The process of registering a Customer Hosted Edge Router equipped with multiple network interface cards (NICs) involves simple steps to ensure proper configuration and functionality.
Follow the below steps to register an ER with multiple NICs
Step 1: Create a Customer Edge Router on the Console
Customer self-hosted Edge Routers (CERs) act as egress routers for endpoints / other CERs to reach the services terminated on the CER endpoint.
- From your Network Dashboard page, navigate to Edge Routers.
- Under the Edge Routers tab, click on the + sign at the upper-right to add an edge router.
- Give your edge router a name.
- Give your edge router a router attribute (optional). Router attributes are tags applied to a router. The same tag can be applied to other edge routers to form a collection of Customer-hosted Edge Routers. This attribute can be used for provisioning APPWANs.
- Select Customer Hosted as your hosting type.
- Hit Create to complete the process.
- A new customer-hosted edge router would be created with the registration key as below. This registration key is required to register the edge router to the network.
- Copy your edge router registration key. You may also save it as a JWT or a config file.
Step 2: Register the Edge Router VM hosted on Azure
An Edge Router hosted by the customer has been implemented on Azure with two NICs.
- For detailed instructions on provisioning a customer-hosted Edge Router on AWS, Azure, GCP, or OCI, please click here.
- You can find the same information in the screenshot below.
- After login to the ER, use the command below to view the different interfaces and IP assigned to it.
ifconfig
- After choosing the IP or LAN interface that faces your clients, determine through which you want the Ziti traffic to flow. You can start the registration process from the specified IP using the command below. In the below command -e or --edge represents the EDGE IP or DNS name for the edge component, and -i or --tunnel_ip represents the TUNNEL_IP Address for the tunnel component.
sudo router-registration <REGISTRATION KEY> -e <SELECTED IP> -i <SELECTED IP>
- In the above capture, you can see a prompt of a successful registration.
Step 3: Verification
- After a successful registration, you can use the following command to check if the resolver and advertised IP reflect the selections made earlier.
cat /opt/netfoundry/ziti/ziti-router/config.yml
girishkumar.reddy@netfoundry.io@CHERwith2NICs:~$ cat /opt/netfoundry/ziti/ziti-router/config.yml
v: 3
identity:
cert: /opt/netfoundry/ziti/ziti-router/certs/cert.pem
server_cert: /opt/netfoundry/ziti/ziti-router/certs/server_cert.pem
key: /opt/netfoundry/ziti/ziti-router/certs/key.pem
ca: /opt/netfoundry/ziti/ziti-router/certs/ca.pem
ctrl:
endpoint: tls:7b265695-80ad-45c5-a814-25488f2c9e60.production.netfoundry.io:443
link:
dialers:
- binding: transport
healthChecks:
ctrlPingCheck:
interval: 30s
timeout: 15s
initialDelay: 15s
linkCheck:
minLinks: 1
interval: 5s
initialDelay: 5s
edge:
heartbeatIntervalSeconds: 60
csr:
country: US
province: NC
locality: Charlotte
organization: NetFoundry
organizationalUnit: Ziti
sans:
dns:
- CHERwith2NICs
- localhost
ip:
- 10.90.1.13
- 127.0.0.1
listeners:
- binding: edge
address: tls:0.0.0.0:443
options:
advertise: 10.90.1.13:443
- binding: proxy
address: tcp:127.0.0.1:4505
service: salt4505
- binding: proxy
address: tcp:127.0.0.1:4506
service: salt4506
- binding: tunnel
options:
mode: tproxy
resolver: udp://10.90.1.13:53
lanIf: eth1
dnsSvcIpRange: 100.64.0.0/10
web:
- name: health-check
bindPoints:
- interface: 0.0.0.0:8081
address: 0.0.0.0:8081
apis:
Comments
0 comments