Portal Home > Knowledgebase > Articles Database > GNAX cloud forced use of NAT


GNAX cloud forced use of NAT




Posted by SoutheastWeb, 12-15-2011, 12:23 AM
So I purchased a GNAX Cloud server for some testing purposes and a few backup services (dns and mail). Upon setup there did not seem to be any 'simple' way of getting our server going. You have to create an app then add virtual machines so the entire process is very convoluted. I noticed there were no public IP addresses available for VM assignment and decided to open a ticket. This is what GNAX support says regarding the forced use of NAT. Now I'm a little taken back as why a provider would force the use of NAT, which is a terrible practice IMHO, and to top it off recommend a dedicated over cloud. I thought cloud beats dedicated?

Posted by Dougy, 12-15-2011, 12:29 AM
i wonder what jeff has to say

Posted by SoutheastWeb, 12-15-2011, 12:31 AM
It gets even better, the tech responded with a poorly put together PDF document which basically wants you to hack up cPanel. /me very unimpressed.

Posted by ramnet, 12-15-2011, 02:29 AM
I find it hard to believe anyone would sell a cloud *server* without providing a public IP address - that just doesn't make sense. NAT is more a end-user technology - servers behind nat just doesn't make sense. There must be some mistake - I'm sure Jeff will be around to resolve this for you soon.

Posted by SoutheastWeb, 12-15-2011, 02:34 AM
The support technician already forward my ticket to sales for cancellation, due to the NAT issue. Nobody really has anything good to say about the GNAX Cloud on WHT, I was hoping for a different experience.

Posted by Wintereise, 12-15-2011, 02:34 AM
Nope, all of their vCloud gear is NAT only. I have the same thing happening.

Posted by SoutheastWeb, 12-15-2011, 02:36 AM
I beta tested the PhoenixNAP secured cloud and it was light years better, just from interface and not being forced to NAT (what bs). Unfortunately we already have equipment in this location and needed something elsewhere.

Posted by (Stephen), 12-15-2011, 12:14 PM
I am not sure that for a true cloud, why NAT would not make sense in some cases. This way you mount the public IP on a redundant load balancing platform, and can route to the proper cloud node as needed. In many ways especially with IPv6 lack of adoption still, and IPv4 so (out)on IPs, it really makes sense instead of doing a rapid fail system, to have this, it goes a long way to resolve minor ARP cache downtimes that could be seen from other failover types as well, allowing a true on the fly redundancy that the end user never even sees. In short, I think there are many benefits to using a NAT based system for the cloud, but I can see the downsides to it with some software and services as well.

Posted by Dan-CKS, 12-15-2011, 12:32 PM
"I thought cloud beats dedicated?" Cloud is merely a marketing term (and for providers to over charge consumers)

Posted by Coolraul, 12-15-2011, 12:39 PM
Hold up, let's be clear here. You DO get a public IP but they just nat it to an internal IP which is what CPANEL sees. Cpanel works just fine in this way. To cpanel and any of your visitors they only see the public ip. I don't understand why it has to be setup this way with their cloud offering but suggesting you have to hack up cpanel or that you don't get a public ip with it is a bit misleading.

Posted by Coolraul, 12-15-2011, 12:44 PM
As I am sure you know, nothing really beats anything else. Linux/Windows Cloud/Dedicated/VPS Iphone/Android VMWare/Hyper-V/Xen/Openvz Each option has plus and minus and while people love to wage holy wars over the technology you realize after a while that they all do the same things just in different ways and for different customers. If your point is that many cloud offerings are simply vps then that I agree with.

Posted by quantumphysics, 12-15-2011, 12:54 PM
amazon does this, and it's an amazing practice? internal load balancing, completely transparent to enduser?

Posted by Mr Terrence, 12-15-2011, 04:52 PM
Did you have a ticket open, if so please PM me with your details and we will be happy to take care of this issue.

Posted by xtrac568, 12-15-2011, 05:04 PM
Last time i checked, cPanel will do licensing against IP address assigned to the network interface (internal ip), not the public-facing IP address. So no, licensing won't work correctly in default cPanel setup. However this isn't GNAX problem, it's bad design of cPanel licensing. Last edited by xtrac568; 12-15-2011 at 05:09 PM.

Posted by SoutheastWeb, 12-15-2011, 05:28 PM
A hack is still a hack. You do not get a public IP but a private IP which is NAT'd, simply bad practice imho. I was just using cPanel as an example. What about other network services like GRE tunnels or SIP for customers who are already behind firewalls. This just leads to configuration issues and not to mention the performance hit taken by rewriting every packet. I prefer to not have issues like double NAT or a firewall rewriting everything upstream. Who wants to deal with that?

Posted by shvinod, 12-15-2011, 05:39 PM
We had the similar issue with SIP traffic in Amazon cloud. Ultimately we ended up modifying our application so that SIP headers are properly updated.

Posted by SoutheastWeb, 12-15-2011, 06:11 PM
Are you asking if Amazon does this and if it's an amazing practice? Quite simply, NO it's not amazing. There are still inherent issues whenever the use of NAT is in place. Amazon's EC2 has what they term "EIP" or elastic IPs which are 1:1 mappings for public to private. There is no magic internal load balancing, if an instance fails you still have to launch another. It's also not completely transparent, packets are being rewritten. EC2 is not the platform in question here either, but since you've brought it up this is what their FAQ says. Nowhere does GNAX state anything of this nature for their cloud platform. It's simply NAT only, or so says their technician

Posted by SoutheastWeb, 12-15-2011, 06:14 PM
That's really just the tip of the iceberg. When you see places deploying this type of infrastructure design, it usually means lack of public IP space or lack of knowledge in the routing/network topology department. Not to say GNAX or even EC2 is lacking in any of these, however some would agree.

Posted by sailor, 12-16-2011, 12:04 AM
Wow. Really? You are set up with NAT as a standard because we include vshield firewall for free as part of your cloud. Its good practice to use a firewall - and its good security practice to use nat. conserving IP space is always good - traditional assignments waste 3 40% of the ips. Most good engineers know these basic things. If you would like to get rid of the firewall and have a direct ip - we do support that. Its sub optimum but we support it if you just ask. Cpanel works just fine with our firewall setup btw and its not a "hack" as you say.

Posted by Coolraul, 12-16-2011, 12:49 AM
I can assure you as a user of a Gnax cloud instance that their cloud instance works just fine with Cpanel. There is no issue that I am aware of. Honestly, I think you are making this out to be more than it is but if you are really uncomfortable with it, talk to them and if still uncomfortable then just take your business elsewhere. There are lots of good cloud providers. I think Gnax is among the good ones but certainly there are others.

Posted by VMhosts, 12-16-2011, 01:10 PM
I would say the best approach it to provide the customer the option. If they want to use NAT why not place a virtual firewall appliance in front of the VM. If they want to use Guest OS firewalls such as IPtables then just use that. I think they will increase their support ticket workload with the current approach. Every time something doesn’t work (connectivity wise) then the customer will blame their NAT rules

Posted by FastServ, 12-16-2011, 02:28 PM
As long as each installation of Cpanel has it's own 1:1 NAT'd on a unique public IP it will license behind NAT. The main issue is with DNS where it's going to load up zones with private IPs rendering DNS functions useless without DNS rewriting at the firewall. Cpanel themselves does not officially support NAT environments so hopefully you don't ever have any issues requiring help from Cpanel support.

Posted by euronet063, 12-20-2011, 10:49 AM
I must to agree with sailor in all.

Posted by Steven, 12-20-2011, 11:11 AM
For what its worth I'll throw this here: http://www.cpanel.net/products/cpane...uirements.html http://docs.cpanel.net/twiki/bin/vie...%20server%20un While it does work, if you have issues they probably won't help you. There is other legitimate reasons to not use NAT for all applications. Here is one: http://wiki.zimbra.com/wiki/Split_DNS I am glad to hear Gnax offers a solution without a Nat'ed ip.

Posted by BeZazz, 12-30-2011, 10:00 AM
I had issues with DNS clustering with other servers.



Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read
IMAP Unmatched Entries (Views: 305)