You might have noticed that in general, enterprise-grade networking solutions aren’t always available for general deployment in public cloud environments.
You might also have noticed that when you provision a compute instance in a public cloud environment you get one public (and usually one private) IP address.
I’ll stop for a moment and let you consider the relationship between these two facts.
Many mature enterprise-grade networking solutions require at least two network interfaces – one for traffic (data plane) and one for management (control plane) and often suggest a third for optimal, best-practice deployment. It’s been a long time since I’ve seen mature networking solutions that don’t employ segregated management networks. Those solutions that sit inline and that are in the line of fire, as you will, from concentrated network and application-layer attacks, absolutely need segregated management as a means to control the solution and mitigate an in-progress attack or sudden spike in utilization that might be overwhelming the primary network.