...
- During current test, IPsec tunnel for Initiator to Responder requires Responder to be run before Initiatior, that means the SDEWAN CNF in Hub need to be run as Responder before a edge location (with private IP) setup, and the OIP Address range need to be configured first (read from IP address manager?) and can not be updated at run time, does this be expected behavior?
- Need to check how to get the assigned OIP after the tunnel between Hub and Edge Location (with private ip) setup (through strongswan command?), this is required for Ip address manager and cluster register process.
- Solution: Central Hub controller's IP address manager assign one OIP, then set Hub's responder's IPsec configuration with IP range to include only 1 IP (OIP) - Does this make sense?
- The registration of edge location information should be done by Admin manually or triggled automatically by EMCO's edge location registration process (assume similiar information shared)?
- Suppose edge location's OIP is assigned after setup and all following operation (e.g. overlay configuration) will reuse this OIP, right?
- Suppose the answer is "No", and multiple OIP maybe assigned with edge location for different Hubs during overlay configuration, right?
Flow: Hub
Register Hub:
- Trigger: Admin add/update hub information in Web UI or Remote Client Call with below informations:
- Name, Description
- Public IP address list
- Managed IP ( ? )
- Shared flag (whether the hub can be shared cross overlays)
- Overlay name
- CertificateId
- Kubeconfig
- Steps:
- Save in DB
Setup control plane host-host tunnel with Central Cloud (e.g. Add a new IPSec policy in Central Cloud CNF with: left: CIP, right: HIP, CertificateId)
...
- In case multiple public IPs, needs to define which HIP (Managed IP?) should be used in connection with Central Cloud - Yes?
Flow: Edge Location
Register Edge Location:
...
- Suppose a edge location can only belong to one overlay at the same time? - Yes and hub is only belong to one overlay, right?
- Can edge location connected to more than 1 hubs? if yes, Can it be assigned multiple OIPs from different hubs? - Yes
For edge with public ip, does it need setup Initiator-responder tunnel or host-host tunnel with hub?- Does it need configuration in Overlay to configure edge-edge tunnel (support one edge has public ip) and in which flow?
Flow: Application Connection
...
Module Design
Task Breakdowns
| Tasks | Due | Owner | Status | Description |
| Scheduler Manager | ||||
| -- Overlay: Setup tunnels for hubs and edges | Generates relevant K8s CRs of SD-EWAN CNFs of various hubs and edges to establish the tunnels | |||
| -- IP Address manager | Assigns/frees IP addresses from "overlay IP ranges" and dedicates them to that cluster | |||
| -- Application connectivity scheduler | Creates K8s resources required to be pushed into the edges and corresponding traffic hubs to facilitate the connectivity | |||
| -- Resource Synchronizer | ||||
| -- CNF | ||||
| API Server | ||||
| -- Rest API Backend | Rest API server framework | |||
| -- DB Backend | Proxy to DB | |||
| -- Application Cluster management | ||||
| -- Hub management | ||||
| -- Overlay management | ||||
| -- Status monitoring management | ||||
| -- logging | ||||
| Web UI | ||||
| -- Web UI framework | ||||
| -- Application Cluster Registration | ||||
| -- Hub Registration | ||||
| -- Overlay | ||||
| -- Application/Service Registration | ||||
| -- Status tracking | ||||
| EMCO plugin for SDEWAN | ||||
| E2E Integration | Integration test of overall system |