Gateway tasks and overview (#8195)

Co-authored-by: Blake Covarrubias <blake@covarrubi.as>

website/data/docs-navigation.js

@@ -148,18 +148,19 @@ export default [
     category: 'connect',
     content: [
       'configuration',
+      'connectivity-tasks',
+      'connect-internals',
       'observability',
       'l7-traffic-management',
       'intentions',
-      'connect-internals',
       {
         category: 'proxies',
         content: ['envoy', 'built-in', 'integrate'],
       },
-      'mesh-gateway',
-      'wan-federation-via-mesh-gateways',
-      'ingress-gateway',
-      'terminating-gateway',
+      {
+        category: 'gateways',
+        content: [ 'mesh-gateway', 'wan-federation-via-mesh-gateways', 'ingress-gateway', 'terminating-gateway'],
+      },
       {
         category: 'registration',
         content: ['service-registration', 'sidecar-service'],

website/pages/docs/connect/connectivity-tasks.mdx

@@ -0,0 +1,68 @@
+---
+layout: docs
+page_title: Connectivity Tasks
+sidebar_title: Connectivity Tasks
+description: >-
+  Tasks related to connectivity into, out of, and between Consul service meshes.
+---
+
+# Connectivity Tasks
+
+~> **Note**: The features shown below are extensions of Consul’s service mesh capabilities. If you are not utilizing
+Consul service mesh then these features will not be relevant to your task.
+
+## Service-to-service traffic between Consul datacenters
+-> **1.6.0+:** This feature is available in Consul versions 1.6.0 and newer.
+
+Mesh gateways enable routing of service mesh traffic between different Consul datacenters. Those datacenters can reside
+in different clouds or runtime environments where general interconnectivity between all services in all datacenters
+isn't feasible. One scenario where this is useful is when connecting networks with overlapping IP address space.
+
+These gateways operate by sniffing the SNI header out of the mTLS connection and then routing the connection to the
+appropriate destination based on the server name requested. The data within the mTLS session is not decrypted by
+the Gateway.
+
+As of Consul 1.8.0, mesh gateways can also forward gossip and RPC traffic between Consul servers. 
+This is enabled by [WAN federation via mesh gateways](/docs/connect/gateways/wan-federation-via-mesh-gateways).
+
+For more information about mesh gateways see the [complete documentation](/docs/connect/gateways/mesh-gateway)
+and the [mesh gateway guide](https://learn.hashicorp.com/consul/developer-mesh/connect-gateways).
+
+![Mesh Gateway Architecture](/img/mesh-gateways.png)
+
+## Traffic from outside the Consul service mesh to services in the mesh
+-> **1.8.0+:** This feature is available in Consul versions 1.8.0 and newer.
+
+Ingress gateways are an entrypoint for outside traffic. They enable potentially unauthenticated ingress traffic from
+services outside the Consul service mesh to services inside the service mesh. 
+
+These gateways allow you to define what services should be exposed, on what port, and by what hostname. You configure
+an ingress gateway by defining a set of listeners that can map to different sets of backing services.
+
+Ingress gateways are tightly integrated with Consul’s L7 configuration and enable dynamic routing of HTTP requests by
+attributes like the request path.
+
+For more information about ingress gateways see the [complete documentation](/docs/connect/gateways/ingress-gateway)
+and the [ingress gateway guide](https://learn.hashicorp.com/consul/developer-mesh/ingress-gateways).
+
+![Ingress Gateway Architecture](/img/ingress-gateways.png)
+
+## Traffic from services in the Consul service mesh to external services
+-> **1.8.0+:** This feature is available in Consul versions 1.8.0 and newer.
+
+Terminating gateways enable connectivity from services in the Consul service mesh to services outside the mesh.
+Services outside the mesh do not have sidecar proxies or are not [integrated natively](/docs/connect/native).
+These may be services running on legacy infrastructure or managed cloud services running on
+infrastructure you do not control.
+
+Terminating gateways effectively act as egress proxies that can represent one or more services. They terminate Connect
+mTLS connections, enforce Consul intentions, and forward requests to the appropriate destination.
+
+These gateways also simplify authorization from dynamic service addresses. Consul’s intentions determine whether
+connections through the gateway are authorized. Then traditional tools like firewalls or IAM roles can authorize the
+connections from the known gateway nodes to the destination services.
+
+For more information about terminating gateways see the [complete documentation](/docs/connect/gateways/terminating-gateway)
+and the [terminating gateway guide](https://learn.hashicorp.com/consul/developer-mesh/terminating-gateways).
+
+![Terminating Gateway Architecture](/img/terminating-gateways.png)

website/pages/docs/connect/gateways/index.mdx

@@ -0,0 +1,71 @@
+---
+layout: docs
+page_title: Gateways
+sidebar_title: Gateways
+description: >-
+  Gateways provide connectivity into, out of, and between Consul service meshes.
+---
+
+# Gateways
+
+Gateways provide connectivity into, out of, and between Consul service meshes.
+
+* Enable service-to-service traffic between Consul datacenters with [mesh gateways](#mesh-gateways).
+* Accept traffic from outside the Consul service mesh to services in the mesh with [ingress gateways](#ingress-gateways).
+* Route traffic from services in the Consul service mesh to external services with [terminating gateways](#terminating-gateways).
+
+## Mesh Gateways
+-> **1.6.0+:** This feature is available in Consul versions 1.6.0 and newer.
+
+Mesh gateways enable routing of service mesh traffic between different Consul datacenters. Those datacenters can reside
+in different clouds or runtime environments where general interconnectivity between all services in all datacenters
+isn't feasible. One scenario where this is useful is when connecting networks with overlapping IP address space.
+
+These gateways operate by sniffing the SNI header out of the mTLS connection and then routing the connection to the
+appropriate destination based on the server name requested. The data within the mTLS session is not decrypted by
+the Gateway.
+
+As of Consul 1.8.0, mesh gateways can also forward gossip and RPC traffic between Consul servers. 
+This is enabled by [WAN federation via mesh gateways](/docs/connect/gateways/wan-federation-via-mesh-gateways).
+
+For more information about mesh gateways see the [complete documentation](/docs/connect/gateways/mesh-gateway)
+and the [mesh gateway guide](https://learn.hashicorp.com/consul/developer-mesh/connect-gateways).
+
+![Mesh Gateway Architecture](/img/mesh-gateways.png)
+
+## Ingress Gateways
+-> **1.8.0+:** This feature is available in Consul versions 1.8.0 and newer.
+
+Ingress gateways are an entrypoint for outside traffic. They enable potentially unauthenticated ingress traffic from
+services outside the Consul service mesh to services inside the service mesh. 
+
+These gateways allow you to define what services should be exposed, on what port, and by what hostname. You configure
+an ingress gateway by defining a set of listeners that can map to different sets of backing services.
+
+Ingress gateways are tightly integrated with Consul’s L7 configuration and enable dynamic routing of HTTP requests by
+attributes like the request path.
+
+For more information about ingress gateways see the [complete documentation](/docs/connect/gateways/ingress-gateway)
+and the [ingress gateway guide](https://learn.hashicorp.com/consul/developer-mesh/ingress-gateways).
+
+![Ingress Gateway Architecture](/img/ingress-gateways.png)
+
+## Terminating Gateways
+-> **1.8.0+:** This feature is available in Consul versions 1.8.0 and newer.
+
+Terminating gateways enable connectivity from services in the Consul service mesh to services outside the mesh.
+Services outside the mesh do not have sidecar proxies or are not [integrated natively](/docs/connect/native).
+These may be services running on legacy infrastructure or managed cloud services running on
+infrastructure you do not control.
+
+Terminating gateways effectively act as egress proxies that can represent one or more services. They terminate Connect
+mTLS connections, enforce Consul intentions, and forward requests to the appropriate destination.
+
+These gateways also simplify authorization from dynamic service addresses. Consul’s intentions determine whether
+connections through the gateway are authorized. Then traditional tools like firewalls or IAM roles can authorize the
+connections from the known gateway nodes to the destination services.
+
+For more information about terminating gateways see the [complete documentation](/docs/connect/gateways/terminating-gateway)
+and the [terminating gateway guide](https://learn.hashicorp.com/consul/developer-mesh/terminating-gateways).
+
+![Terminating Gateway Architecture](/img/terminating-gateways.png)

website/pages/docs/connect/gateways/mesh-gateway.mdx

@@ -16,7 +16,7 @@ Mesh gateways enable routing of Connect traffic between different Consul datacen
 can reside in different clouds or runtime environments where general interconnectivity between all services
 in all datacenters isn't feasible. These gateways operate by sniffing the SNI header out of the Connect session
 and then route the connection to the appropriate destination based on the server name requested. The data
-within the Connect session is not decrypted by the Gateway.
+within the mTLS session is not decrypted by the Gateway.
 
 ![Mesh Gateway Architecture](/img/mesh-gateways.png)
 

website/pages/docs/connect/gateways/terminating-gateway.mdx

@@ -12,7 +12,7 @@ description: >-
 
 -> **1.8.0+:** This feature is available in Consul versions 1.8.0 and newer.
 
-Terminating gateways enable connections from services in the Consul service mesh to
+Terminating gateways enable connectivity from services in the Consul service mesh to
 services outside the mesh. These gateways effectively act as Connect proxies that can
 represent more than one service. They terminate Connect mTLS connections, enforce intentions,
 and forward requests to the appropriate destination.