Ziti and load balancers

All of our deployments in AWS are using AWS ELB - Elastic Load Balancers ( either Application Load Balancer or Network Load Balancer ).

Given the statement above, how would zitification work? From what I can think, termination would happen on edge routers and packets will be handed over to the respective ELB and server side workloads wouldn’t need tunnelers / SDKs.

Am I missing something?


That’s exactly what you’d do if you didn’t want to move away from the ELB for whatever reasons.

You could choose to use “zero trust host access” though, and install tunnelers locally or use application-embedded zero trust (adding the sdk into the app/server software itself). At that point, you would couldn’t use/wouldn’t need ELBs and you’d rely on the highly performant OpenZiti Fabric to do the same job, which of course, it was built to do at scale as well.

Thanks, that is my understanding as well, but good to get it confirmed from the expert. :slight_smile:

Also in addition to enabling tunneling mode on router ( creating it with -t parameter which IIUC adds the “tunnel” binding ) do I need anymore changes on the edge router?

In order to use the router itself to offload traffic, it’s undoubtedly easiest to use tunneling mode which is activated with the flag -t during router creation. I don’t think there’s anything else you need to do per-se. Nothing comes to mind at the moment… If something pops in, I’ll follow-up but right now, I don’t think so.

1 Like