Hi community,

I wanted to hear your opinion on best practice for a subject that I try to achieve:

I have basically two segments in my architecture: DMZ & LAN.

I want to manage all the APP&DATA layer of Apigee inside LAN: analytics, management, etc.

With this architecture (attached diagram) - I want completely isolate data flows between segments. I want to have R+MP for DMZ so that some routing & logic will flow on the external segment, and then will be routed to LAN Router.

From component POV I want to DMZ's R+MP be separated from LAN R+MP.

As MP's are part of the environment, I can solve MP part with env's: 'DMZ' and 'LAN' and attach MP's accordingly. But Routers are part of the same POD, so they will try to communicate with each other and I want this also to be completely separate. As far as known, Organization can have only one POD, but POD can have multiple organization. So if I will also use different organization for each segment it will completely separate my deployment and components will work only with components in their organization. It will reach my goal, but I want to work with the same organization. So is there any suggestion on correct (based on experience) separation for the traffic flow?

Thanks,

-D