Ingress filtering from an external cloud service to the internal network

Yan Filyurin yanf787 at
Fri May 5 14:11:23 UTC 2017

Since you can't change the design you may not be able to put some kind of
overlay solution in place, which is just a fancy way of saying a VPN
solution.  What if you look at it in a different way and put some kind of
endpoint security cloud solution like Illumio.

But if you at least had the freedom to put something like this:

in place or 20 other similar solutions. As in you do VPN, but right from
the cloud instance itself or another instance.  There is also a set of
various solutions that do specialized metadata like Cilium, but they get
into container networking and that is definitely application redesign.

On Thu, May 4, 2017 at 1:08 PM, Torres, Matt <matt.torres at>

> Unfortunately, a private connection or VPN to the cloud service provider
> is not available right now, but I can see how that could help solve my
> problem. :-)
> ~Matt
> > Is it possible for you to get a private/direct connect service from your
> network perimeter to the cloud provider and eliminate using the public
> connectivity?
> >
> >Or because its Internet-based you have to use public connectivity?

More information about the NANOG mailing list