-2

Consider the following VPC:
Public subnet with app servers and a separate NAT instance.
Private subnet with database server.

What benefits do we gain by using a stand alone NAT?

EDIT: Why use a separate NAT router rather than having the app server(s) act as a NAT router?

csi
  • 1,535
  • 7
  • 22
  • 42
  • I don't think there's enough information here to answer your question. I guess you're saying that you have a public server(s) with public IPs, and then you have database server(s) which have NAT access to the Internet. And you're asking why use NAT, rather than isolate the database server(s) from the Internet? One obvious reason would be so the database server(s) can download OS or other software updates. But there may be other ways to address that (and other) concerns. – Flimzy Dec 01 '14 at 15:32
  • @Flimzy question clarified. Understand why we want the database servers isolated. Also understand that they still need internet access. The question is why use a separate server as a NAT instead of using 1 of the app instances? – csi Dec 01 '14 at 15:36
  • So your question is why use a separate NAT router rather than having the app server(s) act as a NAT router? – Flimzy Dec 01 '14 at 15:38
  • @Flimzy yes. Thanks for elegantly wording. Updated again. – csi Dec 01 '14 at 15:41

1 Answers1

0

Why use a separate NAT router rather than having the app server(s) act as a NAT router?

The most obvious reason would be:

  • Because routers are better routers

There are many reasons why a router can be a better router than a server, depending on the router, the server, and your needs. This makes it pretty impossible to answer your question specifically. But some general concepts which make this better are:

  1. Routers are better at routing. They have hardware designed for this task and, often more importantly, they have software designed for this task.

  2. Servers are often very poor routers. This depends a lot on what OS you're using. A Linux or FreeBSD server can make for a very decent router (and many routers do run these OSes).

  3. Separation of services is often beneficial from performance, security, and practical standpoints.

Flimzy
  • 2,375
  • 17
  • 26
  • Thanks. The main benefit based on our specific application is separation of services. We will evaluate. – csi Dec 01 '14 at 16:09