本文探讨了一名客户在使用SoftLayer服务时遇到的问题,即在企业网络服务器与Softlayer虚拟机间通信时,发现不同主机通过IPSec隧道总是显示相同的源IP地址。客户误以为这是NAT功能导致的问题,并询问是否可以关闭此功能。文章解释了SoftLayer IPSec服务的实际用途,并提供了两种替代方案来实现从企业网络到Softlayer的集成应用连接。
http://w3.insidepacket.net/index.php/16-softlayer-ipsec-4
Recently, one Softlayer customer complained that they have issue when the servers on the corporate network talk to VM guest on Softlayer. They found that their VM guests in Softlayer always see the same source IP when different hosts from their corporate network through IPSec Tunnel.
They suggested the fact of all traffic from the same IP (Softlayer ××× Gateway) brings the issue to their applications. So they asked if Softlayer can disable this NAT liking feature for them.
Unfortunately, the customer misunderstand the Softlayer IPSec offering.
SoftLayer IPSec offering in customer portal is for admin/management purpose only. It is not really for application integration, .e.g. customer VM to server on their corporate network.
If customer wants to establish secure connectivity from their corporate network to Softlayer for application integration purpose. There are two options:
Pick up one of them due to the requirements.
(1) virtual vyatta gateway--- for small deployment (e.g. <50 VMs)
(2) Physical HA vyatta gateway-- for big scale deployment and has HA and performance requirement ;
转载于:https://blog.51cto.com/longbow/1423683
扫一扫
9万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
