Client to router connections

1

Hi there! - Just got my hands dirty with ziti this week, and I’m just trying to understand a few things, with regards to performance, and where clients connect to, and what paths data takes when connecting to a service, and understanding circuits.

I have 2 private DC’s, one in the US(bangor.edge) and one in Australia(stafford.edge).
I’ve set up a public controller/edge router in the US(linode), and a public edge router in Australia(sydney.edge) as well.

I’m connecting via the windows client tunnel to the fabric from Australia. When connecting to services on the private DC in stafford.edge, it seems a bit laggy, and by the circuits listing, it seems to be going to the USA, then back again? Not sure if I’m understanding this right, and if there are any other ways i can check?

When i connect to services in the bangor.edge it performs pretty well, so I suspect when Im hitting the service in stafford.edge, its going from au->us->au

Thanks in advance for a great project!, looking forward to getting more involved

[rxxxx ~]# ziti fabric list routers
╭────────────┬───────────────────────────────────────────────────┬────────┬──────┬──────────────┬─────────────────────────┬───────────────────────────────────────────────────────╮
│ ID         │ NAME                                              │ ONLINE │ COST │ NO TRAVERSAL │ VERSION                 │ LISTENERS                                             │
├────────────┼───────────────────────────────────────────────────┼────────┼──────┼──────────────┼─────────────────────────┼───────────────────────────────────────────────────────┤
│ MTPdv28DSd │ stafford.edge                                     │ true   │    0 │ false        │ v0.26.11 on linux/amd64 │                                                       │
│ VSnDWO8DRd │ bangor.edge                                       │ true   │    0 │ true         │ v0.26.11 on linux/amd64 │                                                       │
│ aq.NV28jSd │ sydney.edge                                       │ true   │    0 │ false        │ v0.26.11 on linux/amd64 │ 1: tls:xxxx-173-109.ip.linodeusercontent.com:10080 │
│ ccE3reDH4  │ xxx-244.ip.linodeusercontent.com-edge-router      │ true   │    0 │ false        │ v0.26.11 on linux/amd64 │ 1: tls:xxx-244.ip.linodeusercontent.com:10080    │
╰────────────┴───────────────────────────────────────────────────┴────────┴──────┴──────────────┴─────────────────────────┴───────────────────────────────────────────────────────╯
results: 1-4 of 4
[]# ziti fabric list links
╭────────────────────────┬───────────────┬───────────────────────────────────────────────────┬─────────────┬─────────────┬─────────────┬───────────┬────────┬───────────╮
│ ID                     │ DIALER        │ ACCEPTOR                                          │ STATIC COST │ SRC LATENCY │ DST LATENCY │ STATE     │ STATUS │ FULL COST │
├────────────────────────┼───────────────┼───────────────────────────────────────────────────┼─────────────┼─────────────┼─────────────┼───────────┼────────┼───────────┤
│ 11N4Z8hCk57dhAMnV7wT8r │ bangor.edge   │ xxx-244.ip.linodeusercontent.com-edge-router      │           1 │      30.2ms │      29.0ms │ Connected │     up │        60 │
│ 1sghSp2Id9uTj711jYoMCi │ stafford.edge │ sydney.edge                                       │           1 │      16.9ms │      17.0ms │ Connected │     up │        34 │
│ 3G0kiY9khKmrU8dqa9IUVJ │ sydney.edge   │ xxx-244.ip.linodeusercontent.com-edge-router      │           1 │     205.1ms │     204.7ms │ Connected │     up │       410 │
│ 7CFusFduqpzX0fn6lckAxO │ stafford.edge │ xxxx-244.ip.linodeusercontent.com-edge-router     │           1 │     233.9ms │     233.8ms │ Connected │     up │       467 │
│ 7T3u6x0Kbvn9fpbrArxiRI │ bangor.edge   │ sydney.edge                                       │           1 │     223.4ms │     222.9ms │ Connected │     up │       446 │
╰────────────────────────┴───────────────┴───────────────────────────────────────────────────┴─────────────┴─────────────┴─────────────┴───────────┴────────┴───────────╯
results: 1-5 of 5
[root]# ziti fabric list circuits
╭───────────┬───────────────────────────┬───────────────┬────────────────────────┬─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╮
│ ID        │ CLIENT                    │ SERVICE       │ TERMINATOR             │ PATH                                                                                                                                            │
├───────────┼───────────────────────────┼───────────────┼────────────────────────┼─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┤
│ CxwJCndib │ clawbusjt2qnlgps6r73moqjn │ stafford.esxi │ 2k9iP6Y9XagTCNjfcRql32 │ r/45-33-84-244.ip.linodeusercontent.com-edge-router -> l/3G0kiY9khKmrU8dqa9IUVJ -> r/sydney.edge -> l/1sghSp2Id9uTj711jYoMCi -> r/stafford.edge │
│ ExxNCndkK │ clawbusjt2qnlgps6r73moqjn │ stafford.esxi │ 2k9iP6Y9XagTCNjfcRql32 │ r/45-33-84-244.ip.linodeusercontent.com-edge-router -> l/3G0kiY9khKmrU8dqa9IUVJ -> r/sydney.edge -> l/1sghSp2Id9uTj711jYoMCi -> r/stafford.edge │
│ Lt.NCOFib │ clawbusjt2qnlgps6r73moqjn │ stafford.esxi │ 2k9iP6Y9XagTCNjfcRql32 │ r/45-33-84-244.ip.linodeusercontent.com-edge-router -> l/3G0kiY9khKmrU8dqa9IUVJ -> r/sydney.edge -> l/1sghSp2Id9uTj711jYoMCi -> r/stafford.edge │
│ axxNvnFib │ clawbusjt2qnlgps6r73moqjn │ stafford.esxi │ 2k9iP6Y9XagTCNjfcRql32 │ r/45-33-84-244.ip.linodeusercontent.com-edge-router -> l/3G0kiY9khKmrU8dqa9IUVJ -> r/sydney.edge -> l/1sghSp2Id9uTj711jYoMCi -> r/stafford.edge │
│ nwwNvnFkK │ clawbusjt2qnlgps6r73moqjn │ stafford.esxi │ 2k9iP6Y9XagTCNjfcRql32 │ r/45-33-84-244.ip.linodeusercontent.com-edge-router -> l/3G0kiY9khKmrU8dqa9IUVJ -> r/sydney.edge -> l/1sghSp2Id9uTj711jYoMCi -> r/stafford.edge │
│ tDwJvnFkK │ clawbusjt2qnlgps6r73moqjn │ stafford.esxi │ 2k9iP6Y9XagTCNjfcRql32 │ r/45-33-84-244.ip.linodeusercontent.com-edge-router -> l/3G0kiY9khKmrU8dqa9IUVJ -> r/sydney.edge -> l/1sghSp2Id9uTj711jYoMCi -> r/stafford.edge │
╰───────────┴───────────────────────────┴───────────────┴────────────────────────┴─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╯
results: 1-6 of 6
[rxxxx ~]#
2

I note that I did not set tunnelling mode on the sydney.edge → that may be why?, update: nope didnt help.

3

Hi @cjpit - That’s weird. Can you set “no traversal” to “True” for this private router

MTPdv28DSd │ stafford.edge

4

@surennaidu done… didnt seem to help though?

╭────────────┬───────────────────────────────────────────────────┬────────┬──────┬──────────────┬─────────────────────────┬───────────────────────────────────────────────────────╮
│ ID         │ NAME                                              │ ONLINE │ COST │ NO TRAVERSAL │ VERSION                 │ LISTENERS                                             │
├────────────┼───────────────────────────────────────────────────┼────────┼──────┼──────────────┼─────────────────────────┼───────────────────────────────────────────────────────┤
│ MTPdv28DSd │ stafford.edge                                     │ true   │    0 │ true         │ v0.26.11 on linux/amd64 │                                                       │
│ VSnDWO8DRd │ bangor.edge                                       │ true   │    0 │ true         │ v0.26.11 on linux/amd64 │                                                       │
│ aq.NV28jSd │ sydney.edge                                       │ true   │    0 │ false        │ v0.26.11 on linux/amd64 │ 1: tls:173-109.ip.linodeusercontent.com:10080         │
│ ccE3reDH4  │    33-84-244.ip.linodeusercontent.com-edge-router │ true   │    0 │ false        │ v0.26.11 on linux/amd64 │ 1: tls:  33-84-244.ip.linodeusercontent.com:10080    │
╰────────────┴───────────────────────────────────────────────────┴────────┴──────┴──────────────┴─────────────────────────┴───────────────────────────────────────────────────────╯

╭───────────┬───────────────────────────┬────────────────────┬────────────────────────┬─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╮
│ ID        │ CLIENT                    │ SERVICE            │ TERMINATOR             │ PATH
   │
├───────────┼───────────────────────────┼────────────────────┼────────────────────────┼─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┤
│ Far-cOdkK │ clawdu4o02t9cgps6t4ij3gi8 │ stafford.esxi      │ 2k9iP6Y9XagTCNjfcRql32 │ r/4 84-244.ip.linodeusercontent.com-edge-router -> l/5KuXqtL9NSmxFS26jZEJMk -> r/sydney.edge -> l/6kpbV0WwaTSkdnteFFJ4wy -> r/stafford.edge
5

@cjpit - Thanks. Do you have the edge router policy that has the Sydney public router in the list for the windows client endpoint to dial?

1 Like
6

@surennaidu Thank you fixed!, I didn’t have the sydney.edge set as public

1 Like
7

You are welcome @cjpit Have fun with Ziti.

8

Hi @cjpit, welcome to OpenZiti! Glad you're enjoying it.

This will only prevent you from using the router as an identity.

Great job getting that second router up and running. We don't quite have a guide for that but it's on the list of things to write up. Cheers!