Even traffic distribution for route 0.0.0.0/0

In some cases, e.g., to connect cloud resources to the internet via the customer infrastructure, you need to set up 0.0.0.0/0 route announcement over BGP towards Yandex Cloud.

The flowchart above shows how the traffic from cloud subnets connected to Cloud Interconnect is unconditionally routed to customer edge routers via both points of presence.

Security groups cannot be assigned to resources outside Yandex Cloud; therefore, the correct way to filter traffic is to use IPv4 prefixes rather than links to other security groups.

In this case, the customer can configure traffic filtering rules on customer edge routers before sending it to the internet through their own NAT gateway without using the Yandex Cloud infrastructure.