Wondering if anybody has had success getting hairpin NAT to work over a SpeedFusion tunnel. I’d like client devices on the 580X to be able to access servers on the 580X utilizing the public IPv4 addresses on the data center SDX that forward to 580X servers via SpeedFusion. Many of these IPv4 addresses on the SDX are “Additional IP Addresses” in WAN settings on SDX if that has an impact. Everything works from outside the network but only the private addresses work for client devices on the 580X.
Thanks for the reply and suggestion, Martin. Using local DNS records has worked well for existing clients so far.
The current situation is with a new client who has some specialized video equipment that will only operate using IPv4 addresses, not DNS hostnames for some reason. This equipment sometimes operates on the 580X network and sometimes operates out in the field hence the desire to use only the Public IPv4.
Ah. Video gear is traditionally not designed well for routed networks so we see weird static ip address only configs often.
You either need to move the public ip addresses closer to the server (a vlan on the b580x for example) so you remove the Hairpin, or you need to abuse 1:1 virtual network mapping with custom advertisements but that will only work for public inbound access with the right SDX hosting setup.
I hadn’t considered the 1:1 Virtual Networks before, that’s a clever idea.
I think in this case I’m going to bring the public IP’s closer by adding a 2nd router on the client site and using a layer 2 tunnel to bring the public addresses directly to the client existing router’s WAN. This should enable them to to use hairipin NAT locally and have the desired ISP fail-over behavior.
