> -----Original Message----- > From: Murali Reddy [mailto:murali.re...@citrix.com] > Sent: Thursday, May 17, 2012 7:59 AM > To: cloudstack-dev@incubator.apache.org > Subject: basic zone for public clouds > > I was working on bug CS-14862 [1] which made me wonder if a basic zone > with/without security group can be used to build a public clouds. > Obviously if basic zone deployment with true public IP's for guest IP > address, then an account gets access to the guest VM's, snapshots etc > from > anywhere. It seems to me that one can not build a public cloud with zones > using private IP address range for guest IP's (SSVM and CPVM getting the > private address being the reason). Is it correct argument? >
It is a correct argument with current basic zone configuration. To solve the problem described in CS-14862, a simple approach would be to give SSVM and CPVM EIPs and let them hand over their EIPs to their client. > Clearly having EIP/ELB support in CloudStack enables to public cloud's > with basic zones using private address. While EIP does the NATing for > inbound traffic into the cloud instances, as there is source NAT service > what happens to the outbound traffic from cloud instances when there is > no > EIP assigned to it? > > [1] http://bugs.cloudstack.org/browse/CS-14862 EIP/ELB - SSVM and CPVM > should be given an ip address from the public ip address range.
