GlobalCorp's central IT team hosts a shared application in a central VPC that needs to be accessed by different department VPCs, where IP ranges may overlap. With the application fronted by an NLB, what is the best way to connect up to 10 authorized department VPCs to the central application, given the potential for overlapping CIDR blocks?