Versions Compared

Old Version 8

changes.mady.by.user Huifeng Le

Saved on

compared with

New Version 9

changes.mady.by.user Huifeng Le

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Control plane and data plane share the same interfaces interface in Hub? Edge Location?
  2. Control plane IPSec tunnel between Central Cloud with Hub is setup during Hub registeration in Central Cloud
  3. Control plane IPSec tunnel between Central Cloud with Edge location (with public IP) is setup during edge location registeration in Central Cloud
  4. Control plane IPSec tunnel between Central Cloud with Edge location (with private IP) is setup during edge location setup (depedency to check: IPsec tunnel for Initiator to Responder requires Responder to be run first)

Environment Setup (Pre-condition)

Central Cloud (assume pubic ip is CIP):

  • K8s cluster is setup (by Kud)
  • Web UI, API Server, SDEWAN controller, DB service are deployed (through EMCO)
  • Central SDEWAN Config Agent and CNF are deployed (through EMCO) with initial configuration (e.g. as Responder for Edge location without public IP, left: CIP, leftsubnet: from IP Address manager?, rightsourceip: from IP Address manager?)

Traffic Hub (assume public ip is HIP1, …):

  • K8s cluster is setup (by Kud)
  • Hub SDEWAN Config Agent and CNF are deployed (through EMCO) with initial configuration (e.g. As Host for Control plane - left: HIP, right: CIP). Note: at this stage, the tunnel is not setup yet.

Edge Location (Public IP):

  • K8s cluster is setup (by Kud)
  • Hub Edge SDEWAN Config Agent and CNF are deployed (through EMCO) with initial configuration (e.g. As Host for Control plane - left: HIPEIP, eightright: CIP). Note: at this stage, the tunnel is not setup yet.

Edge Location (Private IP):

  • K8s cluster is setup (by Kud)
  • Edge SDEWAN Config Agent and CNF are deployed (through EMCO) with initial configuration (e.g. As Initiator for Control plane - left: %any, leftsourceip:%config, right: CIP, rightsubnet:0.0.0.0/0). Note: at this stage, an OIP is assigned to the CNF and the tunnel is set up

Open:

  1. During current test, IPsec tunnel for Initiator to Responder requires Responder to be run before Initiatior, that means the SDEWAN CNF in Central cloud need to be run as Responder before a edge location (with private IP) setup, and the OIP Address range need to be confgiure first (read from IP address manager?) and can not be updated at run time, does this be expected behavior?
  2. Need to check how to get the assigned OIP after the tunnel between Central Cloud and Edge Location (with private ip) setup (through strongswan command?), this is required for Ip address manager and cluster register process.
  3. The registration of edge location information is done by Admin manually or triggled automatically by EMCO's edge location registration process (assume simaliar information shared)?  


Flow: Register Hub

Flow: Register Edge Location

Flow: Register Application Service

Open:

  1. The registration of application/microservice information is done by Admin manually or triggled automatically by EMCO's deployment process (assume simaliar information shared)?  

Flow: Register Overlay

Error handling

...