one question about CF security

姜恩龙jiangenlong <jiangenlong at>


・ Inbound: From the load balancer through the router to the DEA, then from the DEA to the App Container.

・ Outbound: From the App Container to the DEA, then to the gateway on the DEA virtual network interface.

・ This gateway might be a NAT to external networks depending on your IaaS.

・ -------- this is come from CloudFoundry official docs.

Do Load Balancer and NAT have the same ip? In other words, do the two appliance locate on one host( or VM)?

If not, client send a request , destination ip is LoadBalancer’s address, then client receive a response, source ip is NAT address.

I think, in this situation, client can not communicate with cloudfoundry.




Join { to automatically receive all group messages.