Cloud networking fees are the fastest-growing line item on enterprise cloud bills, and most teams don't see them coming. Networking-related charges — egress data transfer, public IPv4 addresses, and NAT Gateway processing — now represent a hidden ~18% tax on total cloud spend for organizations running multi-cloud or hybrid architectures.
If you're coming from on-prem where bandwidth is essentially free, your architecture decisions could be costing tens of thousands per month in avoidable networking fees. Here's the full breakdown.
Cloud Egress Fees: AWS vs Azure vs GCP
All three hyperscalers charge asymmetrically — ingress is free, egress is not.
| Provider | Free Tier | First 1 TB | 1–10 TB | 10–50 TB | 50–150 TB |
|---|---|---|---|---|---|
| AWS | 100 GB/mo | $0.09/GB | $0.09/GB | $0.085/GB | $0.07/GB |
| Azure | 100 GB/mo | $0.087/GB | $0.087/GB | $0.083/GB | $0.07/GB |
| GCP | 100 GB/mo | $0.12/GB | $0.08/GB | $0.06/GB | $0.04/GB |
The asymmetry is deliberate: free ingress + expensive egress creates vendor lock-in by making data extraction financially impractical. A 32 TB physical hard drive costs ~$700, but transferring that same 32 TB out of AWS via egress costs ~$2,240 — more than 3x the price of the physical media.
The Inter-AZ Trap
Egress fees don't just apply to internet-bound traffic. Data moving between Availability Zones within the same region costs $0.01/GB on AWS (both directions), and inter-region jumps to $0.02/GB.
A typical three-AZ deployment with 500 GB/day of inter-AZ traffic generates ~$300/month — $3,600/year for traffic that never leaves the cloud provider's network. And multi-AZ is the recommended pattern for HA.
Public IPv4: The New Recurring Tax
Since February 2024, AWS charges $0.005/hour for every public IPv4 address — whether it's actively in use or sitting idle.
The math per address:
- Per hour: $0.005
- Per month (730 hours): $3.65
- Per year: $43.80
Sounds small until you count your addresses. A modest environment with 3 EC2 instances, 1 load balancer, 1 RDS database, and some idle Elastic IPs easily reaches 10+ public IPs — $36.50/month or $438/year just for IP allocation.
Enterprise environments running hundreds of microservices with public endpoints can accumulate 500+ public IPv4 addresses, pushing annual IPv4 costs above $20,000.
The IPv4 Scarcity Economics
AWS owns approximately 132 million IPv4 addresses, valued at $4.5-6 billion on the open market. AWS acquired many at $25-40 each, yet now charges $43.80/year in recurring rent per address. The market price of IPv4 addresses has actually dropped 60% since cloud providers began accumulating them — but cloud pricing hasn't adjusted downward.
NAT Gateway: The Double-Billing Machine
A single AWS NAT Gateway costs a minimum of $32.40/month in hourly charges before processing a single byte, plus $0.045 per GB of data processed through it.
For a standard three-AZ deployment (one NAT Gateway per AZ for resilience):
| Cost Component | Per Gateway | 3 AZ Deployment |
|---|---|---|
| Hourly charge ($0.045/hr × 730) | $32.40/mo | $97.20/mo |
| Data processing (1 TB @ $0.045/GB) | $45.00/mo | $135.00/mo |
| Monthly total | $77.40 | $232.20 |
| Annual total | $928.80 | $2,786.40 |
NAT Gateway charges for every gigabyte processed — including traffic that could have stayed entirely within the AWS network if routed through VPC Endpoints instead.
Regional NAT Gateway (New Option)
AWS introduced Regional NAT Gateway in late 2025. It serves all AZs in a region from a single gateway, eliminating the need for one per AZ. This cuts hourly costs by 66% for three-AZ deployments — from $97.20/month to $32.40/month — though data processing charges remain the same.
What Does a Real Bill Look Like?
A mid-size SaaS company on AWS with 50 EC2 instances, 5 load balancers, 3 NAT Gateways, and 10 TB monthly egress:
| Networking Component | Monthly Cost |
|---|---|
| Egress to internet (10 TB × $0.09/GB) | $900.00 |
| Public IPv4 addresses (65 IPs × $3.65) | $237.25 |
| NAT Gateway hourly (3 × $32.40) | $97.20 |
| NAT Gateway processing (8 TB × $0.045/GB) | $360.00 |
| Cross-AZ data transfer (1 TB × $0.01/GB × 2) | $20.00 |
| Total monthly networking | $1,614.45 |
| Annual networking cost | $19,373.40 |
Organizations with 100+ services typically see networking consume 15-25% of total cloud spend, yet networking rarely appears in initial cloud migration cost models.
How to Actually Optimize This
1. Deploy VPC Endpoints (Biggest Quick Win)
VPC Gateway Endpoints for S3 and DynamoDB are completely free and eliminate both NAT Gateway processing fees and egress charges for traffic to these services.
Without VPC Endpoint (S3 access through NAT Gateway):
EC2 → NAT Gateway ($0.045/hr + $0.045/GB) → Internet Gateway → S3
With VPC Gateway Endpoint (free):
EC2 → VPC Endpoint → S3 (no NAT Gateway, no egress charge)
For workloads that heavily use S3 (logs, backups, data lakes), this single change can save hundreds per month.
2. Use PrivateLink for Service-to-Service
AWS PrivateLink creates private connections between services without traversing the public internet. Interface Endpoints cost $0.01/hour plus $0.01/GB — significantly cheaper than NAT Gateway's $0.045/hour plus $0.045/GB.
3. Consolidate Public IPv4 Addresses
Audit your public IPv4 usage:
- Place backend services behind load balancers instead of assigning individual public IPs
- Use IPv6 dual-stack where possible (IPv6 addresses are free)
- Release unused Elastic IPs immediately — idle EIPs cost the same as in-use ones
4. Optimize Data Transfer Architecture
- CDN offloading: Serve static assets through CloudFront/Azure CDN/Cloud CDN — CDN egress is 40-60% cheaper than direct egress
- Regional consolidation: Co-locate dependent services to minimize cross-region transfer
- Compression: Enable gzip/brotli on API responses to reduce egress volume by 60-80%
5. Switch to Regional NAT Gateway
If you're running multi-AZ on AWS, evaluate Regional NAT Gateway. It replaces per-AZ gateways with a single regional resource, cutting hourly charges by up to 66%.
On-Prem vs Cloud: The Mental Model Shift
On-premises, you pay for infrastructure upfront — switches, routers, firewalls, circuits — but don't pay per-gigabyte for internal traffic. A 100 Gbps spine-leaf fabric processes petabytes monthly at zero marginal cost per byte. In the cloud, that same traffic pattern generates thousands in monthly fees.
Understanding traffic flow engineering, routing policy design, and protocol efficiency translates directly to designing cloud architectures that minimize costly data paths. Treat cloud billing as a new protocol to master, right alongside BGP and OSPF.
Bottom Line
Cloud networking costs aren't going down — AWS, Azure, and GCP all have financial incentives to maintain current pricing structures. The engineers who understand these hidden fees and design around them will build the most cost-effective cloud architectures.
Originally published on FirstPassLab. For more cloud networking and infrastructure deep dives, visit firstpasslab.com.
AI Disclosure: This article was adapted from the original with AI assistance. The technical content has been reviewed by CCIE-certified engineers.
Top comments (0)