Public cloud services enable anyone with a credit card to deploy a vast infrastructure without any prior enterprise IT experience. Services such as AWS, Google Compute Engine (GCE), and Microsoft Azure allow the deployment of geographically-dispersed applications supported by micro-segmentation for advanced security and load balancers for scale. The build can be accomplished without even knowing the basics of networking, such as what an ARP request does.
Integration of public cloud infrastructure with private data centers isn’t as forgiving of proper infrastructure knowledge. And one area that deserves planning is IP addressing.
Avoiding network address translation
Any engineer who has dealt with Network Address Translation (NAT) or double-NAT in the data center will tell you about the qualities of well thought IP addressing. Organizations sometimes simply can’t control the IP addressing schemes they inherit as part of a merger or data center migration. Most hope there isn’t a conflicting range of IP addresses when integrating a new data center or connecting to a partner network.
See: Why there’s no compelling use case for hybrid cloud (TechRepublic)
If there’s a conflict in IP addresses, customers have two options. The first, and preferable, option is to define a new IP address scope for the conflicting network. Defining a new IP scope is commonly referred to as re-IP’ing. Depending on the size or complexity of the target network, re-IP’ing is not an option. Think of hundreds of databases with hard coded IP addresses or thousands of desktops with client software configured to communicate via hard coded IP addresses.
If re-IP’ing isn’t an option, another avenue is to leverage NAT. Routers and firewalls are used to perform IP address conversion within the network. For example, if the source IP of 10.1.18.176 located on a partner’s network wants to communicate with the target IP of 10.1.18.92 located on the private network, NAT is applied. A set of network devices will maintain a NAT table that translates the conflicting IP addresses. For large networks, this technique becomes extremely difficult to manage and troubleshoot.
Avoid the problem in Public Cloud
As companies begin to plan out their connectivity to services such as AWS, IP addressing is a critical first step. Each cloud provider provides the ability to control private IP addressing. I’d advise creating an IP address plan for each major cloud provider, regardless of the existence of workloads in that provider.
During VMworld 2016, VMware CEO Pat Gelsinger shared the results of a public cloud survey detailing cloud usage among a subset of VMware customers. A surprising statistic is that the average respondent consumed services from eight different public clouds. There’s a significant chance that companies consume services from each of the major providers. Having an IP address scheme at the ready ensures fast reaction when an internal customer makes a request to connect a major cloud provider.