Hello Consul Community,
i am currently researching the security aspect of consul in an Enterprise Environment. My task is to evaluate if its possible to satisfy the security requirements with the open source version of consul. I am planning to use Consul as a KV-Storage for a Patroni Cluster.
The critical part is the communication (gossip) between all nodes in one datacenter. This means clients from different customers (databases) talk to eachother over UPD and TCP (Port 8301). It is not possible to prohibit Gossip between Clients using ACLs. So i decided to use firewall rules to limit communication between clients from different customers.
This results in expected “memberlist: PUSH/PULL Errors” between those clients.
The documentation warns about “Health flapping” : https://learn.hashicorp.com/consul/day-2-operations/network-segments
But i was not able to observe those Problems in my current test system.
So thats my question. Are there any known issues occuring by limiting client communication?