ISP / ASP and IP addressing.
I work for a small service provider, I have not worked for one before so I have no experence in this area.
At present our web servers use private IP address, incomming connections from the Internet are either NATed by the firewall directly to the web server or the public IP address is based on a load balancer which then passes the connetcion to the private IP address of the load balanced web servers.
I only allow through the firewall services I want to be able to get to the web servers E.G HTTP, HTTPS. This works well.
I will get to my question, do you as an service provider use public IP address on your web servers or do you also NAT and LB to private IP's.
NAT is as far as I am concerned used to expand address space and provides little in the way of security. It is also the most CPU and memory intensive task a firewall can do, which is why I am considering not NATing any more.
Having read some M$ documentation ment for service providers it is not clear if they recomend NAT or to use public IP. M$ do recomend a front net back net aproach, e.g, Internet sourced connetcions are passed by firewalls / load balancers to the front net. All DB connetcions and remote managment are made over the back net, seperating out external traffic from Internal traffic.
How do you do it (so to speak) Public IP's on web servers or private IP's with NAT and LBing?
Regards,
Mat.
