Ziti router interconnect

Hi team , first of all thanks to this wonderful solution.
I have been looking into openziti and started a lab project in my cloud and works well for hosting services on overlay etc.

I am trying to experiment the following but would be glad if there’s some expert out there who can advise further

Policies / configured and identity set as per required

  1. Datacenter A - controller + edge router
    Hosting multiple services such as private web server / ssh - all worked for my desktop edge without issue

  2. Datacenter B- + edge router with tunneller enabled
    Host a web services to private app .

My windows client can access private app on datacenter B , however I want to achieve connecting to datacenter A and access private app on datacenter b , how do I go about it ?

Reason: connection to datacenter b are high latency and for proximity I like to dial to datacenter A where the router there have better connection to datacenter B

Tried to search and read more but I could use more helps here how to achieve this

1 Like

Just going to update here on what I've progressed so far.

After reading docs here and there, I managed to get some working by

  1. adding Edge Service policy and apply necessary dial and bind between the routers.
  2. once connections established
    3 I create a new dial for endpoint identity and got it working..or maybe work :slight_smile: still exploring more
1 Like

That's great progress, @Crystech. It sounds like you used a tunneler-enabled router (ER/T) with a Bind Service Policy in DC B to host the private app. Did you use a client proxy tunneller in DC A with the Dial Service Policy for accessing the private app in DC B, or a Ziti edge SDK for the dialing side?

The selection of the Edge Router by the SDK is by latency. So if the connection to location B is high latency, you should be selecting A already, with a fabric circuit through to B. You can verify this by reviewing the fabric.circuit messages in the logs (assuming you are logging them) and reviewing the path nodes field in the record. This will list the Edge Routers involved in the path. You can also see the latency reported in the endpoint logs if the verbosity is set high enough. You can search for "latency" in the logs and should be able to find it relatively easily and compare the two locations.

Thanks all, I managed to somewhat sorted out the connections. I facing another funny issue and not sure if this is because a bug or my setup issues.

on the service and policy i setup client to route 0.0.0.0/1 and 128.0.0.0/1 via an edge router for port 80/443. this work out fine for laptops but on iphone IOS , I will get disconnected from controller (turning red) while on mobile network.

It seem like when my iphone is on my homewifi it works ....

Currently -
I setup a service named internet-svc and attached 2 configurations as usual
internet-intercept (address 0.0.0.0/1 128.0.0.0/1) (tcp/udp low:80/443)
** internet-host (address 0.0.0.0/1 128.0.0.0/1)(tcp/udp low:80/443)**

 **Create bind policy to internet-router**

** Create dial policy for public edge router 1 and router 2**
** Create dial policy for internet-clients**

 **Create Router service policy  for #all and mapped to #internet-svc**

With above setup , laptop using mobile data works but not iphone on the same mobile data.

iphone works if on home wifi.

I am able to browse internet and shown the ip of the internet router.

am I doing anything wrong or it is iphone edge limitation?