Deploy Ziti Tunnel Endpoint container on supported Cradlepoint Router

Cradlepoint_logo_copy.jpg

NetFoundry and Cradlepoint SDN solution with Container technology.

 

The following guide provides guidance on the installation of NetFoundry Ziti Tunnel endpoint software on to a supported Cradlepoint router. Base functionality has been validated on a E300 router with Advanced features enabled.

 

diag.png

 

Assumptions

1. NetFoundry account with associated network componentry.

  • Network Controller
  • Fabric Router(s)
  • Console account {nfconsole.io)
  • NetFoundry Endpoint software installed on workstation.

2. Cradlepoint NetCloud  account with associated account and supported hardware/software feature.

______________________________________________________________________

 

Step 1. From the NetFoundry Console, create an endpoint. Download associated JWT file. 

 

Step 2. Open JWT file with code/text editor and copy contents to clipboard.

 

Step 3. Insert contents of JWT file into the template Compose file below:

NF_REG_TOKEN variable sample below:

NF_REG_TOKEN=JWT Key

 

version: '2.4'

services:
  ziti-tunnel:
    network_mode: bridge
    image: 'netfoundry/ziti-tunnel:skiptest'
    command: host --verbose
    environment:
      - >-
        NF_REG_TOKEN=INSERT YOUR JWT KEY HERE
      - NF_REG_NAME=nf-identity
    volumes:
      - 'nf-identity:/netfoundry'
volumes:
  nf-identity:
    driver: local
networks:
  lannet:
    driver: bridge
    driver_opts:
      com.cradlepoint.network.bridge.uuid: 00000000-0d93-319d-8220-4a1fb0372b51
    ipam:
      driver: default
      config:
        - subnet: 192.168.60.0/24
          gateway: 192.168.60.1

 

NOTE: the sample above is inserting the container into a default container network which utilizes the PRIMARY LAN underlay network of the device - 192.168.60.0/24.

 

Step 4. From the NetCloud web console we will build the container from the compose.yaml file create in step 3. Save and Commit changes in the NetCloud console. Your system will pull the container image and run the project/container on the device. Check logging for any errors and correct and validate running container.

Verify Container running in NetCloud console

ziti_tunnel.png

 

Verify endpoint running in NetFoundry console

mceclip4.png

 

Step 5. Once the endpoint is running, we can go back to the NetFoundry web platform and create associated services and AppWAN definitions to gain access to other containers, Device Management and downstream LAN clients. From the web console, select Services on the menu on the left side and then select the Plus sign in the upper right hand corner.

 

service_add.png

 

Next we select Advanced Service

 

mceclip1.png

 

From the Create Service menu, create your service. You will provide the name any is ok but should reference the function of the service. For the intercept IP, you can put the desired IP, Hostname or subnet by using network address and mask...e.g. 192.168.60.0/24. You then select the protocols TCP/UDP or both and the desired ports you would like connectivity for.

Under the select endpoints dropdown list, find and select the container endpoint installed on the Cradlepoint device and hit create.

 

mceclip2.png

 

Step 6. Next we will create an AppWAN which is used to provide network access to services for desired endpoints. In this example we will give a remote user access to the "Device LAN" service and a NGINX container.  From the web console, select AppWAN from the menu on the left side and then select the Plus sign in the upper right hand corner.

 

mceclip3.png

 

Step 7. Verify desired connectivity by connecting via CLI or Web browser to the IP/Ports defined in the created service.

From your installed NetFoundry client, look at the services in your client to verify they are present.

 

client_services.jpg

 

client_appwan.jpg

 

 

 

 

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.