gcloud compute routers nats update - update a NAT on a Compute Engine router
gcloud compute routers nats update NAME --router=ROUTER [--async] [--[no-]enable-dynamic-port-allocation] [--enable-endpoint-independent-mapping] [--enable-logging] [--log-filter=LOG_FILTER] [--region=REGION] [--rules=RULES] [--auto-allocate-nat-external-ips | --nat-external-ip-pool=IP_ADDRESS,[IP_ADDRESS,...]] [--clear-icmp-idle-timeout | --icmp-idle-timeout=ICMP_IDLE_TIMEOUT] [--clear-max-ports-per-vm | --max-ports-per-vm=MAX_PORTS_PER_VM] [--clear-min-ports-per-vm | --min-ports-per-vm=MIN_PORTS_PER_VM] [--clear-nat-external-drain-ip-pool | --nat-external-drain-ip-pool=NAT_EXTERNAL_DRAIN_IP_POOL,[...]] [--clear-tcp-established-idle-timeout | --tcp-established-idle-timeout=TCP_ESTABLISHED_IDLE_TIMEOUT] [--clear-tcp-time-wait-timeout | --tcp-time-wait-timeout=TCP_TIME_WAIT_TIMEOUT] [--clear-tcp-transitory-idle-timeout | --tcp-transitory-idle-timeout=TCP_TRANSITORY_IDLE_TIMEOUT] [--clear-udp-idle-timeout | --udp-idle-timeout=UDP_IDLE_TIMEOUT] [--nat-all-subnet-ip-ranges | --nat-custom-subnet-ip-ranges=SUBNETWORK[:RANGE_NAME],[...] | --nat-primary-subnet-ip-ranges] [GCLOUD_WIDE_FLAG ...]
gcloud compute routers nats update is used to update a NAT in a Compute Engine router.
Change subnetworks and IP address resources associated with NAT:
$ gcloud compute routers nats update nat1 --router=my-router \ --nat-external-ip-pool=ip-address2,ip-address3 \ --nat-custom-subnet-ip-ranges=subnet-2,\ subnet-3:secondary-range-2
Change minimum default ports allocated per VM associated with NAT:
$ gcloud compute routers nats update nat1 --router=my-router \ --min-ports-per-vm=128
Change connection timeouts associated with NAT:
$ gcloud compute routers nats update nat1 --router=my-router \ --udp-mapping-idle-timeout=60s --icmp-mapping-idle-timeout=60s \ --tcp-established-connection-idle-timeout=60s \ --tcp-transitory-connection-idle-timeout=60s
Reset connection timeouts associated NAT to default values:
$ gcloud compute routers nats update nat1 --router=my-router \ --clear-udp-mapping-idle-timeout \ --clear-icmp-mapping-idle-timeout \ --clear-tcp-established-connection-idle-timeout \ --clear-tcp-transitory-connection-idle-timeout
- NAME
Name of the NAT to create
- --router=ROUTER
The Router to use for NAT.
- --async
Return immediately, without waiting for the operation in progress to complete.
- --[no-]enable-dynamic-port-allocation
Enable dynamic port allocation.
If not specified, Dynamic Port Allocation is disabled by default.
Use --enable-dynamic-port-allocation to enable and --no-enable-dynamic-port-allocation to disable.
- --enable-endpoint-independent-mapping
Enable endpoint-independent mapping for the NAT (as defined in RFC 5128).
If not specified, NATs have endpoint-independent mapping disabled by default.
Use --no-enable-endpoint-independent-mapping to disable endpoint-independent mapping.
- --enable-logging
Enable logging for the NAT. Logs will be exported to Stackdriver. NAT logging is disabled by default. To disable logging for the NAT, use $ gcloud compute routers nats update MY-NAT --no-enable-logging \ --router ROUTER --region REGION
- --log-filter=LOG_FILTER
Filter for logs exported to stackdriver.
The default is ALL.
If logging is not enabled, filter settings will be persisted but will have no effect.
Use --[no-]enable-logging to enable and disable logging.
LOG_FILTER must be one of:
- ALL
Export logs for all connections handled by this NAT.
- ERRORS_ONLY
Export logs for connection failures only.
- TRANSLATIONS_ONLY
Export logs for successful connections only.
- --region=REGION
Region of the NAT to create. If not specified, you might be prompted to select a region (interactive mode only).
To avoid prompting when this flag is omitted, you can set the compute/region property:
$ gcloud config set compute/region REGION
A list of regions can be fetched by running:
$ gcloud compute regions list
To unset the property, run:
$ gcloud config unset compute/region
Alternatively, the region can be stored in the environment variable CLOUDSDK_COMPUTE_REGION.
- --rules=RULES
Path to YAML file containing NAT Rules applied to the NAT. The YAML file format must follow the REST API schema for NAT Rules. See API Discovery docs https://www.googleapis.com/discovery/v1/apis/compute/alpha/rest for reference.
- At most one of these can be specified:
- --auto-allocate-nat-external-ips
Automatically allocate external IP addresses for Cloud NAT
- --nat-external-ip-pool=IP_ADDRESS,[IP_ADDRESS,...]
External IP Addresses to use for Cloud NAT
- At most one of these can be specified:
- --clear-icmp-idle-timeout
Clear timeout for ICMP connections
- --icmp-idle-timeout=ICMP_IDLE_TIMEOUT
Timeout for ICMP connections. See https://cloud.google.com/sdk/gcloud/reference/topic/datetimes for information on duration formats.
- At most one of these can be specified:
- --clear-max-ports-per-vm
Clear maximum ports to be allocated to a VM
- --max-ports-per-vm=MAX_PORTS_PER_VM
Maximum ports to be allocated to a VM.
This field can only be set when Dynamic Port Allocation is enabled and defaults to 65536. It must be set to a power of 2 that is greater than minPortsPerVm and at most 65536.
- At most one of these can be specified:
- --clear-min-ports-per-vm
Clear minimum ports to be allocated to a VM
- --min-ports-per-vm=MIN_PORTS_PER_VM
Minimum ports to be allocated to a VM.
If Dynamic Port Allocation is disabled, this defaults to 64.
If Dynamic Port Allocation is enabled, this defaults to 32 and must be set to a power of 2 that is at least 32 and lower than maxPortsPerVm.
- At most one of these can be specified:
- --clear-nat-external-drain-ip-pool
Clear the drained NAT IPs
- --nat-external-drain-ip-pool=NAT_EXTERNAL_DRAIN_IP_POOL,[...]
External IP Addresses to be drained
These IPs must be valid external IPs that have been used as NAT IPs
- At most one of these can be specified:
- --clear-tcp-established-idle-timeout
Clear timeout for TCP established connections
- --tcp-established-idle-timeout=TCP_ESTABLISHED_IDLE_TIMEOUT
Timeout for TCP established connections. See https://cloud.google.com/sdk/gcloud/reference/topic/datetimes for information on duration formats.
- At most one of these can be specified:
- --clear-tcp-time-wait-timeout
Clear timeout for TCP connections in the TIME_WAIT state
- --tcp-time-wait-timeout=TCP_TIME_WAIT_TIMEOUT
Timeout for TCP connections in the TIME_WAIT state. See https://cloud.google.com/sdk/gcloud/reference/topic/datetimes for information on duration formats.
- At most one of these can be specified:
- --clear-tcp-transitory-idle-timeout
Clear timeout for TCP transitory connections
- --tcp-transitory-idle-timeout=TCP_TRANSITORY_IDLE_TIMEOUT
Timeout for TCP transitory connections. See https://cloud.google.com/sdk/gcloud/reference/topic/datetimes for information on duration formats.
- At most one of these can be specified:
- --clear-udp-idle-timeout
Clear timeout for UDP connections
- --udp-idle-timeout=UDP_IDLE_TIMEOUT
Timeout for UDP connections. See https://cloud.google.com/sdk/gcloud/reference/topic/datetimes for information on duration formats.
- At most one of these can be specified:
- --nat-all-subnet-ip-ranges
Allow all IP ranges of all subnetworks in the region, including primary and secondary ranges, to use NAT.
- --nat-custom-subnet-ip-ranges=SUBNETWORK[:RANGE_NAME],[...]
List of subnetwork primary and secondary IP ranges to be allowed to use NAT.
SUBNETWORK - including a subnetwork name includes only the primary subnet range of the subnetwork.
SUBNETWORK:RANGE_NAME - specifying a subnetwork and secondary range name includes only that secondary range. It does not include the primary range of the subnet.
- --nat-primary-subnet-ip-ranges
Allow only primary IP ranges of all subnetworks in the region to use NAT.
These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity.
Run $ gcloud help for details.
This command, when specified without alpha or beta, uses the compute/v1/routers API. The full documentation for this API can be found at: https://cloud.google.com/compute/docs/reference/rest/v1/routers/
The beta command uses the compute/beta/routers API. The full documentation for this API can be found at: https://cloud.google.com/compute/docs/reference/rest/beta/routers/
The alpha command uses the compute/alpha/routers API. Full documentation is not available for the alpha API.
These variants are also available:
$ gcloud alpha compute routers nats update
$ gcloud beta compute routers nats update