Did you do DMZ for Partner Interconnect? | C2C Community
Solved

Did you do DMZ for Partner Interconnect?

  • 16 March 2022
  • 5 replies
  • 64 views

Userlevel 5
Badge +3

Recently I set up a Partner Interconnect with third party.

But, I needed to set up a “DMZ” in order to keep it safe…

Unless the GKE pod subnet should be advertised on BGP :fearful: (for connection stablishment between peer network and cluster network)

How many of you have overcame this with DMZ approach?

icon

Best answer by yuval 17 March 2022, 02:02

View original

5 replies

Userlevel 3
Badge +1

Hey Seiji.

Consider creating a VPC dedicated to the 3rd party interconnect and have your resources on another VPC. You can use private service connect[1] to expose services from your resource VPC to the interconnect VPC.

 

[1] https://cloud.google.com/vpc/docs/private-service-connect

Userlevel 5
Badge +3

Hey @yuval

Great! I did that, it has a project for the interconnect only.

But I need to study more about the Private Service Connect to apply in future projects… interesting :nerd:

Does it have any risk of subnet overlap with other one?

Userlevel 3
Badge +1

Private service connect is the solution for CIDR overlap - the producer VPC and consumer VPC can set their own ranges and they can be different!

 

https://cloud.google.com/vpc/docs/private-service-connect#benefits-services

Userlevel 6
Badge +11

Hey @seijimanoan ! I was wondering, did @yuval ‘s answers finally help you out? :)  

Userlevel 5
Badge +3

Hey @seijimanoan ! I was wondering, did @yuval ‘s answers finally help you out? :)  

Surely it gives me some helpful insight.

But I understand I’d need to set up private service connect on load balancers to expose that. And I couldn’t do that by now.

Yes, so I’m grateful to know that :) Great tip.

Reply