Edge Router Advanced Registration Options

 

Disabling Auto Download/Update of registration script

The distributed VM & Cloud Marketplace images are provided with a bootstrap script that downloads the latest version from Github before starting the registration.  This script will download the latest version on first run or if the previous downloaded file is older than 24hrs.

 

The Github repository is located: https://github.com/netfoundry/edge-router-registration

 

To avoid the bootstrap script from running, you can pre download the registration script from another source & place it the correct directory.

In this example will use the Github as the source, but you can replace that as needed to avoid downloading directly from Github. 

wget https://github.com/netfoundry/edge-router-registration/releases/latest/download/router_registration.tar.gz
tar xvfz router_registration.tar.gz
sudo mv .router_registration /opt/netfoundry/



Multi Interface

Used with multi Interface configurations or to override the defaults, you can use the flags “-e”, “-b” & "-i" to specify an IP Address or DNS name you want to use for the router configuration regardless of what is auto discovered.

-e, --edge: This is the IP address or DNS name that will be used by the router configuration “Edge” connection advertisement.

-b, --fabric: This is the IP address or DNS name that will be used by the router configuration “Fabric” & is only available if the router is “Link Listener Enabled”

-i, --tunnel_ip: This is the IP used as the local tunnel interface.  This IP must be something assigned to a local interface. 

 

Example 1(most common): , "fqdn.internal.com" is the domain name that only resolves internally & LAN interface with 192.168.1.1.

$ sudo -E router-registration \
--edge fqdn.internal.com \
--tunnel_ip 192.168.1.1 [one time registration key]

 

Example 2: "fqdn.example.com" is the domain name that resolves in global DNS to the IPv4 address where your Edge Router is listening on 443/tcp for incoming transit links & LAN interface with 192.168.1.

$ sudo -E router-registration \
--edge fqdn.example.com \
--tunnel_ip 192.168.1.1 [one time registration key]

 

In this example, "fqdn.example.com" is the domain name that resolves in global DNS to the IPv4 address where your Edge Router is listening on 443/tcp for edge and 80/tcp & LAN interface with 192.168.1.1

$ sudo -E router-registration \
--edge fqdn.example.com \
--fabric fqdn.example.com \
--tunnel_ip 192.168.1.1 [one time registration key]

Note: Although usually the same, the values for edge & fabric can be different.

 

Registering from behind a proxy

Registration is possible from behind a proxy when using a non-authenticated proxy that uses the CONNECT method. (HTTP/HTTPS).

To register from behind a proxy you need to specify the proxy before running the registration command:

$ export HTTPS_PROXY=http://mylocalproxyaddress.com:3128

After setting the correct value for the proxy, you can run the registration command as shown in the above examples.

To setup the ER to also use the proxy, you can specify additional parameters to the registration command:

$ sudo -E router-registration [one time registration key] --proxyAddress mylocalproxyaddress \
--proxyPort 3128
--proxyType http

ProxyPort & ProxyType are optional fileds & are defaulted to the above values.

Note: When using proxy configuration the controller communication checks are automatically skipped.

 

Skipping Controller Checks

Skipping all Checks

When registering, controller checks are performed to ensure the proper communication is in place.  Ports 443/6262 are checked & the certificate inspected.  You can skip these precheck if necessary.

--skipChecks:  Skips the controller checks

$ sudo -E router-registration [one time registration key] --skipChecks

Skipping Software Management Port

If you wish to just skip the software management port 6262 you can skip using:

--skipSoftwareMgmtPortCheck: Skip the software management port check

$ sudo -E router-registration [one time registration key] --skipSoftwareMgmtPortCheck

 

Overriding NTP checks

To ensure a successful registration a global NTP server is checked to make sure the local time is not completely skewed.  The script will automatically check with pool.ntp.org

--ntp: Used to specify an alternate time server to check with.

 

Avoiding communication NetFoundry resources

During the registration process the script reaches out to gateway.production.netfoundry.io for certain information.  To avoid this communication you can supply the needed information instead.

 

--downloadURL: This is the full URL to where the ziti software is hosted & should match the version currently in use. 

--hostId: This is the hostId of the Edge Router & is used to identify the host in our software management setup. 

--jwt: The enrollment JWT for the Edge Router. 

 

sudo -E router-registration \
--downloadUrl https://github.com/openziti/ziti/releases/download/v{{version}}/ziti-linux-amd64-{{version}}.tar.gz \
--hostId {{ hostId }} \
--jwt {{ JWT }}

 

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Article is closed for comments.