Overview of proxying

Proxying is needed to expose VMs created in private address spaces to the public Internet. A number of mechanisms exist to achieve this. Since VMs are created and destroyed dynamically, proxy mechanism must respond to these events to dynamically create and remove configurations as VMs come and go. Eucalyptus/NEuca has a built-in proxying mechanism of allowing public IP addresses from a limited pool to be assigned to VMs. This works well if the Eucalyptus head node has an interface on a public network. If the head node is itself located in the private address space, some form of proxying is required.

The most common scenario is NAT preventing direct access to internal hosts. The proxy mechanisms typically exposed a limited number of applications on guest VMs to the outside world. Specifically certain TCP or UDP ports on the VM are exposed via a proxy mechanism with a public IP address. The following mechanisms are discussed in detail: