There have been discussions in the past (like T154698: Prevent contributions attributed to private and WMF IP addresses) about keeping private IP addresses from Cloud-VPS instances from leaking into/being recorded by Wikimedia wikis and other service endpoints that are operated by the Wikimedia Foundation. This has come up again very recently when some continuous integration jobs failed because of the new eqiad1-r region's use of a new private IP range (T208986: WDQS tests can no longer edit test.wikidata.org).
One option that may or may not turn out to be better would be to force the Cloud VPS software defined networking layer to route requests to Wikipedia wikis through the public address space for Cloud VPS. This would prevent internal Wikimedia servers from seeing the private addresses in use. A possible negative effect however would be that all traffic originating from Cloud VPS instances and Toolforge would appear to come from a small range of IPs (or a single IP?). This would in turn make finding a single misbehaving bot or script more difficult and could lead to the very negative outcome of all Cloud VPS/Toolforge actions being blocked to block out a malicious or naive bot.
I am sure there are other pros and cons of using public IPs to communicate between Cloud VPS/Toolforge and the co-located & directly linked servers operated for Wikimedia's production network. These should be discussed (ideally here) before any major implementation change is undertaken. The opinions of the Wikimedia SRE, Analytics, and Security-Team as well as the cloud-services-team would be especially useful in coming to a near term decision.