[one-users] Nebula controlling NAT?
Ruben S. Montero
rsmontero at opennebula.org
Mon Dec 19 15:05:14 PST 2011
Hi
About your approach for NAT'ing I think that it should work. In fact the
firewalling network driver uses the same strategy.
Given said that, I think that doing NAT at the physical host level is not a
good idea. We usually do not assign any public IP to the physical host and
just let it bridged to the Internet NIC. Then you may define a VLAN, and
create a router VM with a NIC in that VLAN and other one in a Public
network. The NAT'ing or any other routing/network facility (e.g. DNS
caching, proxy's) can be easily installed in the router VM. Any other VM
with a NIC in the VLAN will access the Internet through the router VM...
This approach does not require a public IP for every single host, you may
better secure them and better manage your public IP pool (e.g. elastic IP's
like functionality....)
There are some hypervisor specific features like this one or DHCP that need
a different approach in a distributed setting...
Cheers
Ruben
On Mon, Dec 19, 2011 at 6:00 PM, Trevor Bain <bainx028 at umn.edu> wrote:
> > Does something like this already exist?
>
> It looks like I can just use a remote vm hook and throw any details I
> want for the NAT into the vm context and pass them to the hook
> arguments. I'll prototype a simple version of this unless anyone has a
> working solution or a better idea.
> _______________________________________________
> Users mailing list
> Users at lists.opennebula.org
> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>
--
Ruben S. Montero, PhD
Project co-Lead and Chief Architect
OpenNebula - The Open Source Toolkit for Data Center Virtualization
www.OpenNebula.org | rsmontero at opennebula.org | @OpenNebula
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20111220/973bc832/attachment-0003.htm>
More information about the Users
mailing list