[194525] in North American Network Operators' Group
Re: Ingress filtering from an external cloud service to the internal
daemon@ATHENA.MIT.EDU (Yan Filyurin)
Fri May 5 12:19:42 2017
X-Original-To: nanog@nanog.org
In-Reply-To: <4E275B0B9F6F5445ACE48FBBB2AC3B14CAD3C3B8@ExchMBXProd02.win.lottery.state.or.us>
From: Yan Filyurin <yanf787@gmail.com>
Date: Fri, 5 May 2017 10:11:23 -0400
To: "Torres, Matt" <matt.torres@state.or.us>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
Since you can't change the design you may not be able to put some kind of
overlay solution in place, which is just a fancy way of saying a VPN
solution. What if you look at it in a different way and put some kind of
endpoint security cloud solution like Illumio.
But if you at least had the freedom to put something like this:
http://www.sproute.com/span
in place or 20 other similar solutions. As in you do VPN, but right from
the cloud instance itself or another instance. There is also a set of
various solutions that do specialized metadata like Cilium, but they get
into container networking and that is definitely application redesign.
On Thu, May 4, 2017 at 1:08 PM, Torres, Matt <matt.torres@state.or.us>
wrote:
> Unfortunately, a private connection or VPN to the cloud service provider
> is not available right now, but I can see how that could help solve my
> problem. :-)
> ~Matt
>
> > Is it possible for you to get a private/direct connect service from your
> network perimeter to the cloud provider and eliminate using the public
> connectivity?
> >
> >Or because its Internet-based you have to use public connectivity?
>
