Hi Eric, Usual setup for my other infra service is that we use external firewall doing NAT and protecting the resource behind. The public IP will stay on that firewall and it is NATed to private IP of the service internal.
What CS document imply is to put “real” public IP address on System VMs and VR which will leave those systems exposed directly to outside world. My question is if that architecture is recommeneded and how safe it is to put “real” public IP on System VMs and VRs directly. Thanks in advance, Netlynker On Thu, 27 Sep 2018 at 8:58 AM, Eric Lee Green <eric.lee.gr...@gmail.com> wrote: > On 9/25/18 6:29 PM, Netlynker wrote: > > Hi, > > > > I looked at the deployment architecture from document and it said to have > > public IP addresses on Virtaul Router/System VMs. > > > > Is that recommended setup? > > > > How safe will it be to expose Virtaul Router/ System VMs directly to > > internet? > > > If a virtual router is not connected to the Internet, how will it route > traffic from your internal VM's in their virtual private networks to the > Internet? Magic? (This presuming you have an Internet-facing service, > but even if it's internal to your company, the virtual router is going > to need to be able to talk to the Internet via your company's "internal" > Internet network if your internal VM's on their own internal private > networks are going to get to the Internet or other corporate resources). > > > >
