How to Register the Edge Router VM

Overview

The Edge Router VM has pre-installed software and configuration management to allow it to function as a router on the edge of your NetFoundry network. Deploying the VM involves:

  1. launching or downloading the latest VM,
  2. logging in to the VM as "nfadmin", and
  3. registering the VM.

The launch or download and login instructions are maintained separately from registration because they vary depending upon your stack. This article covers the final step in deploying your VM: registration. If you need to go back, the best place to start is the downloads page which has links to instructions for each path you might take e.g. launching on AWS, downloading for VMware, etc...

Register

You will see the word "Success" when registration is complete.

These instructions assume

  1. you have copied the one-time registration key from the NF console to your notes or clipboard, and
  2. you are currently logged in to the VM as "nfadmin". You will either log in with the default password "nfadmin" or the SSH pubkey you specified when creating the VM.

Run as "nfadmin" on your Edge Router VM:

$ sudo router-registration [one time registration key]
$ sudo systemctl status ziti-router.service

 

Advanced Registration Parameters

These are not typically necessary. The preferred way to provide listeners for your network is to create hosted Edge Routers which are always listening and always internet-reachable. Optionally, you may configure your Edge Router to advertise listeners. This is necessary in special cases where an intermediate hosted Edge Router is prohibitive for some reason.

The shown parameters for --edge and --fabric may be combined in a single registration command if both are required.

Edge Listener

This is not typically necessary. The preferred way to provide edge listeners for your network is to create hosted Edge Routers which are always listening and always internet-reachable. Optionally, you may configure your Edge Router to advertise an edge listener. This means that Endpoints will attempt to dial this router's edge listener to connect to Services. This is necessary in special cases where an intermediate hosted Edge Router is prohibitive for some reason. The first step is to create your Edge Router. Then, to perform registration with the --edge parameter.

$ sudo router-registration --edge fqdn.example.com [one time registration key]

In this example, "fqdn.example.com" is the domain name that resolves in global DNS to the IPv4 address where your Edge Router is listening on 80/tcp,udp for incoming transit links. You must open the Linux host firewall to allow incoming edge dialers.

$ sudo firewall-cmd --add-port 443/tcp --permanent
$ sudo firewall-cmd --reload

Transit Link Listener

This is not typically necessary. The preferred way to provide transit link listeners for your network is to create hosted Edge Routers which are always listening and always internet-reachable. Optionally, you may configure your Edge Router to advertise a transit link listener. This means that all other Edge Routers will attempt to dial this router's listener to form transit links. This is necessary in special cases where an intermediate hosted Edge Router is prohibitive for some reason. The first step is to create your Edge Router, toggle enabled "link listener" at that time. Then, to perform registration with the --fabric parameter.

$ sudo router-registration --fabric fqdn.example.com [one time registration key]

In this example, "fqdn.example.com" is the domain name that resolves in global DNS to the IPv4 address where your Edge Router is listening on 80/tcp,udp for incoming transit links. You must open the Linux host firewall to allow incoming transit link dialers.

$ sudo firewall-cmd --add-port 80/tcp --permanent
$ sudo firewall-cmd --add-port 80/udp --permanent
$ sudo firewall-cmd --reload

Troubleshooting Registration

You may wish to verify the router daemon's status

$ sudo systemctl status ziti-router.service

Please run these commands to print the application logs and attach to your support request or email to support@netfoundry.io to create a support request.

$ cat /etc/motd | tee ziti-router-$(date +%Y%m%d%H).log
$ sudo journalctl -o cat --no-pager -xeu ziti-router.service | tee -a ziti-router-$(date +%Y%m%d%H).log

For specific instructions for your VM stack please reference the downloads page which has links to instructions for each path you might take e.g. launching on AWS, downloading for VMware, etc.... 

See the Support Hub article: Troubleshoot client and gateway registration errors.

 

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Article is closed for comments.