git.net

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Is that safe to put public IP directly on Virtual Router/ System VMs?


Hi Eric,

Usual setup for my other infra service is that we use external firewall
doing NAT and protecting the resource behind. The public IP will stay on
that firewall and it is NATed to private IP of the service internal.

What CS document imply is to put “real” public IP address on System VMs and
VR which will leave those systems exposed directly to outside world.

My question is if that architecture is recommeneded and how safe it is to
put “real” public IP on System VMs and VRs directly.

Thanks in advance,
Netlynker

On Thu, 27 Sep 2018 at 8:58 AM, Eric Lee Green <eric.lee.green@xxxxxxxxx>
wrote:

> On 9/25/18 6:29 PM, Netlynker wrote:
> > Hi,
> >
> > I looked at the deployment architecture from document and it said to have
> > public IP addresses on Virtaul Router/System VMs.
> >
> > Is that recommended setup?
> >
> > How safe will it be to expose Virtaul Router/ System VMs directly to
> > internet?
>
>
> If a virtual router is not connected to the Internet, how will it route
> traffic from your internal VM's in their virtual private networks to the
> Internet? Magic? (This presuming you have an Internet-facing service,
> but even if it's internal to your company, the virtual router is going
> to need to be able to talk to the Internet via your company's "internal"
> Internet network if your internal VM's on their own internal private
> networks are going to get to the Internet or other corporate resources).
>
>
>
>