I've been assigned to be in charge of our business' networking and am a bit out of depth here. We have a few production services running on multiple servers, currently sitting behind a NAT and a single public IP address. We separate the traffic by piping all HTTP/S traffic to a load balancer, which then routes the traffic to the proper VMs. This works ok, but we'd like be able to fully separate these services and even add our development servers to the same network connection. We can naturally ask for more IPs from our ISP, but I would not like to have to assign a public IP to all VMs.
So what we'd like to do is to separate some servers as VLANs and assign a single public IP to each VLAN and then use NAT to allow each server/VM within the VLAN to talk to each other as well as the outside internet.
Would something like this be possible? We are currently running an EdgeRouter ER-12P. If so, is it possible to do entirely within the EdgeRouter, or do we need an extra router for each VLAN? And then perhaps do a 1:1 NAT mapping from a public IP address to an extra router's IP address?
Thanks!