Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Provide option to keep spoke traffic internal #170

Open
simonkurtz-MSFT opened this issue Oct 31, 2024 · 0 comments · May be fixed by #171
Open

Provide option to keep spoke traffic internal #170

simonkurtz-MSFT opened this issue Oct 31, 2024 · 0 comments · May be fixed by #171
Assignees
@simonkurtz-MSFT

Comments

@simonkurtz-MSFT
Copy link

Presently, the quad-zero user-defined route in the route table for the ACA subnet routes all egress from that subnet to the firewall in the hub. This is appropriate for egress from the entire spoke; however, traffic within the spoke would be sent right back from the hub.

Instead, we should provide an option to keep spoke traffic internal. This is normal workload traffic that often does not require additional inspection. To avoid changing existing behavior, the option should be turned off by default.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@simonkurtz-MSFT simonkurtz-MSFT

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add UDR option to route spoke traffic internally simonkurtz-MSFT/aca-landing-zone-accelerator
1 participant
@simonkurtz-MSFT