diff --git a/pages/features/custom-network-configuration.mdx b/pages/features/custom-network-configuration.mdx index 4fe43ec..debee68 100644 --- a/pages/features/custom-network-configuration.mdx +++ b/pages/features/custom-network-configuration.mdx @@ -94,13 +94,13 @@ This lets you reference one instance's interface from another. When enabled, the guest configures the interface for you. Disable it to leave the interface untouched, so your app or image can set up networking on its own. -### Relay +### Network Shield and Relay -The relay feature lets you redirect all network traffic from and to a network interface to another network interface. -In practice, this means you can set up a gateway or proxy VM and configure its network interface as the relay for another VM's network interface. - -This is useful in sandbox environments - as a gateway or proxy can inspect, filter, and inject data into the sandbox's traffic. -In this setup, the sandbox doesn't need unfiltered network access or access to secrets. +The network shield feature provides the ability to transparently insert a “shield” between a microVM and the public Internet. +The shield provides filtering capabilities but also the possibility to inject credentials/secrets for agentic or other use cases. +This is useful in sandbox environments - as it means the sandbox will not need unfiltered network access or access to secrets. +The shield relies on a relay feature that redirects all network traffic to and from a network interface toward another network interface. +This allows for setting up a gateway/proxy VM and configure its interface as the relay for another VM's interface. To use a relay, reference another interface by name inside a `relay` object: