[Freeipa-devel] [RFC] Improve FreeIPA usability in cloud environments
James
purpleidea at gmail.com
Mon Sep 16 12:51:21 UTC 2013
On Mon, 2013-09-16 at 09:31 +0200, Petr Spacek wrote:
> You are right, the scenario described by me doesn't require views.
> Please see
> reply from James in another part of this thread - his setup has shared
> host
> name (internal = external) but different IP addresses for internal
> and
> external usage.
>
> The question is if DNS is the right layer to solve the problem.
Yep. See below.
> Some oddities
> like this could be solved on IP routing level: I.e. use
> 'external'/public IP
> address everywhere and route packets with this 'external IP' to the
> right part
> of the internal network.
>
> Solution on routing layer can be technically feasible, but it doesn't
> mean
> that it is politically acceptable. People usually don't want to touch
> routing
> unless absolutely necessary :-)
FWIW, I completely agree, although I do not having a problem with the
routing solution, in certain setups it can add much more complexity
which may not be required or even possible to do. Eg: conntrackd setups
could get hairy or impossible.
Let's do this in DNS.
James
PS: If anyone wants to meet to talk about this, I'm at Linuxcon New
Orleans this week if I can be of any help.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20130916/f794422c/attachment.sig>
More information about the Freeipa-devel
mailing list