Currently we have two options to link two PODs, using VLAN Spanning (which allows secondary IP addresses to be created on servers to bypass VLAN separation on Vyatta), or using a VPN over public interface (which makes DDOS attacks possible).
I would like to propose that Transit VLAN spanning be developed, to allow spanning between all transit VLANs in the account. This would enable connection between Vyatta gateways, but all other servers would only be able to access other VLANs via the Vyatta managing the traffic. This should be possible to automate, as Bluemix Infrastructire already knows which VLANs are transit VLANs (can have only Vyatta gateways on them) and which are not (can have servers on them).
This would avoid diffcult questions with Enterprise customer security, who currently have to choose between ability for administrators to bypass security, or using public interfaces for communication. It is hard to ascertain how many users are impacted, as this affects instead whole accounts, and I've certainly had to have this conversation with a dozen or so accounts in the last year.
Do not place IBM confidential, company confidential, or personal information into any field.