• Set up Gloo Mesh
      • Deploy sample apps
      • Set up routing for sample apps
      • Apply a policy and explore the UI
      • Tutorial: Federate clusters and isolate workloads for multitenancy
      • Set up Gloo Mesh
      • Deploy sample apps
      • Apply a policy and explore the UI
      • Overview and benefits
        • Component architecture
        • Networking architecture
        • Relay architecture
      • API concepts
        • Apply policies
        • Import and export policies
        • Supported policies in Gloo Mesh Enterprise
      • Personas
      • What is a service mesh?
      • What is Istio?
      • Install the meshctl CLI
      • Licensing
      • System requirements
      • Installation options
      • Install with Helm
      • Install with Argo CD
      • Install in air-gapped environments
      • Verify Helm charts
      • Best practices for production
        • About backing databases
        • External auth server
        • Gloo UI
        • Management server
        • Portal server
        • Rate limiter
          • Istio CA overview
            • Setup options
            • Certificate rotation overview
            • Manage the entire Istio CA lifecycle
            • Manage Istio intermediate CAs
            • Integrate with Vault
            • AWS
          • Setup options
          • Certificate rotation overview
          • Insecure setup
            • Self-signed server certificate
            • BYO server certificate
            • Self-signed server certificate with managed client certificates
            • BYO server certificate with managed client certificate
              • OpenSSL
              • AWS
              • Vault
      • Control user access to Gloo resources
        • About onboarding external workloads
        • AWS instances
        • Azure instances
        • GCP instances
        • On-prem instances
      • FIPS images
      • High availability and disaster recovery
        • Set up multitenancy with workspaces
          • Overview
          • Workspace configuration
          • Import and export resources across workspaces
          • Workspaces as service discovery boundaries
          • Persona-driven workspace setup
    • Upgrade
    • Uninstall
    • Service mesh options
      • Overview
      • Supported Solo distributions of Istio
      • Deploy Gloo-managed service meshes
      • Upgrade Gloo-managed service meshes
      • Take over existing Istio installations
    • Install Istio with EKS add-on
    • Install Istio with AKS Extension
      • Best practices for Istio in prod
      • Manually deploy Istio
      • Upgrade Istio
      • Switch from unmanaged to managed Istio installations
      • Routing overview
      • Intra-mesh routing
      • Multicluster routing
      • Routing to external services
      • Federated services
        • Route table delegation
        • Route label inheritance
        • Route matcher inheritance
        • Route policy attachment
        • Route table failure modes
      • URI path matching
      • Header matching
      • Query parameter matching
      • HTTP method matching
      • Route within or across clusters
        • Route to an external service directly
        • Create internal DNS entries for external endpoints
        • Block egress traffic with an egress gateway
      • Additional route settings
    • Direct response
    • Redirects and rewrites
    • Route delegation
    • Header manipulation
    • Load balancing and consistent hashing
    • Mirroring
    • Transformation
      • Security overview
      • Gloo components
      • Service mesh traffic
      • User access
      • Applications
      • Underlying infrastructure
    • Access policy
    • CORS
      • About
      • External auth server setup
      • Basic external auth policy
      • API keys
      • LDAP
        • About
        • OPA with Rego rules in config maps
        • OPA server as a sidecar
        • Bring your own OPA server
        • API key and OPA
      • About
      • Basic JWT example
      • JWT for mesh routes
      • Multiple JWT providers
      • JWT claim- and scope-based auth
      • About
      • Rate limit server setup
      • Basic rate limit policy
      • More rate limit policy examples
    • Adaptive request concurrency
    • Connection pool settings for HTTP
    • Failover
    • Fault injection
    • Outlier detection
    • Retry and timeout
    • TCP connection
      • About
      • Trim proxy config policy
      • Trim proxy in workspace settings
    • About the telemetry pipeline
      • Overview
        • Overview
        • Explore the UI
        • Configure the UI for HTTPS
        • Connect the Gloo UI to OpenShift Prometheus
          • Overview
          • External auth with Google
          • External auth with Dex
          • External auth with Okta
          • OIDC settings in Helm
          • RBAC for resources in the UI
        • Overview
        • Sample PromQL queries
        • Metrics
        • Alerts
        • Customization options
        • Overview
        • Set up and access Grafana
        • Import the operations dashboard
        • Import the OPA dashboard
      • Jaeger
      • Istio access logs
      • Add Istio request traces
      • Collect compute instance metadata
      • Forward metrics to Datadog
      • Forward metrics to OpenShift
      • Gloo Mesh Enterprise versions
      • Open Source attribution
      • Feature gates
      • Release notes
      • Gloo Mesh Enterprise changelog
      • Solo distribution of Istio changelog
      • Overview
      • AccessLogPolicy
      • AccessPolicy
      • ActiveHealthCheckPolicy
      • AdaptiveRequestConcurrencyPolicy
      • ApiDoc
      • ApiSchemaDiscovery
      • ApprovalState
      • AuthConfig
      • CaOptions
      • Clientmode
      • ClientTlsPolicy
      • CloudProvider
      • CloudProviderOptions
      • CloudResources
      • ConnectionPolicy
      • Core
      • CorsPolicy
      • CsrfPolicy
      • Cue
      • Dashboard
      • DlpPolicy
      • EnforcementLayers
      • ExtAuthPolicy
      • ExtAuthServer
      • ExternalEndpoint
      • ExternalService
      • ExternalWorkload
      • FailoverPolicy
      • FaultInjectionPolicy
      • GatewayLifecycleManager
      • HeaderManipulation
      • HttpBufferPolicy
      • HttpMatchers
      • InsightsConfig
      • InternalAdmin
      • IstioLifecycleManager
      • IstioOperator
      • JwtPolicy
      • K8SReports
      • Keepalive
      • KubernetesCluster
      • ListenerConnectionPolicy
      • LoadBalancerPolicy
      • Locality
      • MirrorPolicy
      • OutlierDetectionPolicy
      • Phase
      • Port
      • Portal
      • PortalGroup
      • ProxyProtocolPolicy
      • Ratelimit
      • RatelimitClientConfig
      • RatelimitPolicy
      • RatelimitServerConfig
      • RatelimitServerSettings
      • Ref
      • References
      • RetryTimeoutPolicy
      • RootTrustPolicy
      • RouteTable
      • Selectors
      • SoloKit
      • Status
      • StringMatch
      • TcpMatchers
      • TlsMatchers
      • TransformationPolicy
      • TrimProxyConfigPolicy
      • VaultCa
      • VirtualDestination
      • VirtualGateway
      • WafPolicy
      • Workspace
      • WorkspaceSettings
      • Helm chart overview
      • Gloo Platform
      • Gloo Platform CRDs
      • meshctl
      • meshctl check
      • meshctl check server
      • meshctl cluster
      • meshctl cluster deregister
      • meshctl cluster list
      • meshctl cluster register
      • meshctl dashboard
      • meshctl debug
      • meshctl debug report
      • meshctl experimental
      • meshctl experimental dump-reports
      • meshctl experimental switch-active
      • meshctl external-workload
      • meshctl external-workload bug-report
      • meshctl external-workload generate-token
      • meshctl external-workload install
      • meshctl external-workload onboard
      • meshctl external-workload uninstall
      • meshctl install
      • meshctl license
      • meshctl license check
      • meshctl logs
      • meshctl migrate
      • meshctl migrate helm
      • meshctl migrate helm-values
      • meshctl precheck
      • meshctl proxy
      • meshctl uninstall
      • meshctl version
      • CVE lifecycle handling
      • Security and CVE scan results
    • Gloo Mesh scalability
    • Gloo component permissions
    • General debugging
      • Management server and relay connection
      • Add-ons
      • Agent
      • Custom resources
      • Observability pipeline
      • Policies
      • Redis
      • Routes
      • UI graph
      • ELB health checks in AWS fail
      • Istio gateway installation times out
      • Istio
      • Istio and gateway lifecycle manager
      • Knative
      • Bookinfo apps pending
      • Ephemeral containers
    • About Solo Support
    • Submit a request
    • Add support information
  • open_in_new Gloo Mesh Gateway
    • main
    • 2.8 (latest)
    • 2.7
    • 2.6
    • 2.5
    • GitHub
    • Twitter / X
  • to navigate
  • to select
  • to close
    • Home
    • Traffic management
    • Request forwarding
    • Route to external services
    On this page

    These docs use Gloo Mesh Enterprise APIs to manage your sidecar service mesh. To manage your service mesh with the Kubernetes Gateway API instead, see the Gloo Mesh docs.

    Route to external services

    Learn how to set up routing to services that are hosted outside the service mesh or outside the cluster.

    article

    Route to an external service directly

    Allow services in the mesh to send traffic to an external IP address, CIDR, or hostname directly.

    article

    Create internal DNS entries for external endpoints

    Create internal DNS entries that services in the mesh use to reach an external endpoint.

    article

    Block egress traffic with an egress gateway

    Use an egress gateway to allow egress traffic to external endpoints for only certain services in the …

    Solo.io copyright 2025