Internet Gateway
Definition
A networking component that enables resources in a virtual network to communicate with the internet, facilitating seamless connectivity and access.
Use Cases
- Netflix: Serving public-facing streaming and API endpoints while keeping internal services isolated — Runs internet-facing services in AWS using VPCs with public subnets routed to an Internet Gateway for components that must be reachable from the internet, while placing data stores and internal services in private subnets and controlling access with security groups, NACLs, and load balancers. (Enables scalable public access to customer-facing services while reducing exposure of internal systems by limiting which subnets and workloads are directly reachable from the internet.)
- Airbnb: Hosting public web applications with controlled internet entry points — Uses AWS networking patterns where only specific tiers (for example, load balancers or edge-facing services) are placed in public subnets with routes to an Internet Gateway; application and database tiers remain in private subnets and are accessed through internal networking and tightly scoped security rules. (Improves security posture by minimizing public attack surface while still supporting reliable internet access for customer traffic.)
Provider Equivalents
- AWS: Amazon VPC Internet Gateway (IGW)
- OCI: Internet Gateway (VCN)
Frequently Asked Questions
- What's the difference between an Internet Gateway and a NAT Gateway?
- An Internet Gateway enables resources with public IP addresses to send and receive traffic directly to and from the internet (inbound and outbound). A NAT Gateway is for outbound-only internet access from private subnets: instances in private subnets can reach the internet (for updates, package downloads, APIs), but the internet cannot initiate connections back to those instances.
- When should I use an Internet Gateway?
- Use an Internet Gateway when you have workloads that must be reachable from the public internet, such as a public website, internet-facing load balancer, or bastion host (though many teams prefer VPN/SSM-style access instead of bastions). If a workload only needs outbound internet access and should not accept inbound connections, place it in a private subnet and use NAT (AWS NAT Gateway / Azure NAT Gateway / GCP Cloud NAT) rather than exposing it through an Internet Gateway.
- How much does an Internet Gateway cost?
- In AWS, creating and attaching an Internet Gateway does not have an hourly charge; standard data transfer charges still apply (for example, internet egress is billed). In OCI, the Internet Gateway itself is not typically billed as a standalone hourly resource, but data egress charges apply. In Azure and GCP, there is no separate Internet Gateway resource to price; costs are driven by public IP addresses, load balancers, NAT services, and internet egress data transfer.
Category: networking
Difficulty: intermediate
Related Terms
See Also