[one-users] Nebula controlling NAT?

Trevor Bain bainx028 at umn.edu
Mon Dec 19 15:39:48 PST 2011


> Given said that, I think that doing NAT at the physical host level is not a
> good idea. We usually do not assign any public IP to the physical host and
> just let it bridged to the Internet NIC. Then you may define a VLAN, and
> create a router VM with a NIC in that VLAN and other one in a Public
> network. The NAT'ing or any other routing/network facility (e.g. DNS
> caching, proxy's) can be easily installed in the router VM. Any other VM
> with a NIC in the VLAN will access the Internet through the router VM...
>
> This approach does not require a public IP  every single host, you may
> better secure them and better manage your public IP pool (e.g. elastic IP's
> like functionality....)
>
> There are some hypervisor specific features like this one or DHCP that need
> a different approach in a distributed setting...


Perfect!



More information about the Users mailing list