource is in the same zone as the NAT gateway resource and its public IP addresses. The pattern you want to use for zone isolation is creating a "zonal stack" per availability zone. This "zonal stack" consists of virtual machine instances, a NAT gateway resource with public IP addresses or prefix on a subnet all in the same zone.
Primary-Failover Configuration
Azure NAT Gateway does not support direct configuration of route tables for switching between multiple NAT Gateways, as the private IP is not exposed. However, you can achieve a failover model by using a combination of Azure Load Balancer and NAT Gateway. Here’s a recommended approach:
- Deploy an Azure Load Balancer: Use an internal load balancer to distribute outbound traffic across multiple NAT Gateways.
- Configure Health Probes: Set up health probes to monitor the health of the NAT Gateways. If the primary NAT Gateway fails, the load balancer can automatically route traffic to the secondary NAT Gateway.
- Use Azure Traffic Manager: For more advanced scenarios, you can use Azure Traffic Manager to manage traffic routing and failover between different regions or availability zones.
Handling Zone Outages
If a NAT Gateway is deployed in a specific availability zone and that zone experiences an outage, you can disassociate the NAT Gateway from the affected subnet and route traffic through a secondary NAT Gateway in another zone.
Cost Considerations – Avoiding a Zonal Stack
To avoid the cost of deploying a NAT Gateway in each availability zone, consider the following solution:
- Use a Single NAT Gateway with Multiple Public IPs: Deploy a single NAT Gateway with multiple public IP addresses. This setup can handle high availability and failover without the need for multiple NAT Gateways per zone.
- Leverage Azure Load Balancer: As mentioned earlier, use an internal load balancer to distribute traffic across multiple NAT Gateways, ensuring high availability without incurring additional costs.
- Optimize Resource Allocation: Regularly review and optimize resource allocation to ensure cost-effectiveness while maintaining high availability.
Refer: https://learn.microsoft.com/en-us/azure/nat-gateway/nat-availability-zones?source=recommendations
Hope this clarifies,
Thanks
Ganesh
Please don’t forget to close the thread by clicking "Accept the answer" wherever the information provided helps you, as this can be beneficial to other community members.