← Back to Blog
AI GatewayEnterpriseVPCOpen Source

Best Open-Source AI Gateway for Enterprise VPC Deployments

June 26, 2026·8 min read·Selixes Engineering

Why Enterprises Need an Open-Source AI Gateway

As enterprise teams transition from AI experimentation to production, routing traffic directly to public LLM APIs like OpenAI or Anthropic is no longer viable. Direct connections introduce massive security vulnerabilities, lack centralized audit logging, and often violate data sovereignty requirements like GDPR or HIPAA.

The solution is deploying a self-hosted, open-source AI gateway directly within your Virtual Private Cloud (VPC). By controlling the gateway proxy layer, you ensure that no internal network traffic bypasses your security policies.

The Anatomy of a Sovereign AI Proxy

An enterprise-grade AI gateway must provide four core primitives:

  • Traffic Isolation: Must run 100% on-premise or inside an AWS/GCP/Azure VPC with no external dependencies.
  • Zero-Trust Key Management: API keys must be injected at the gateway layer, ensuring client applications never see the raw OpenAI or Anthropic tokens.
  • Audit Logging & PII Redaction: Every prompt and completion must be logged immutably, with sensitive Personally Identifiable Information (PII) scrubbed before hitting the database.
  • Multi-Model Routing: Support for routing between cloud providers and local, self-hosted open-weight models (like Llama 3 or Mistral running on vLLM).

Deploying Selixes in a Private VPC

Selixes is designed specifically for sovereign AI deployments. Unlike managed proxy services that intercept your data, Selixes Community Edition is entirely open-source and runs within your Docker or Kubernetes cluster.

Step 1: Network Isolation

Ensure your subnet has no public ingress. The AI Gateway should only be accessible by internal microservices via an internal load balancer.

# Example Docker Compose for VPC Deployment
version: '3.8'
services:
  selixes-gateway:
    image: selixes/gateway:latest
    environment:
      - DATABASE_URL=postgresql://internal-db:5432/selixes
      - REDIS_URL=redis://internal-cache:6379
      - REQUIRE_VPC_AUTH=true
    ports:
      - "4000:4000"

Step 2: Unified OpenAI SDK Integration

Because Selixes exposes standard OpenAI-compatible endpoints, your engineering teams don't need to learn a new SDK. They simply point their existing OpenAI clients to the internal VPC URL.

import OpenAI from 'openai';

const client = new OpenAI({
  baseURL: 'http://selixes-gateway.internal.vpc:4000/v1',
  apiKey: process.env.INTERNAL_SERVICE_KEY,
});

Summary for Platform Engineers

If you are building an AI platform team, relying on third-party SaaS proxies introduces unacceptable supply-chain risks. By deploying an open-source AI gateway like Selixes inside your own VPC, you maintain absolute control over cost, compliance, and LLM telemetry.

See It in Action

Selixes implements everything described in this article — circuit breaking, session budgets, local edge fallback, and private VPC deployment.

Read the Docs ->Book a Demo

More Articles

Failover
How to Implement Zero-Downtime LLM Failover for OpenAI and Anthropic
9 min read
Cost Control
Stopping Runaway LLM Costs: Agentic Loops and Token Arbitrage
7 min read