When to Use No Ingress
Select No Ingress when firewalls or other networking rules do not allow bi-directional connectivity. For example, connecting an on-premises system to a cloud deployment where direct connectivity cannot be used. In this scenario, a PrivateLink connection is needed between every on-prem node and every cloud node. To simplify this setup, a no ingress network can be created and applied from the cloud node to the on-prem nodes. This allows the on-prem nodes to preemptively create connections to the cloud nodes through a PrivateLink connection. This method is often used in conjunction with a load balancer network for on-prem-to-cloud node connectivity.
Where to Put No Ingress in the Link Setup
When adding a link, select No Ingress for the hop that moves in the direction towards the connection that cannot be made. For example, a PrivateLink connection from an on-prem node to a cloud node: the link points from the on-prem node to the cloud node. In this scenario the Hop1 Initiating network option is set to No ingress since the cloud deployment cannot connect to the on-prem nodes. However, if the link points from the cloud node to the on-prem node, then the Hop1 Target network is set to No ingress.
The same logic applies to bridge scenarios. Whatever system is directly behind the load balancer is where the ingress network is applied.
When to Use a Load Balancer Network Type
A load balancer network simplifies the setup when the on-prem system connects to a single PrivateLink. When PrivateLink is used in conjunction with a bridge system it sits directly behind the load balancer. In this scenario, PrivateLink connects to the load balancer, which has a target group with all bridge nodes and the on-prem system connects to a single PrivateLink address. The cloud node lists the load balancer as the output of the PrivateLink with a bridge system as the target group for the load balancer. If the link points from the on-prem node to the cloud, the Hop1 initiatorNetwork connects the bridge to the on-prem system and is set to No ingress. The Hop1 targetNetwork is the load balancer network and connects the on-prem node to the bridge.
Hop 2 sits between the bridge and cloud systems, which are in the your Virtual Private Cloud (VPC) and should have a direct connection. Hop 2 continues to use the standard network interface or CIDR notation networks as before.