Why would you internally use NAT?

Question

I work at a fairly huge company as a software engineer and I would like to understand why an enterprise would internally use NAT. We have several data centers, somewhat geographically close to each other with private low latency links between them.

Servers which are adjacent to one another are able to communicate without NATing, but once the traffic goes cross data-center or to another network zone (ex. production to non-production) the traffic is NAT'd. Because the source IP is obfuscated it's impossible to allow traffic from a specific host in another datacenter without allowing the source's entire datacenter.

I've asked around, but haven't gotten an answer that makes sense to me. Someone mentioned that we did this to accomplish Layer 2 adjacency for vMotion, but why do you need NAT to do that?

You'd have to talk to your network engineering group for a definitive answer. You'd need to give some more information on the topology before a solid opinion could be given i think. It might not even be NAT, it might just be them funneling connections through firewalls to maintain isolation and security between segments of the datacenter. — peelman, Apr 18 '15 at 00:38
@peelman Maybe someday I'll get their explanation. I'm fairly sure it is NAT, since the network team calls it NAT (I've even had hosts setup in a "No-NAT" context). — stephen.corgiat, Apr 18 '15 at 00:48
@MichaelHampton I guess some people are too embarrassed to acknowledge that the IPv6 standard is in fact from the 20th century. — kasperd, Apr 18 '15 at 06:40
@nitelord Such a setup is likely a consequence of a series of short sighted decisions (each of which may have seen like a good idea at the time). Another factor would be insufficient resources allocated to clean up the old legacy. Some misconceptions may also come into play such as the very common misconception that NAT is a good substitute for a firewall. — kasperd, Apr 18 '15 at 06:45

Why would you internally use NAT?

0 Answers0