Consul recommendations for firewalled environments


I’ve previously deployed Consul into various AWS environments and it’s been incredibly useful. I’m now working for a company who have in-house infrastructure and I can see a benefit in them also using it. My problem is that this customer are responsible for Critical National Infrastructure and have a very fragmented network design with servers residing in 100’s of firewalled zones. Opening up even a single port to/from every host in every zone is going to be impractical and probably considered a security risk.

Is there any functionality within Consul (or a related product) to accommodate environments such as this? I’ve searched for documentation but haven’t found anything I can present as a potential solution.

Many thanks,

Hi @crooks,

Consul Enterprise has a feature called Network Segments which allows creating multiple, smaller LAN gossip pools. Nodes only gossip to other nodes within their same segment, thus removing the need to permit gossip communication between all nodes within the datacenter.

1 Like