Client & Server Applications using NF C-SDK

SDK Questions sdk-c
1

Out current goal is run both Client side and server side application written and deployed using NF SDK.

For this we chose this example of C-SDK:
ziti-sdk-c/sample-host.c at main · openziti/ziti-sdk-c · GitHub

Our Queries:

  1. If I understand correct – this sample-host.c has both server side code and client side code inbuilt – right?

  2. Do I need download Ziti Git and compile that too. Or Can u just run the Ziti binary on the client side?

  3. Also to run the sample_host application. We need to give 4 arguments as specified in the example. sample_host client config-file service. Where do i get config-file ?

  4. Same question on the server side as well. where do i get config file to pass as argument.

  5. Is config-file same as JWT file that we download from NF Console and that’s used to enroll and register Ziti or Ziti-tunnel on the client side or Ziti Edge Router on Server side?

If you could clarify above queries that would help a lot.

Thanks

2

Hi anantha,

  1. yes the sample contains both “client” and “server” code in it. The program’s first argument let’s you specify “server”. If it’s “server” it’ll run the server side. otherwise it runs as a client. you can see this when the usage is printed: fprintf(stderr, "Usage: %s <client|server> <config-file> <service-name>", argv[0]);
  2. I’m not quite sure I understand this question. The only ziti binary as I recall is provided from the release page of this repo: Releases · openziti/ziti · GitHub but that is not really related to the c sdk. That’s all go code. What I would do is clone GitHub - openziti/ziti-sdk-c: A C-based sdk for delivering secure applications over a Ziti Network and build that project. see: ziti-sdk-c/building.md at main · openziti/ziti-sdk-c · GitHub
  3. The config file is the result of the enrollment procecss. If you have not enrolled an identity before you will definitely need to do this before using this sample. The other argument is the name of the service that is being used as a client or host, so you’ll need a service to use as well.
  4. see above
  5. the config file is the result of enrolling the jwt being enrolled. you download the jwt from the console then enroll it and a json file is the result of that. i can show you how to enroll too. the jwt is from the endpoint that is created - not a router.

Looking forward to continuing the conversation…
-Clint

3

oh also. there’s a sample_enroll.c that you could use to enroll a particular jwt.

4

as the last parameter is service-name, in the server case make sure that service is defined as native application

image
image820×148 11.5 KB

5

Yep! Thanks for pointing this out. I shall take care of this.

6

Thanks for super fast response :slight_smile:

  1. Yep! I get this now. We are trying this out now - client and server apps using NF C SDK.
  2. I have downloaded ziti-sdk-c and compiled. I have got the executables generated for sample-host program for both client and server.
    My query is -
    2.1 To run the client version of sample_host executable. Which one I need to be running on client device - ziti or ziti-tunnel?
    Reason is - Last time when i ran hello world demo app - i had downloaded ziti-tunnel after creating the endpoint.

2.3 Is it a requirement that I have to download the ziti source from git and compile - GitHub - openziti/ziti: Executables for the open-core Ziti release. ? If Yes. Which one I need to run ziti or ziti-tunnel?

  1. Ok. So after I enroll - the output needs to saved as config-file right? Ok. I get it now.

Thanks Clint your answers were precise and very clear.
-Anantha

7

Making the leap to “app embedded” ziti like you’re doing here is a bit of a jump. Once you are app embedded you don’t need either ziti or ziti-tunnel… You need “your app”. In this case “your app” is the sample that we are compiling here.

Let’s take an example. You go into the console, you make two endpoints: anantha, clint. One for both of us. We decide that the “clint” endpoint will run as a server - the “anantha” endpoint will run as the client. While in the console you have made a service (we’ll call it ‘example-svc’) and you put both these endpoints into an appwan and added this service to the appwan… The work in the console should then be complete and opaque to the clint and anantha endpoints…

Now, you send me my “clint.jwt” and I use it to enroll my identity and i get my “clint.json” after enrolling. (I can enroll however i like - perhaps using the sample_enroll.c program, perhaps using ziti-tunnel, exactly how I enrolled the jwt is not important)… At the same time you have downloaded “anantha.jwt”, enrolled, and now have “anantha.json”…

Ok, now we have two endpoints… We have a service… We added the endpoints and service to an appwan and we’ve enrolled both endpoints. We’re ready to go…

Now all we need to do is:

  • on the clint computer we run:./programs/sample-host/sample-host "server" clint.json example-svc
  • on the anantha computer we run: ./programs/sample-host/sample-host "client" anantha.json example-svc

On the clint computer we see:

Running as server
[        0.001]    INFO library/ziti.c:228 ziti_init_async() ztx[0] Ziti C SDK version 0.22.1.2 @e76be41(main) starting at (2021-04-14T19:36:55.023)
[        0.001]    INFO library/ziti.c:231 ziti_init_async() ztx[0] Loading from config[clint.json] controller[https://wsl2-edge-controller:1280]
[        0.064]    INFO library/ziti.c:902 version_cb() ztx[0] connected to controller https://wsl2-edge-controller:1280 version v0.0.0(local 2020-01-01 01:01:01)
[        0.083]    INFO library/channel.c:216 new_ziti_channel() ch[0] (wsl2-edge-router@tls://wsl2-edge-router:3022) new channel for ztx[0] identity[UserApr-14-153429]
[        0.083]    INFO library/channel.c:723 reconnect_channel() ch[0] reconnecting NOW
[        0.133]    INFO library/channel.c:629 hello_reply_cb() ch[0] connected. EdgeRouter version: v0.0.0|local|2020-01-01 01:01:01|linux|amd64
Byte Counter is ready! 0(OK)
incoming connection from 'anantha'
got app data 'here is some data from the client to get you started'!

and on anantha we see:

Running as client
[        0.001]    INFO library/ziti.c:228 ziti_init_async() ztx[0] Ziti C SDK version 0.22.1.2 @e76be41(main) starting at (2021-04-14T19:37:20.282)
[        0.001]    INFO library/ziti.c:231 ziti_init_async() ztx[0] Loading from config[anantha.json] controller[https://wsl2-edge-controller:1280]
[        0.065]    INFO library/ziti.c:902 version_cb() ztx[0] connected to controller https://wsl2-edge-controller:1280 version v0.0.0(local 2020-01-01 01:01:01)
[        0.086]    INFO library/channel.c:216 new_ziti_channel() ch[0] (wsl2-edge-router@tls://wsl2-edge-router:3022) new channel for ztx[0] identity[UserApr-14-153551]
[        0.086]    INFO library/channel.c:723 reconnect_channel() ch[0] reconnecting NOW
[        0.136]    INFO library/channel.c:629 hello_reply_cb() ch[0] connected. EdgeRouter version: v0.0.0|local|2020-01-01 01:01:01|linux|amd64
Hello from byte counter!

Maybe this simple story will help you see/understand better?

1 Like
8

Fabulous!! Thanks.
One quick query - on the server side i.e. “clint” endpoint we need to setup NF Edge Router GW, right? Or is it not needed - like its gonna be a endpoint-endpoint interaction using NF SDK?

I shall try this out on our setup and get back. Our setup has both client and server running on two separate local machines with Ubuntu.
Thanks again.

9

All endpoints need access to the ziti overlay network, not just the server. Access to the network begins by accessing an Edge Router. You need to have at least one edge router that is registered and participating in the overlay but you could certainly have many routers. I suggest starting with a single, public router that both endpoints are authorized to use. Then both endpoints would effectively onramp to the overlay network using the same router… Once you get through that phase you can start adding routers if needed.

10

Great Support team!!
We are very happy to share that - we are able to run this C-SDK “sample_host” client and server successfully end-to-end.

As a next incremental step - we plan to modify this sample code to mimic our simple data stream application and try the same send-receive tomorrow. That will get us a bit more familiarity with SDK API and usage - so that we can incorporate this into our applications going forward.

Thank you very much. We shall keep you all posted. :slight_smile:
-Anantha

11

Glad to hear you are up and running! Feel free to post additional questions as needed.