答复: Re: one question about CF security
姜恩龙jiangenlong <jiangenlong at hxdi.com...>
Thanks for your instant reply.toggle quoted messageShow quoted text
For example, application need a database service, and the database service locates in the internet.
The application communicate with database service by NAT server, the NAT server will change the application’s internal ip into an external ip address.
In situation of pivotal public cloud, the using case of user-provided-service can exactly explain this case dialog.
This is my understanding, is it right?
发件人: Gwenn Etourneau [mailto:getourneau(a)pivotal.io]
发送时间: 2015年12月10日 12:58
收件人: Discussions about Cloud Foundry projects and the system overall.
主题: [cf-dev] Re: one question about CF security
Inbound is connexion initiate from external, in this case dialog between app and client is throught the LB / Gorouter
Outbound is connexion initiate from Internal that's mean your app want to connect to something ....
Not sure I am clear ...
On Thu, Dec 10, 2015 at 1:35 PM, 姜恩龙jiangenlong <jiangenlong(a)hxdi.com<mailto:jiangenlong(a)hxdi.com>> wrote:
• Inbound: From the load balancer through the router to the DEA, then from the DEA to the App Container.
• Outbound: From the App Container to the DEA, then to the gateway on the DEA virtual network interface.
• This gateway might be a NAT to external networks depending on your IaaS.
• -------- this is come from CloudFoundry official docs.
Do Load Balancer and NAT have the same ip? In other words, do the two appliance locate on one host( or VM)?
If not, client send a request , destination ip is LoadBalancer’s address, then client receive a response, source ip is NAT address.
I think, in this situation, client can not communicate with cloudfoundry.