[180464] in North American Network Operators' Group
Re: AWS Elastic IP architecture
daemon@ATHENA.MIT.EDU (Owen DeLong)
Thu Jun 4 05:20:00 2015
X-Original-To: nanog@nanog.org
From: Owen DeLong <owen@delong.com>
In-Reply-To: <CAL9jLaZneSzEB0TefS66wdpkCs8Pm9eREWo70pqQQ-h1hEhrAQ@mail.gmail.com>
Date: Thu, 4 Jun 2015 10:16:14 +0100
To: Christopher Morrow <morrowc.lists@gmail.com>
Cc: nanog list <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
> On Jun 3, 2015, at 9:24 PM, Christopher Morrow =
<morrowc.lists@gmail.com> wrote:
>=20
> On Wed, Jun 3, 2015 at 7:56 AM, Owen DeLong <owen@delong.com> wrote:
>> For example, let=E2=80=99s say you have 20 machines for whom you want =
to allow inbound SSH access. In the IPv4 world, with NAT, you have to =
configure an individual port mapping for each machine and you have to =
either configure all of the SSH clients, or, specify the particular port =
for the machine you want to get to on the command line.
>=20
> in the original case in question the fact that there's nat happeng
> isn't material... so all of this discussion of NAT is a red herring,
> right? the user of AWS services cares not that 'nat is happening',
> because they can simply RESTful up a VM instance and ssh into it in
> ~30 seconds, no config required.
That depends=E2=80=A6 If they have a public address ON their machine or =
dedicated to their machine, then, they MAY not care that NAT is =
occurring.
If they want to run SIP or some other protocol which depends on being =
able to tell the far end where to connect for secondary channels, then =
they may care anyway.
You can reduce the number of things that NAT breaks, but you can=E2=80=99t=
eliminate them all.
> let's skip all NAT discussions on this topic from here on out, yes?
Only if you can promise me 100% that the NAT in question will not break =
anything.
Owen
