In this network topology, two clusters have their own instance of ASM control plane and are set up in different VPC networks. Services in a mesh cannot communicate directly across clusters but have to make use of gateway to route the east-west traffic. To implement this model, you have to again set up trust between clusters, as discussed in the previous section, to enable endpoints discovery across clusters. You then have to setup an ingress gateway that will allow east-west traffic in both the clusters.
The gateway endpoint will be accessible over public internet but will expose only services with *.local domain. This will ensure services endpoints from both the clusters will be able to communicate via this gateway thereby enabling east-west traffic. The gateway will also ensure that only mTLS enabled services are able to communicate with each other thereby making sure that services are indeed part of the recognized clusters.