Hi,
we have a special on premise setup with the focus on high network isolation.
The setup we want to implement will be the following.
- consul cluster reachable from all private networks (example address space 100.xxx)
- some consul clients run in the same address space (100.xxx)
- some consul clients run in a complete isolate private network space (10.xx.xx.xx)
The initial impression for us was that its enough for the consul client to reach the consul server. But the consul server doesn’t need to be able to reach the consul client.
We achieved already similar setup with other solutions for other purposes.
After reading a lot of documentation and having a first poc it looks like its not achievable what we planned to do with consul here.
For better understanding i will share a example setup of us.
Network setup:
- consul cluster running in 10.68.2.0 (advertise_addr: 100.27.8.0)
- consul clients running in 10.67.6.0
- network routing is setup like
** 10.67.6.0 → 100.27.8.0 → 10.68.2.0
Have a nice day