1 Answer
- Newest
- Most votes
- Most comments
1
Because your clients are using the same IP range your options are limited.
Network Firewall doesn't support different networks with overlapping IP addresses. But what you can do is create a separate VPC for each client and put Network Firewall endpoints in each VPC. You're essentially creating separate infrastructure for each client. This is necessary because (as you point out): How will the network know which 172.22.0.0/16
network to send the traffic back to? It doesn't - so separate VPCs and endpoints are the way to go.
In the larger scheme of things, if you're able to use PrivateLink to present your application(s) to your client it will make everything much simpler. More options are discussed in this blog post.
Relevant content
- asked 5 months ago
- asked 8 months ago
- AWS OFFICIALUpdated 2 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
Thanks, Brettski. I'll take a detailed look at the blog which I skimmed through just yesterday when I was searching for some relevant solution to my problem.
I've also been going through the available docs on CloudWAN. I think even if I use segments in the core network, my issue will still persists. Segment's routing will still not be able to handle the forwarding of traffic for 172.22/16 to the customers' VPNs. What's your take on it?
Thanks again for the response.
Cloud WAN doesn't bring any solution for overlapping IP addresses: It's great for setting up policies and ensuring that different groups of applications can/can't communicate. So it might be helpful here; but not in solving the overlap issue.