> Given said that, I think that doing NAT at the physical host level is not a > good idea. We usually do not assign any public IP to the physical host and > just let it bridged to the Internet NIC. Then you may define a VLAN, and > create a router VM with a NIC in that VLAN and other one in a Public > network. The NAT'ing or any other routing/network facility (e.g. DNS > caching, proxy's) can be easily installed in the router VM. Any other VM > with a NIC in the VLAN will access the Internet through the router VM... > > This approach does not require a public IP every single host, you may > better secure them and better manage your public IP pool (e.g. elastic IP's > like functionality....) > > There are some hypervisor specific features like this one or DHCP that need > a different approach in a distributed setting...
Perfect! _______________________________________________ Users mailing list [email protected] http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
