Addresses in a private or public network (such as the Transmission Control Protocol/Internet Protocol, or TCP/IP, -based Internet) are grouped into logical subnetworks (or “subnets”). Each subnet has a finite number of IP addresses that may be assigned to network devices. Network devices assigned particular IP addresses within a subnet can communicate with one another without using a router or gateway, while communication between network devices assigned IP addresses on different subnets typically occurs by way of a gateway connected between subnets. In a virtualized cloud computing environment, network communication is enabled by access to a network gateway that is connected between the cloud-computing environment and the public (or “external”) network. Such a network gateway provides various network management services (such as Network Address Translation (NAT) and firewall services) in order control incoming and outgoing network traffic (i.e., IP data packets) from and to the external network.
In order to facilitate network management, a network gateway in a cloud computing environment is assigned IP addresses from a subnet of the external network that the gateway participates in. One of the allocated IP addresses represents (for management purposes) the address of network gateway on the external network. Other IP addresses (referred to as IP addresses from the subnet's sub-allocation pool) are allocated to the gateway to facilitate specific network management services (e.g., NAT and firewall). Since cloud computing environments are becoming larger and more complex, available IP addresses in a subnet have become a scarce resource. Indeed, gateways in cloud computing environments typically use several external IP addresses in order for the gateways to implement NAT, firewall, and virtual private network (VPN) policies.
In many cloud computing environments, IP addresses can only be allocated to a cloud-based network gateway from a single sublet. Thus, when a gateway is deployed on the network, a subnet that can accommodate all IP addresses that the newly deployed gateway requires needs to be available. Further, it is often the case that an already-deployed gateway requires additional IP addresses to enable additional services to be used with the gateway. When IP addresses can only be assigned from the initial subnet, it may be the case that the initial subnet runs out of allocable IP addresses. Further, in many cloud computing environments, IP addresses allocated to a network gateway cannot be deallocated from the gateway without deallocating (i.e., removing) the gateway itself. This results in the wasting of IP addresses assigned to a gateway that does not need them, but that still needs to remain functional.