This article applies to NetFoundry networks version 7 or higher.Refer to Finding Your Network Version for detailed information on determining your Network Version.
Edge Routers are typically self-hosted because they form your overlay fabric. By this method you may extend that fabric to your own data centers, branches, private LANs, VPCs, etc... These are the enrollment steps for a self-hosted Edge Router. You may also go back to learn more about Edge Routers in general.
You may choose to use a pre-installed Edge Router by launching the NetFoundry Cloud Gateway VM or self-installing an Edge Router on your own OS.
The NetFoundry Cloud Gateway Virtual Machine
This is the easiest way to self-host an Edge Router. NetFoundry's Cloud Gateway VM has Edge Router pre-installed. You may choose to
- launch our VM in your public cloud account e.g. AWS, Azure, etc...; or
- download our VM and launch in your private cloud e.g. VMware, Virtualbox, etc...
Important: use the right version of the cloud gateway VM! The correct version is always linked in the web console detail view of the edge router.
Launch the Cloud Gateway VM
- Create an edge router in the web console.
Important: Is your network > v6? Networks < v7 use "gateway endpoints" instead. Find the version in the left sidebar of the web console.
- Click the edge router to open the details and follow the button link to launch or download the VM.
- Find and launch the cloud gateway VM on your preferred public cloud or download the VM for your preferred hypervisor.
- On your computer, copy the edge router config YAML file and one-time enrollment token to the VM.
$ scp edge-router-config.yml email@example.com:/opt/netfoundry/ziti/ziti-router/config.yml
$ scp exampleEdgeRouter.jwt firstname.lastname@example.org:/opt/netfoundry/ziti/ziti-router/exampleEdgeRouter.jwt
- On the VM, run Edge Router to enroll.
nfadmin $ cd /opt/netfoundry/ziti/ziti-router/
nfadmin $ ziti-router enroll config.yml --jwt exampleEdgeRouter.jwt
- On the VM, run Edge Router as a daemon
nfadmin $ sudo systemctl ziti-router.service start
# Starting this service executes the following command as root
# /opt/netfoundry/ziti/ziti-router/ziti-router run /opt/netfoundry/ziti/ziti-router/config.yml
Edge Router Self-Installed
This is an alternative to running the NetFoundry VM as an Edge Router. You may use OpenZiti Router to provide the Ziti edge and Ziti fabric for your NetFoundry network. Besides the Ziti Router executable for your host architecture, you'll need only the one-time enrollment token and a configuration template to run Ziti Router on your own OS. Both are available through the NetFoundry API after creating an edge router.
Be sure to write the configuration file so that the edge component is enabled. This is necessary for all Ziti Router installs for a NetFoundry network.
You may write the configuration file to enable the "link listener" for each install. This opens a port by which the router may provide rendezvous for other routers. You need at least one router with a routeable IP and a link listener for each network. As such, some of your routers may be invisible on the internet by disabling the link listener. Those invisible routers will negotiate mesh links via one of the routers that is providing a link listener.
Details coming soon! (remind email@example.com)