Help with example reflect server

Building/Development
1

Hello community, I have a question, I am running the example of the mirror server, but when I try to do

$ ziti edge enroll -j reflectClient.jwt I get an error

And as a consequence I can’t do it for the server either.

What could be doing wrong?

Greetings.

2

My guess is your jwt has expired? Can you post the full error? I’ll give this a try right now too…

1 Like
3

Yes, that is correct, that is the error that marks me. However I do a $zitiLogin and it authenticates me, but after executing the commands to roll up the entities, I still get the same error.

4

If your identity’s jwt has expired, you’ll want do just delete, then recreate the identity. it should then allow you to enroll it.

ziti edge delete identity $expiredId
1 Like
5

Ok, I try and share the result.

Thank you very much

6

Hello,

Your answer worked very well, I’m exploring OpenZiti in a better way.

I have some more questions:
where can I find what is related to the REST API?
Can I integrate OpenZiti with GNS3 for further understanding in an emulated way?

Thank you.

7

see https://openziti.github.io/api/rest/index.html

Download the Client API Spec

The client api spec can be downloaded from your controller at the following url (replace "${CONTROLLER_URL}" accordingly) https://${CONTROLLER_URL}/edge/client/v1/docs.

Download the Management API Spec

The client api spec can be downloaded from your controller at the following url (replace "${CONTROLLER_URL}" accordingly) https://${CONTROLLER_URL}/edge/management/v1/docs.

I don't know what GNS3 is yet (but i am on the website) I'll have to let you know on that...

8

I’m not a Network Engineer - I only play one on Ziti TV… Just kidding :slight_smile: From the few minutes I spent looking at what GNS3 does - I don’t think there’d be much overlap with it and OpenZiti. It looks to me like GNS3 is more about working with the underlay network. OpenZiti removes most of that and hopefully improves on the experience by building an overlay network.

Maybe you could use the lessons learned by programming the underlay, and build OpenZiti connections on the underlay while not exposing ports and using zero trust networking principles. I’m not sure though… :thinking: If you come up with something though - post back!!! :slight_smile: I’d love to see what you come up with

9

Jaja

Ok, I will continue exploring both tools and if I can do something, I will gladly share it

Thank you.

10

Out of curiosity @Edwin, what is it that you would like to emulate and simulate with OpenZiti?

11

My intention is to try an example from the repo in an emulated or simulated way using GNS3, for example, but I don’t know if it is possible, it is possible that I am also misunderstanding the concepts, but I will continue investigating and if there is something that can be done, I will I share.

12

My immediate thought is no, to my knowledge no one has done work on GNS3 and OpenZiti plus as Clint says, underlay vs overlay. The point is that OpenZiti can literally be deployed and operate anywhere. It turns the internet into your own private intranet. Cool features such as smart routing on the mesh overlay allow you to control the internet in a way BGP does not. Service dial health tells you whether there are problems which infer issues in the underlay. How you configure and deploy these components on the internet changes how the overlay operates with an infinite number of possibilities.

Therefore, are you trying to understand more about the concepts (or superpowers as I like to think) of OpenZiti or test a real-world scenario without actually deploying the virtual overlay components?

13

Thank you very much @PhilipGriffiths, it is clearer to me with this explanation that you make me.

Regarding the other questions, I think I’m at the point where I want to do both activities, explore OpenZiti’s superpowers more and do something without implementing the overlay components, although I think the latter won’t be achieved, so I just to understand.

14

Happy to help. If you want to explore more on the superpowers of OpenZiti, Dave Hart, gave a good keynote last week - Keynote DeveloperWeek 2022 Europe Session - Dave Hart, CTO NetFoundry - YouTube

There are some concepts not really covered (e.g., dial health, smart routing, possibly more) but we can explain them in other ways (e.g., I will be talking about them at EIC next week - Building an Identity-Centric Security Strategy… the event may be paywalled so happy to share the slides / content in some other fashion as works for you).

15

Thank you very much, I will be waiting for the information.

Greetings.

16

There are a few concepts which come to mind which could be fleshed out more from Dave’s (or many of Clint’s) wonderful sessions. These are:

  • Platform: OpenZiti was built to provide a secure bit pipe for any use case. Remote access, cloud, IoT, its all possible as there is no concept of client/server. Anything can host and initiate meaning the internet becomes your private intranet for any use case - see image 1. This extends to supporting anything on top, for example, we are very close to releasing support for zero trust, private VoIP. Other solutions cannot handle VoIP and its an interesting use case as its increasingly subject to fraud attempts and Denial of Service attacks… we can literally make it all dark so that this attack vector does not work.
  • Service Dial Health: The Ziti overlay has a concept of terminators between things on and off the overlay. The success of these connections allows us to see where things and healthy and where they are not. This allows you to infer (visualised in NetFoundry console in image 2) where there are or are not problems - for example, if you have an issue between SDK or non-SDK embedded service/app to the Edge Router in the same DC then someone has misconfigured a local FW/network rule.
  • Smart Routing: OpenZiti has lots of HA/HS capabilities built into the fabric. Again using terminators, cost calculations (e.g., latency) are made across the fabric from source to destination through every possible path. The overlay automatically routes according to the lowest cost regardless of the underlay - thereby circumventing standard BGP as well as providing higher uptime and reliability (see image 3).

Image 1 -

image
image1920×1076 76 KB

Image 2 -
image
image1734×978 109 KB

Image 3 -
image
image1730×888 110 KB

1 Like
17

I will try to get my hands on some useful videos for this. A few resources for further reading (apologies, I cannot find any talking only about OpenZiti):

1 Like
18

@Edwin, Clint did a good job on Ziti TV last Friday covering some of the Superpowers … here is a short playlist - OpenZiti Superpowers - YouTube