Possible Router and Controller Locations

1

To create an Open Ziti network that can span the public internet, does the controller have to be available from the public internet or could it live in a private network as long as an edge router is publicly available?

For example:

  • host the controller in my home network
  • host services in my home network
  • host an edge router on AWS
  • access services in home network while out and about using the Ziti Mobile Edge

If not, can the edge router be hosted in my home network (with the controller in AWS)?

Basically I am wondering which of the following is true:

  • a network is only as public as the controller
  • a network is only as public as the most public edge router
  • a network is only as public as the controller AND the most public edge router

Please feel free to correct any bad assumptions embedded in any of these statements.

2

At least one controller and at least one router needs to be addressable by all the entities that plan to use the overlay network. So if the endpoints are located across the internet, you'll need a controller and router available on the internet.

If the controller, router, and clients are all on a private network, then they call all be on a private network.

Generally speaking though, imo, it's best/easiest to put a controller and router on the internet. You can then deploy edge routers in private address space and they will form links to the public router, creating the mesh.