...
System Design
Working Flow
Assumption:
IP
- Central Cloud has public IP as CIP
- Traffic Hub has public IP as HIP1 HIP2, ...
- Edge Location may have public IP in one edge node as EIP1, ... or don't have public IP (behind a gateway as EGIP1, ...)\
IPSec Tunnel mode for control plane (e.g. central cloud to k8s API server)
- Central Cloud to Traffic Hub: Host to Host
- Central Cloud to Edge Location:
- Edge location has public IP: Host to Host
- Edge location does not have public IP: Initiator (edge) to Responder (Central cloud)
IPSec Tunnel mode for data plane (for data traffic)
- Edge to Edge: Host to host
- Edge to Hub: Host (edge) to Site (Hub, using edge's subnet as rightsubnet)
- Hub to Hub: Host to Host
Open:
- Assume control plane and data plane share the same interfaces in Hub? Edge Location?
Environment Setup (Pre-condition)
...