diff --git a/.github/workflows/link-checker.yaml b/.github/workflows/link-checker.yaml
index c55e7933e7a3..feb88d1a2d43 100644
--- a/.github/workflows/link-checker.yaml
+++ b/.github/workflows/link-checker.yaml
@@ -21,4 +21,4 @@ jobs:
         uses: actions/checkout@v2
       - name: Check external links using lychee
         run: |
-          lychee -v '**/*.md' --exclude-mail --exclude '.*?ref=.*'
+          lychee -v '**/*.md' --exclude-mail --exclude-path examples/interdomain/nsm_consul_vl3/README.md --exclude '.*?ref=.*'
diff --git a/examples/interdomain/README.md b/examples/interdomain/README.md
index 8ce24bf8ddcc..a5004472d200 100644
--- a/examples/interdomain/README.md
+++ b/examples/interdomain/README.md
@@ -15,4 +15,5 @@ This setup is basic for interdomain examples on two clusters. This setup can be
 ## Includes
 
 - [NSM + Consul](./nsm_consul)
+- [NSM + Consul](./nsm_consul_vl3)
 - [NSM + Istio](./nsm_istio)
diff --git a/examples/interdomain/nsm_consul_vl3/README.md b/examples/interdomain/nsm_consul_vl3/README.md
new file mode 100644
index 000000000000..995d73016561
--- /dev/null
+++ b/examples/interdomain/nsm_consul_vl3/README.md
@@ -0,0 +1,470 @@
+# NSM + Consul + vl3 interdomain example over kind clusters
+
+This example shows how Consul can be used over NSM with vl3. 
+
+
+## Requires
+
+- [Load balancer](../loadbalancer)
+- [Interdomain DNS](../dns)
+- [Interdomain spire](../spire)
+- [Interdomain nsm](../nsm)
+
+
+## Run
+
+References:
+https://learn.hashicorp.com/tutorials/consul/deployment-guide?in=consul/production-deploy
+https://learn.hashicorp.com/tutorials/consul/tls-encryption-secure
+https://learn.hashicorp.com/tutorials/consul/service-mesh-with-envoy-proxy?in=consul/developer-mesh
+
+
+Start vl3, install Consul control plane and counting service on the first cluster
+```bash
+kubectl --kubeconfig=$KUBECONFIG1 create ns ns-nsm-consul-vl3
+kubectl --kubeconfig=$KUBECONFIG1 apply -k ./examples/interdomain/nsm_consul_vl3/cluster1
+```
+Install Consul dashboard service on the second cluster
+```bash
+kubectl --kubeconfig=$KUBECONFIG2 create ns ns-nsm-consul-vl3
+kubectl --kubeconfig=$KUBECONFIG2 apply -k ./examples/interdomain/nsm_consul_vl3/cluster2
+```
+
+Wait for pods to be ready:
+```bash
+kubectl --kubeconfig=$KUBECONFIG1 wait --for=condition=ready --timeout=5m pod -l app=nse-vl3-vpp -n ns-nsm-consul-vl3
+kubectl --kubeconfig=$KUBECONFIG1 wait --for=condition=ready --timeout=5m pod -l app=vl3-ipam -n ns-nsm-consul-vl3
+kubectl --kubeconfig=$KUBECONFIG1 wait --for=condition=ready --timeout=5m pod -l name=control-plane -n ns-nsm-consul-vl3
+kubectl --kubeconfig=$KUBECONFIG1 wait --for=condition=ready --timeout=5m pod counting -n ns-nsm-consul-vl3
+kubectl --kubeconfig=$KUBECONFIG2 wait --for=condition=ready --timeout=5m pod dashboard -n ns-nsm-consul-vl3
+```
+
+```bash
+export CP=$(kubectl --kubeconfig=$KUBECONFIG1 get pods -n ns-nsm-consul-vl3 -l name=control-plane --template '{{range .items}}{{.metadata.name}}{{"\n"}}{{end}}')
+```
+
+(On the control plane pod) Generate the gossip encryption key:
+```bash
+ENCRYPTION_KEY=$(kubectl --kubeconfig=$KUBECONFIG1 -n ns-nsm-consul-vl3 exec -it ${CP} -c ubuntu -- consul keygen)
+```
+
+(On the control plane pod) Get CP vl3 IP
+```bash
+CP_IP_VL3_ADDRESS=$(kubectl --kubeconfig=$KUBECONFIG1 -n ns-nsm-consul-vl3 exec -it ${CP} -c ubuntu -- ifconfig nsm-1 | grep -Eo 'inet addr:[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}'| cut -c 11-)
+```
+
+(On the control plane pod) Initialize Consul CA
+```bash
+kubectl --kubeconfig=$KUBECONFIG1 -n ns-nsm-consul-vl3 exec -it ${CP} -c ubuntu -- consul tls ca create
+```
+
+(On the control plane pod) Create the server certificates
+```bash
+kubectl --kubeconfig=$KUBECONFIG1 -n ns-nsm-consul-vl3 exec -it ${CP} -c ubuntu -- consul tls cert create -server -dc dc1
+```
+
+Update control plane configuration. Use here the saved encryption key and CP vl3 IP address
+```bash
+cat > consul.hcl <<EOF
+data_dir = "/opt/consul"
+datacenter = "dc1"
+encrypt = "${ENCRYPTION_KEY}"
+tls {
+  defaults {
+    ca_file = "consul-agent-ca.pem"
+    cert_file = "dc1-server-consul-0.pem"
+    key_file = "dc1-server-consul-0-key.pem"
+    verify_incoming = true
+    verify_outgoing = true
+  }
+  internal_rpc {
+    verify_server_hostname = true
+  }
+}
+auto_encrypt {
+  allow_tls = true
+}
+acl {
+  enabled = true
+  default_policy = "allow"
+  enable_token_persistence = true
+}
+EOF
+```
+
+```bash
+cat > server.hcl <<EOF
+server = true
+bootstrap_expect = 1
+bind_addr = "${CP_IP_VL3_ADDRESS}"
+connect {
+  enabled = true
+}
+
+addresses {
+  grpc = "127.0.0.1"
+}
+ports {
+  grpc  = 8502
+}
+ui_config {
+  enabled = true
+}
+EOF
+```
+
+Copy configs into the Control plane Ubuntu container
+```bash
+kubectl --kubeconfig=$KUBECONFIG1 cp consul.hcl ns-nsm-consul-vl3/${CP}:/consul/config/
+kubectl --kubeconfig=$KUBECONFIG1 cp server.hcl ns-nsm-consul-vl3/${CP}:/consul/config/
+```
+
+(On the control plane pod) Validate the configuration 
+```bash
+kubectl --kubeconfig=$KUBECONFIG1 -n ns-nsm-consul-vl3 exec -it ${CP} -c ubuntu -- consul validate /consul/config/
+```
+
+(On the control plane pod) Start Consul CP
+```bash
+kubectl --kubeconfig=$KUBECONFIG1 -n ns-nsm-consul-vl3 exec ${CP} -c ubuntu -- /bin/sh -c 'consul agent -config-dir=/consul/config/  1>/dev/null 2>&1 &'
+```
+
+Check that Consul Server has started:
+```bash
+kubectl --kubeconfig=$KUBECONFIG1 -n ns-nsm-consul-vl3 exec ${CP} -c ubuntu -- consul members
+```
+
+Port-forward Consul UI
+```bash
+kubectl --kubeconfig=$KUBECONFIG2 -n ns-nsm-consul-vl3 port-forward $CP 8500:8500 &
+```
+(On the counting pod) Set the counting  and control plane pods vl3 IP
+```bash
+COUNTING_IP_VL3_ADDRESS=$(kubectl --kubeconfig=$KUBECONFIG1 -n ns-nsm-consul-vl3 exec -it counting -c ubuntu -- ifconfig nsm-1 | grep -Eo 'inet [0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}'| cut -c 6-)
+```
+Copy certificates from the Control plane into Counting Pod
+```bash
+kubectl --kubeconfig=$KUBECONFIG1 cp  ns-nsm-consul-vl3/${CP}:consul-agent-ca.pem consul-agent-ca.pem
+kubectl --kubeconfig=$KUBECONFIG1 cp  ns-nsm-consul-vl3/${CP}:consul-agent-ca-key.pem consul-agent-ca-key.pem
+
+kubectl --kubeconfig=$KUBECONFIG1 cp consul-agent-ca.pem ns-nsm-consul-vl3/counting:/etc/consul.d
+kubectl --kubeconfig=$KUBECONFIG1 cp consul-agent-ca-key.pem ns-nsm-consul-vl3/counting:/etc/consul.d
+```
+
+Update countign configuration. Use here the saved encryption key and the Counting service pod vl3 IP address
+```bash
+cat > consul-counting.hcl <<EOF
+data_dir = "/opt/consul"
+encrypt = "${ENCRYPTION_KEY}"
+tls {
+  defaults {
+    ca_file = "/etc/consul.d/consul-agent-ca.pem"
+    verify_incoming = false
+    verify_outgoing = true
+  }
+  internal_rpc {
+    verify_server_hostname = true
+  }
+}
+auto_encrypt {
+  tls = true
+}
+acl {
+  enabled = true
+  default_policy = "allow"
+  enable_token_persistence = true
+}
+bind_addr = "${COUNTING_IP_VL3_ADDRESS}"
+connect {
+  enabled = true
+}
+addresses {
+  grpc = "127.0.0.1"
+}
+ports {
+  grpc  = 8502
+}
+EOF
+```
+Copy configs into the Counting pod:
+```bash
+kubectl --kubeconfig=$KUBECONFIG1 cp consul-counting.hcl ns-nsm-consul-vl3/counting:/etc/consul.d/
+```
+
+(On the counting pod) Validate the configuration 
+```bash
+kubectl --kubeconfig=$KUBECONFIG1 -n ns-nsm-consul-vl3 exec -it counting -c ubuntu -- sudo consul validate /etc/consul.d/
+```
+
+Create script to run Consul as daemon:
+```bash
+cat > consul.service <<EOF
+[Unit]
+Description=Consul
+Documentation=https://www.consul.io/
+
+[Service]
+ExecStart=/usr/bin/consul agent -join ${CP_IP_VL3_ADDRESS} -config-dir=/etc/consul.d/ 
+ExecReload=/bin/kill -HUP $MAINPID
+LimitNOFILE=65536
+
+[Install]
+WantedBy=multi-user.target
+EOF
+```
+
+Copy script into Counting Pod:
+```bash
+kubectl --kubeconfig=$KUBECONFIG1 cp consul.service ns-nsm-consul-vl3/counting:/etc/systemd/system/consul.service
+```
+
+(On the counting pod) Start Consul agent
+```bash
+kubectl --kubeconfig=$KUBECONFIG1 -n ns-nsm-consul-vl3 exec -it counting -c ubuntu -- sudo systemctl daemon-reload
+```
+```bash
+kubectl --kubeconfig=$KUBECONFIG1 -n ns-nsm-consul-vl3 exec -it counting -c ubuntu -- sudo systemctl start consul.service 
+```
+```bash
+kubectl --kubeconfig=$KUBECONFIG1 -n ns-nsm-consul-vl3 exec -it counting -c ubuntu -- sudo systemctl enable consul.service 
+```
+
+Check that Consul Counting client has started:
+```bash
+kubectl --kubeconfig=$KUBECONFIG1 -n ns-nsm-consul-vl3 exec counting -c ubuntu -- consul members
+```
+
+Create the counting service definition
+```bash
+cat > counting.hcl <<EOF
+service {
+  name = "counting"
+  id = "counting-1"
+  port = 9001
+
+  connect {
+    sidecar_service {}
+  }
+
+  check {
+    id       = "counting-check"
+    http     = "http://localhost:9001/health"
+    method   = "GET"
+    interval = "1s"
+    timeout  = "1s"
+  }
+}
+EOF
+```
+
+Copy into Counting Pod:
+```bash
+kubectl --kubeconfig=$KUBECONFIG1 -n ns-nsm-consul-vl3 exec -it counting -c ubuntu -- mkdir service
+kubectl --kubeconfig=$KUBECONFIG1 cp counting.hcl ns-nsm-consul-vl3/counting:/service
+```
+
+(On the counting pod) Register the service with Consul
+```bash
+kubectl --kubeconfig=$KUBECONFIG1 -n ns-nsm-consul-vl3 exec -it counting -c ubuntu -- consul services register /service/counting.hcl 
+```
+You should see `Registered service: counting'
+
+Create script to run envoy service in a background:
+```bash
+cat > consul-envoy.service <<EOF
+[Unit]
+Description=Consul
+Documentation=https://www.consul.io/
+
+[Service]
+ExecStart=/usr/bin/consul connect envoy -sidecar-for counting-1 -admin-bind localhost:19001 
+ExecReload=/bin/kill -HUP $MAINPID
+LimitNOFILE=65536
+
+[Install]
+WantedBy=multi-user.target
+EOF
+```
+```bash
+kubectl --kubeconfig=$KUBECONFIG1 cp consul-envoy.service ns-nsm-consul-vl3/counting:/etc/systemd/system/consul-envoy.service
+```
+```bash
+kubectl --kubeconfig=$KUBECONFIG1 -n ns-nsm-consul-vl3 exec -it counting -c ubuntu -- sudo systemctl daemon-reload 
+kubectl --kubeconfig=$KUBECONFIG1 -n ns-nsm-consul-vl3 exec -it counting -c ubuntu -- sudo systemctl start consul-envoy.service 
+kubectl --kubeconfig=$KUBECONFIG1 -n ns-nsm-consul-vl3 exec -it counting -c ubuntu -- sudo systemctl enable consul-envoy.service 
+```
+
+(On the dashboard pod) Set the pod vl3 IP
+```bash
+DASHBOARD_IP_VL3_ADDRESS=$(kubectl --kubeconfig=$KUBECONFIG2 -n ns-nsm-consul-vl3 exec -it dashboard -c ubuntu -- ifconfig nsm-1 | grep -Eo 'inet [0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}'| cut -c 6-)
+```
+
+(On the dashboard pod) Copy certificates from the Control plane into Dashboard Pod
+```bash
+kubectl --kubeconfig=$KUBECONFIG2 cp consul-agent-ca.pem ns-nsm-consul-vl3/dashboard:/etc/consul.d
+kubectl --kubeconfig=$KUBECONFIG2 cp consul-agent-ca-key.pem ns-nsm-consul-vl3/dashboard:/etc/consul.d
+```
+(On the dashboard pod) Update dashboard configuration. Use here the saved encryption key and the Dashboard service pod vl3 IP address
+```bash
+cat > consul-dashboard.hcl <<EOF
+encrypt = "${ENCRYPTION_KEY}"
+data_dir = "/opt/consul"
+tls {
+  defaults {
+    ca_file = "/etc/consul.d/consul-agent-ca.pem"
+    verify_incoming = false
+    verify_outgoing = true
+  }
+  internal_rpc {
+    verify_server_hostname = true
+  }
+}
+datacenter = "dc1"
+auto_encrypt {
+  tls = true
+}
+acl {
+  enabled = true
+  default_policy = "allow"
+  enable_token_persistence = true
+}
+bind_addr = "${DASHBOARD_IP_VL3_ADDRESS}"
+connect {
+  enabled = true
+}
+addresses {
+  grpc = "127.0.0.1"
+}
+ports {
+  grpc  = 8502
+}
+EOF
+```
+
+Copy config into the Counting pod Ubuntu container
+```bash
+kubectl --kubeconfig=$KUBECONFIG2 cp consul-dashboard.hcl ns-nsm-consul-vl3/dashboard:/etc/consul.d/
+```
+
+(On the dashboard pod) Validate the configuration 
+```bash
+kubectl --kubeconfig=$KUBECONFIG2 -n ns-nsm-consul-vl3 exec -it dashboard -c ubuntu -- sudo consul validate /etc/consul.d/
+```
+
+Create script to run Consul dashboard client in background: 
+```bash
+cat > consul.service <<EOF
+[Unit]
+Description=Consul
+Documentation=https://www.consul.io/
+
+[Service]
+ExecStart=/usr/bin/consul agent -join ${CP_IP_VL3_ADDRESS} -config-dir=/etc/consul.d/
+ExecReload=/bin/kill -HUP $MAINPID
+LimitNOFILE=65536
+
+[Install]
+WantedBy=multi-user.target
+EOF
+```
+Copy into the dashboard pod:
+```bash
+kubectl --kubeconfig=$KUBECONFIG2 cp consul.service ns-nsm-consul-vl3/dashboard:/etc/systemd/system/consul.service
+```
+Start service:
+```bash
+kubectl --kubeconfig=$KUBECONFIG2 -n ns-nsm-consul-vl3 exec -it dashboard -c ubuntu -- sudo systemctl daemon-reload 
+kubectl --kubeconfig=$KUBECONFIG2 -n ns-nsm-consul-vl3 exec -it dashboard -c ubuntu -- sudo systemctl start consul.service 
+kubectl --kubeconfig=$KUBECONFIG2 -n ns-nsm-consul-vl3 exec -it dashboard -c ubuntu -- sudo systemctl enable consul.service 
+```
+
+Create the dashboard service definition:
+```bash
+cat > dashboard.hcl <<EOF
+service {
+  name = "dashboard"
+  port = 9002
+
+  connect {
+    sidecar_service {
+      proxy {
+        upstreams = [
+          {
+            destination_name = "counting"
+            local_bind_port  = 5000
+          }
+        ]
+      }
+    }
+  }
+
+  check {
+    id       = "dashboard-check"
+    http     = "http://localhost:9002/health"
+    method   = "GET"
+    interval = "1s"
+    timeout  = "1s"
+  }
+}
+EOF
+```
+
+Copy into Dashboard Pod:
+```bash
+kubectl --kubeconfig=$KUBECONFIG2 -n ns-nsm-consul-vl3 exec -it dashboard -c ubuntu -- mkdir service
+kubectl --kubeconfig=$KUBECONFIG2 cp dashboard.hcl ns-nsm-consul-vl3/dashboard:/service
+```
+
+(On the dashboard pod) Register the service with Consul
+```bash
+kubectl --kubeconfig=$KUBECONFIG2 -n ns-nsm-consul-vl3 exec -it dashboard -c ubuntu -- consul services register /service/dashboard.hcl
+```
+You should see 'Registered service: dashboard'
+
+Create script to run envoy service and copy into the dashboard pod:
+```bash
+cat > consul-envoy.service <<EOF
+[Unit]
+Description=Consul
+Documentation=https://www.consul.io/
+
+[Service]
+ExecStart=/usr/bin/consul connect envoy -sidecar-for dashboard
+ExecReload=/bin/kill -HUP $MAINPID
+LimitNOFILE=65536
+
+[Install]
+WantedBy=multi-user.target
+EOF
+```
+
+```bash
+kubectl --kubeconfig=$KUBECONFIG2 cp consul-envoy.service ns-nsm-consul-vl3/dashboard:/etc/systemd/system/consul-envoy.service
+```
+Start service:
+```bash
+kubectl --kubeconfig=$KUBECONFIG2 -n ns-nsm-consul-vl3 exec -it dashboard -c ubuntu -- sudo systemctl daemon-reload 
+kubectl --kubeconfig=$KUBECONFIG2 -n ns-nsm-consul-vl3 exec -it dashboard -c ubuntu -- sudo systemctl start consul-envoy.service 
+kubectl --kubeconfig=$KUBECONFIG2 -n ns-nsm-consul-vl3 exec -it dashboard -c ubuntu -- sudo systemctl enable consul-envoy.service 
+```
+
+Port-forward the dashboard pod
+```bash
+kubectl --kubeconfig=$KUBECONFIG2 -n ns-nsm-consul-vl3 port-forward dashboard 9002:9002 &
+```
+
+In your browser open localhost:9002 and verify the application works!
+Also you can run this to check that it works:
+```bash
+result=$(curl --include --no-buffer --connect-timeout 20 -H "Connection: Upgrade" -H "Upgrade: websocket" -H "Host: 127.0.0.1:9002" -H "Origin: http://127.0.0.1:9002" -H "Sec-WebSocket-Key: SGVsbG8sIHdvcmxkIQ==" -H "Sec-WebSocket-Version: 13" http://127.0.0.1:9002/socket.io/?EIO=3&transport=websocket)
+echo ${result} | grep  -o 'Unreachable'
+```
+
+
+##Cleanup
+
+```bash
+pkill -f "port-forward"
+kubectl --kubeconfig=$KUBECONFIG1 delete ns ns-nsm-consul-vl3
+kubectl --kubeconfig=$KUBECONFIG2 delete ns ns-nsm-consul-vl3
+```
diff --git a/examples/interdomain/nsm_consul_vl3/cluster1/control_plane.yaml b/examples/interdomain/nsm_consul_vl3/cluster1/control_plane.yaml
new file mode 100644
index 000000000000..777f98047839
--- /dev/null
+++ b/examples/interdomain/nsm_consul_vl3/cluster1/control_plane.yaml
@@ -0,0 +1,31 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: consul-cp
+  labels:
+    name: control-plane
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      name: control-plane
+  template:
+    metadata:
+      labels:
+        name: control-plane
+      annotations:
+        networkservicemesh.io: kernel://nsm-consul-vl3/nsm-1
+    spec:
+      containers:
+      - image: consul:latest
+        ports:
+        - containerPort: 5681
+        command:
+        - /bin/sh
+        - "-c"
+        - "sleep 600m"
+        imagePullPolicy: IfNotPresent
+        name: ubuntu
+        securityContext:
+            privileged: true
diff --git a/examples/interdomain/nsm_consul_vl3/cluster1/counting.yaml b/examples/interdomain/nsm_consul_vl3/cluster1/counting.yaml
new file mode 100644
index 000000000000..8b9e7bb57e0a
--- /dev/null
+++ b/examples/interdomain/nsm_consul_vl3/cluster1/counting.yaml
@@ -0,0 +1,30 @@
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  name: counting
+  namespace: default
+  labels:
+    name: counting
+  annotations:
+    networkservicemesh.io: kernel://nsm-consul-vl3/nsm-1
+spec:
+  containers:
+  - image: consul-client:latest
+    ports:
+    - containerPort: 5681
+    command:
+    - /bin/sh
+    - "-c"
+    - "sleep 600m"
+    imagePullPolicy: IfNotPresent
+    name: ubuntu
+    securityContext:
+            privileged: true
+  - name: counting
+    image: hashicorp/counting-service:0.0.2
+    securityContext:
+      privileged: true
+    ports:
+    - containerPort: 9001
+  restartPolicy: OnFailure
diff --git a/examples/interdomain/nsm_consul_vl3/cluster1/kustomization.yaml b/examples/interdomain/nsm_consul_vl3/cluster1/kustomization.yaml
new file mode 100644
index 000000000000..402327969a2f
--- /dev/null
+++ b/examples/interdomain/nsm_consul_vl3/cluster1/kustomization.yaml
@@ -0,0 +1,15 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: ns-nsm-consul-vl3
+
+resources:
+- ./nse-vl3-vpp
+- ./vl3-ipam
+- control_plane.yaml
+- counting.yaml
+- ui-service.yaml
+
+patchesStrategicMerge:
+- nse-patch.yaml
diff --git a/examples/interdomain/nsm_consul_vl3/cluster1/nse-patch.yaml b/examples/interdomain/nsm_consul_vl3/cluster1/nse-patch.yaml
new file mode 100644
index 000000000000..effb888d57d6
--- /dev/null
+++ b/examples/interdomain/nsm_consul_vl3/cluster1/nse-patch.yaml
@@ -0,0 +1,16 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nse-vl3-vpp
+  labels:
+    app: nse-vl3-vpp
+spec:
+  replicas: 1
+  template:
+    spec:
+      containers:
+        - name: nse
+          env:
+            - name: NSM_SERVICE_NAMES
+              value: "nsm-consul-vl3"
diff --git a/examples/interdomain/nsm_consul_vl3/cluster1/nse-vl3-vpp/kustomization.yaml b/examples/interdomain/nsm_consul_vl3/cluster1/nse-vl3-vpp/kustomization.yaml
new file mode 100644
index 000000000000..7aee81eb6e6c
--- /dev/null
+++ b/examples/interdomain/nsm_consul_vl3/cluster1/nse-vl3-vpp/kustomization.yaml
@@ -0,0 +1,6 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+- nse.yaml
diff --git a/examples/interdomain/nsm_consul_vl3/cluster1/nse-vl3-vpp/nse.yaml b/examples/interdomain/nsm_consul_vl3/cluster1/nse-vl3-vpp/nse.yaml
new file mode 100644
index 000000000000..ad34d5f51616
--- /dev/null
+++ b/examples/interdomain/nsm_consul_vl3/cluster1/nse-vl3-vpp/nse.yaml
@@ -0,0 +1,52 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nse-vl3-vpp
+  labels:
+    app: nse-vl3-vpp
+spec:
+  selector:
+    matchLabels:
+      app: nse-vl3-vpp
+  template:
+    metadata:
+      labels:
+        app: nse-vl3-vpp
+        "spiffe.io/spiffe-id": "true"
+    spec:
+      containers:
+        - name: nse
+          image: ghcr.io/networkservicemesh/ci/cmd-nse-vl3-vpp:898133e
+          imagePullPolicy: IfNotPresent
+          env:
+            - name: SPIFFE_ENDPOINT_SOCKET
+              value: unix:///run/spire/sockets/agent.sock
+            - name: NSM_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: NSM_LOG_LEVEL
+              value: TRACE
+          volumeMounts:
+            - name: spire-agent-socket
+              mountPath: /run/spire/sockets
+              readOnly: true
+            - name: nsm-socket
+              mountPath: /var/lib/networkservicemesh
+              readOnly: true
+          resources:
+            requests:
+              cpu: 150m
+            limits:
+              memory: 400Mi
+              cpu: 500m
+      volumes:
+        - name: spire-agent-socket
+          hostPath:
+            path: /run/spire/sockets
+            type: Directory
+        - name: nsm-socket
+          hostPath:
+            path: /var/lib/networkservicemesh
+            type: DirectoryOrCreate
diff --git a/examples/interdomain/nsm_consul_vl3/cluster1/ui-service.yaml b/examples/interdomain/nsm_consul_vl3/cluster1/ui-service.yaml
new file mode 100644
index 000000000000..7e44b67320a0
--- /dev/null
+++ b/examples/interdomain/nsm_consul_vl3/cluster1/ui-service.yaml
@@ -0,0 +1,13 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: consul-ui
+spec:
+  type: ClusterIP
+  selector:
+    name: control-plane
+  ports:
+    - protocol: TCP
+      port: 8500
+      targetPort: 8500
diff --git a/examples/interdomain/nsm_consul_vl3/cluster1/vl3-ipam/kustomization.yaml b/examples/interdomain/nsm_consul_vl3/cluster1/vl3-ipam/kustomization.yaml
new file mode 100644
index 000000000000..a0fa6d744b0f
--- /dev/null
+++ b/examples/interdomain/nsm_consul_vl3/cluster1/vl3-ipam/kustomization.yaml
@@ -0,0 +1,7 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+- vl3-ipam.yaml
+- vl3-ipam-service.yaml
diff --git a/examples/interdomain/nsm_consul_vl3/cluster1/vl3-ipam/vl3-ipam-service.yaml b/examples/interdomain/nsm_consul_vl3/cluster1/vl3-ipam/vl3-ipam-service.yaml
new file mode 100644
index 000000000000..ba1ed7c9e052
--- /dev/null
+++ b/examples/interdomain/nsm_consul_vl3/cluster1/vl3-ipam/vl3-ipam-service.yaml
@@ -0,0 +1,14 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: vl3-ipam
+spec:
+  selector:
+    app: vl3-ipam
+  ports:
+    - name: vl3-ipam
+      protocol: TCP
+      port: 5006
+      targetPort: 5006
+  type: LoadBalancer
diff --git a/examples/interdomain/nsm_consul_vl3/cluster1/vl3-ipam/vl3-ipam.yaml b/examples/interdomain/nsm_consul_vl3/cluster1/vl3-ipam/vl3-ipam.yaml
new file mode 100644
index 000000000000..1fa0546c46b3
--- /dev/null
+++ b/examples/interdomain/nsm_consul_vl3/cluster1/vl3-ipam/vl3-ipam.yaml
@@ -0,0 +1,51 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: vl3-ipam
+  labels:
+    app: vl3-ipam
+spec:
+  selector:
+    matchLabels:
+      app: vl3-ipam
+  template:
+    metadata:
+      labels:
+        app: vl3-ipam
+        "spiffe.io/spiffe-id": "true"
+    spec:
+      containers:
+        - image: ghcr.io/networkservicemesh/ci/cmd-ipam-vl3:a918ec8
+          env:
+            - name: SPIFFE_ENDPOINT_SOCKET
+              value: unix:///run/spire/sockets/agent.sock
+            - name: NSM_LISTEN_ON
+              value: tcp://:5006
+            - name: NSM_PREFIX
+              value: 169.254.0.0/16
+            - name: NSM_LOG_LEVEL
+              value: TRACE
+          imagePullPolicy: IfNotPresent
+          name: vl3-ipam
+          ports:
+            - containerPort: 5006
+              hostPort: 5006
+          volumeMounts:
+            - name: spire-agent-socket
+              mountPath: /run/spire/sockets
+          resources:
+            requests:
+              cpu: 100m
+            limits:
+              memory: 40Mi
+              cpu: 200m
+      volumes:
+        - name: spire-agent-socket
+          hostPath:
+            path: /run/spire/sockets
+            type: Directory
+        - name: nsm-socket
+          hostPath:
+            path: /var/lib/networkservicemesh
+            type: DirectoryOrCreate
diff --git a/examples/interdomain/nsm_consul_vl3/cluster2/dashboard.yaml b/examples/interdomain/nsm_consul_vl3/cluster2/dashboard.yaml
new file mode 100644
index 000000000000..2cfffa21fd70
--- /dev/null
+++ b/examples/interdomain/nsm_consul_vl3/cluster2/dashboard.yaml
@@ -0,0 +1,31 @@
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  name: dashboard
+  namespace: default
+  labels:
+    name: dashboard
+  annotations:
+    networkservicemesh.io: kernel://nsm-consul-vl3@my.cluster1/nsm-1
+spec:
+  containers:
+  - image: consul-client:latest
+    ports:
+    - containerPort: 5681
+    command:
+    - /bin/sh
+    - "-c"
+    - "sleep 600m"
+    imagePullPolicy: IfNotPresent
+    name: ubuntu
+    securityContext:
+      privileged: true
+  - name: dashboard
+    image: hashicorp/dashboard-service:0.0.4
+    ports:
+    - containerPort: 9002
+    env:
+    - name: COUNTING_SERVICE_URL
+      value: 'http://localhost:5000'
+  restartPolicy: OnFailure
diff --git a/examples/interdomain/nsm_consul_vl3/cluster2/kustomization.yaml b/examples/interdomain/nsm_consul_vl3/cluster2/kustomization.yaml
new file mode 100644
index 000000000000..9d01d82c267b
--- /dev/null
+++ b/examples/interdomain/nsm_consul_vl3/cluster2/kustomization.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: ns-nsm-consul-vl3
+
+bases:
+- dashboard.yaml
diff --git a/examples/interdomain/nsm_consul_vl3/dockerfile/Dockerfile b/examples/interdomain/nsm_consul_vl3/dockerfile/Dockerfile
new file mode 100644
index 000000000000..34358440e20c
--- /dev/null
+++ b/examples/interdomain/nsm_consul_vl3/dockerfile/Dockerfile
@@ -0,0 +1,13 @@
+FROM ubuntu:latest
+RUN apt update
+RUN apt upgrade -y
+RUN apt-get install curl gnupg sudo lsb-release net-tools iproute2 apt-utils -y
+RUN curl --fail --silent --show-error --location https://apt.releases.hashicorp.com/gpg | gpg --dearmor | sudo dd of=/usr/share/keyrings/hashicorp-archive-keyring.gpg
+RUN echo "deb [arch=amd64 signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee -a /etc/apt/sources.list.d/hashicorp.list
+RUN sudo apt-get update
+RUN sudo apt-get install consul=1.12.0-1
+RUN sudo apt-get -y install systemctl
+RUN curl -L https://func-e.io/install.sh | bash -s -- -b /usr/local/bin
+RUN export FUNC_E_PLATFORM=linux/amd64
+RUN func-e use 1.22.2
+RUN sudo cp ~/.func-e/versions/1.22.2/bin/envoy /usr/bin/