Dynamically defining encryption spaces across multiple data centers

摘要

Described herein are systems, methods, and software to enhance the management of encryption addressing across multiple virtual computing sites. In one implementation, a first edge gateway at a first computing site may obtain, via border gateway protocol (BGP), one or more internet protocol (IP) address prefixes from a second edge gateway of a second computing site. The first edge gateway may further update an access control list (ACL) at the first edge gateway based on the one or more prefixes, wherein the ACL provides permissions in IPSec communications between a plurality of virtual nodes at the first computing site and a plurality of virtual nodes at the second site. Once the ACL is updated, the first edge gateway may forward communications based on the ACL using IPSec protocol.