Mimosa Cloud not NAT'ed


#1

Network here is not NAT’ed but I use private IPs on my infrastructure. So there is not a way to connect to the Mimosa Cloud. It would be nice if there was a way, i.e. tunnel or if there was a way to have a “local” cloud.

tk


#2

So your bridge doesn’t have any access to the public web at all? I’m confused by what you’re trying to say here.


#3

This is not a mimosa problem…


#4

NAT to Mimosa’s cloud and protect with a well written ACL. This is easy cheap and effective. If you don’t like that route to a VM in a data center running PFSense or similar protect your path to the Data Center with ACL and use PFsense to protect the path to Mimosa’s cloud. This would also give you more insight into traffic to and from Mimosa’s cloud than a route on a switch/router.


#5

My B5’s are all on the cloud and I use 10.x’s for those devices. The 10.x’s are nat’d to a public.


#6

So to clear it up some, maybe. On my network, it isn’t NAT’ed as a whole. All infrastructure is on private space IPs, 10.x.x.x for instance. Public IPs are assigned to our clients. So no NAT means can’t get to to the cloud with that hardware and the world can’t get to it. Don’t want to rework my whole network for that. So that was why I was asking.

tk


#7

Is all of your management in its own VLAN? If so you could NAT to some out of band management from DSL or 4G. If you are not running your management in its own VLAN you seriously should consider redesigning your network. If you are unwilling or unable to use NAT and get to the internet then you will have to manage your devices manually.


#8

My whole point was asking for a new feature, another way to do this. No, I don’t want to NAT and I know I have to manage them manually at this point.
FWIW, some time in the future this will have to be looked at anyway. IPv6 doesn’t have NAT.


#9

You are correct. IPv6 does not have NAT… that is because every address is directly route-able. meaning if it is hooked to the internet with IPv6 all other IPv6 addresses can route to it… They are all public. Unless you do some firewalling. the entire reason for NATing was to save IP’s… IPv6 has a ridiculous amount of IP’s… how ridiculous? Well we are a small ISP and we have a /32 assignment of IPv6. What does that mean in numbers?

I can assign 4,294,967,296 standard /64 subnets… each of the subnets has 18,446,744,073,709,551,616 usable addresses… so we ,a small ISP, have a total of:
79,228,162,514,264,337,593,543,950,336 addresses. Right now our small allotment can supply thousands of IP’s to every device on the planet. that is why IPv6 will not have any form of Network Address Translation. there is simply no need.


#10

Just to follow up here, from everything I’ve heard lately, there is little/no incentive for mimosa to support IPv6 in their product even though the linux stack does support IPv6 (Apparently all the tools/web pages they have they don’t want to write the IPv6 versions to have to deal with the other IP stack).

This leaves us with the lousy choice of constantly using NAT as a “trick” on a public network. This really is nasty for an ISP and virtually impossible for those of us that use BGP with multiple gateways on our network for outbound traffic (since their VLAN approach to management doesn’t work correctly either).