Versions Compared

Old Version 10

changes.mady.by.user Huifeng Le

Saved on

compared with

New Version 11

changes.mady.by.user Huifeng Le

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • K8s cluster is setup (by Kud)
  • Hub SDEWAN Config Agent and CNF are deployed (through EMCO) with initial configuration (e.g. As Host for Control plane - left: HIP, right: CIP). Note: at this stage, the Central-Hub tunnel is not setup yet.

Edge Location (Public IP):

  • K8s cluster is setup (by Kud)
  • Edge SDEWAN Config Agent and CNF are deployed (through EMCO) with initial configuration (e.g. As Host for Control plane - left: EIP, right: CIP). Note: at this stage, the Central-Edge tunnel is not setup yet.

Edge Location (Private IP):

  • K8s cluster is setup (by Kud)
  • Edge SDEWAN Config Agent and CNF are deployed (through EMCO) with initial configuration (e.g. As Initiator for Control plane - left: %any, leftsourceip:%config, right: CIP, rightsubnet:0.0.0.0/0). Note: at this stage, an OIP is assigned to the CNF and the Central-Edge tunnel is set up (to be confirmed)

Open:

  1. During current test, IPsec tunnel for Initiator to Responder requires Responder to be run before Initiatior, that means the SDEWAN CNF in Central cloud need to be run as Responder before a edge location (with private IP) setup, and the OIP Address range need to be confgiure first (read from IP address manager?) and can not be updated at run time, does this be expected behavior?
  2. Need to check how to get the assigned OIP after the tunnel between Central Cloud and Edge Location (with private ip) setup (through strongswan command?), this is required for Ip address manager and cluster register process.
  3. The registration of edge location information should be done by Admin manually or triggled automatically by EMCO's edge location registration process (assume simaliar information shared)?  

...

  • Trigger: Admin add/update hub information in Web UI or Remote Client Call with below informations:
    • Name, Description
    • Public IP address list
    • Managed IP ( ? )
    • Shared flag (whether the hub can be shared cross overlays)
    • Overlay name
    • CertificateId
    • Kubeconfig
  • Steps:
    • Save in DB
    • Setup control plane host-host tunnel with Central Cloud (e.g. Add a new IPSec policy in Central Cloud CNF with: left: CIP, right: HIP, CertificateId)

...

  1. the OIP for control plane (with Central Cloud) will be generated by Centran Cloud responder, shall this OIP be used for data plane (e.g. edge1↔hub↔edge2) or new OIP should be created (e.g. use Hub as responder) in Add-edge-location flow in overlay, and the Number of overlay IP address will be used to block Add-edge-location flow if exceedexceeded?

Flow: Overlay

Add-basic-information:

  • Trigger: Admin add/update edge location information in Web UI or Remote Client Call with below informations:
    • Name, Description
    • CertificateId
    • Overlay IP ranges
  • Steps:
    • Save in DB

Opens:

  1. Can overlay IP ranges be same for different overlay? (Suppose "yes" as the edges belongs to different overlays will not communicate even share the same hub) 

Add-hub:

  • Trigger: Admin add/update hub overlay information in Web UI or Remote Client Call with below informations:
    • Overlay name
    • hub name
    • Hub ip (if hub has more than 1 public IPs)
    • Hub overlay ip ranges
  • Steps:
    • Save hub list information in DB
    • Setup hub-hub tunnel (data plane): e.g. left: HIP1, right: HIP2, overlay CertificateId
    • Setup hub as responder of edge-hub tunnel (data plane): e.g. left: HIP, leftsubnet: Hub overlay ip subnet, rightsourceip: Hub overlay ip ranges

Opens:

  1. Does it need define overlay ip ranges special for a hub or use overlay's ip range directly?
  2. Can 2 Hub setup 2 channels with different masks/interface ids (Need check)?


Add-edge-location:

  • Trigger: Admin add/update application cluster overlay information in Web UI or Remote Client Call with below informations:
    • Overlay name
    • edge location name
    • connected Hub name(s)
  • Steps:
    • Save application cluster overlay information in DB
    • Setup edge-hub tunnel with first hub (data plane): e.g. as Initiator - left: %any, leftsourceip:%config, right: HIP, rightsubnet:0.0.0.0/0, overlay CertificateId
    • Get the assigned OIP, save to DB and broadcast to other hubs (add to exclude list of its responder - Need to check how to do it)
    • Setup edge-hub tunnel with remain hub (data plane): e.g. as host-host tunnel, left: OIP, right: HIP, overlay CertificateId

Opens:

  1. A Suppose a edge location can only belong to one overlay at the same time?
  2. Can edge location connected to more than 1 hubs? if yes, Can it be assigned multiple OIPs from different hubs?
  3. For edge with public ip, does it need setup Initiator-responder tunnel or host-host tunnel with hub?

Flow: Application Connection

...