You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 5 Next »

SDEWAN central controller provides central control of SDEWAN overlay networks by automatically configuring the SDEWAN CNFs located in edge location clusters and hub clusters:

  • To create secure overlays where each overlay connects application and hub clusters together.
  • To allow application connectivity with external entities and entities of other clusters.

System Architecture

SDEWAN central controller includes the following components as showed in below diagram:

  • Web UI: a HTML5 based web UI to provide configuration of Application Cluster Registration, Hub Registration, Overlay, Application/Service Registration and Status tracking.
  • API Server: Exports Restful API for Application Cluster management, Hub management, Overlay management, Status monitoring management, logging.
  • Scheduler Manager: a daemon service which accepts request from API server (through RPC) then generates relevant K8s CRs of SD-EWAN CNFs of various hubs and edges to establish the tunnels.
  • SDEWAN Management DB: a database to store information such as edge clusters, hubs, overlays, ip addresses, application/services etc.


System Design

Working Flow

Assumption

IP

  • Central Cloud has public IP as CIP
  • Traffic Hub has public IP as HIP1 HIP2, ...
  • Edge Location may have public IP in one edge node as EIP1, ... or don't have public IP (behind a gateway as EGIP1, ...)\

IPSec Tunnel mode for control plane (e.g. central cloud to k8s API server)

  • Central Cloud to Traffic Hub: Host to Host
  • Central Cloud to Edge Location:
    • Edge location has public IP: Host to Host
    • Edge location does not have public IP: Initiator (edge) to Responder (Central cloud)

IPSec Tunnel mode for data plane (for data traffic)

  • Edge to Edge: Host to host
  • Edge to Hub: Host (edge) to Site (Hub, using edge's subnet as rightsubnet)
  • Hub to Hub: Host to Host

Open:

  1. Control plane and data plane share the same interfaces in Hub? Edge Location?
  2. Control plane IPSec tunnel between Central Cloud with Hub is setup during Hub registeration in Central Cloud
  3. Control plane IPSec tunnel between Central Cloud with Edge location (with public IP) is setup during edge location registeration in Central Cloud
  4. Control plane IPSec tunnel between Central Cloud with Edge location (with private IP) is setup during edge location setup (depedency to check: IPsec tunnel for Initiator to Responder requires Responder to be run first)

Environment Setup (Pre-condition)

Central Cloud (assume pubic ip is CIP)

  • K8s cluster is setup (by Kud)
  • Web UI, API Server, SDEWAN controller, DB service are deployed (through EMCO)
  • Central SDEWAN Config Agent and CNF are deployed (through EMCO) with initial configuration (e.g. as Responder)

Edge Hub (assume public ip is HIP1, …)

  • K8s cluster is setup (by Kud)
  • Hub SDEWAN Config Agent and CNF are deployed (through EMCO) with initial configuration (use its public IP as left)

Flow: Register Hub

Flow: Register Edge Location

Flow: Register Application Service

Flow: Register Overlay

DB Schema

Module Design



  • No labels