Comment 7 for bug 1577488

Ryan Tidwell (ryan-tidwell) wrote :

I will link to some diagrams shortly. This RFE makes it possible for tenants to be able to access VM's both fixed and floating IP. But that's all the tenant needs to know, the details of how traffic is routed only needs to be understood by the operator. If you imagine a world without NAT, this would optimize the north-south data path when you use DVR. Operators don't need SNAT when their external network and their tenant networks are in the same address scope. Focusing on SNAT and DNAT really clouds the issue. NAT of any kind should not be a requirement for operators to allow tenants to access "outside" networks. Operators should have a choice between direct routed access and SNAT/FIP. We don't give operators much of a choice when DVR is involved because all *routed* north-south traffic must currently be routed through the SNAT node when it doesn't have to be. Again, I'll link to some diagrams shortly.