A couple links that might help:
- Ziti Mobile Edge (iOS) - #12 by scareything In the diagram in this post, @scareything covers the TCP interaction (SYN -> SYN/ACK) between a host and tunneler ("Ziti Mobile Edge" and ziti-edge-tunnel as the tunneler in the sequence diagram)
- Connection Security | OpenZiti The top two diagrams cover the independent mTLS links and the end-to-end encryption added by the app endpoints (meaning, "apps that include a Ziti SDK, such as any of the tunnelers")
- Data Flow Explainer | OpenZiti include high level data flow among controller, routers, and SDK endpoints (such as the tunnelers).
@scareything will be able to go deeper on the host/tunneler interactions, but I believe he's out-of-pocket for the next few day.