nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: AWS Elastic IP architecture

From: Owen DeLong <owen () delong com>
Date: Thu, 4 Jun 2015 10:16:14 +0100


On Jun 3, 2015, at 9:24 PM, Christopher Morrow <morrowc.lists () gmail com> wrote:

On Wed, Jun 3, 2015 at 7:56 AM, Owen DeLong <owen () delong com> wrote:

For example, let’s say you have 20 machines for whom you want to allow inbound SSH access. In the IPv4 world, with 
NAT, you have to configure an individual port mapping for each machine and you have to either configure all of the 
SSH clients, or, specify the particular port for the machine you want to get to on the command line.


in the original case in question the fact that there's nat happeng
isn't material... so all of this discussion of NAT is a red herring,
right? the user of AWS services cares not that 'nat is happening',
because they can simply RESTful up a VM instance and ssh into it in
~30 seconds, no config required.


That depends… If they have a public address ON their machine or dedicated to their machine, then, they MAY not care 
that NAT is occurring.

If they want to run SIP or some other protocol which depends on being able to tell the far end where to connect for 
secondary channels, then they may care anyway.

You can reduce the number of things that NAT breaks, but you can’t eliminate them all.


let's skip all NAT discussions on this topic from here on out, yes?


Only if you can promise me 100% that the NAT in question will not break anything.

Owen
Previous By Date Next
Previous By Thread Next

Current thread: