Sprint:ICN Sprint 13, ICN Sprint 14
manual steps (create CNF, openwrt configuration for Ipsec/NAT rule, manual connectivity test for ms) to verify E2E test scenarios
Two Edge clusters have exactly the same POD IP Subnets.
They don't have any static public IP address.
They don't have any static domain name.
An application is deployed where one micro-service is client, placed in edge1. Second micro-service is server placed in edge2. They can be sleep, httpbin.
Proof is that Edge1 sleep (via curl) should be table to talk to httpbin in the edge2.
Setup a cluster (traffic Hub).
Traffic Hub assumed to public IP, say PIP.
Ensure that all three clusters (Edge1, Edge2 and Hub) are brought up with the OpenWRT
Configure Hub as responder to provide IP addresses to any authenticated party requesting for IP addresses.
Configure Edge1 and Edge2 IPSec configuration to get the IP addresses.
Ensure that Edge1 and Edge2 got IP addresses (say thay are OIP1 and OIP2)
Now establish IPSEC HUB policy to pass traffic from Edge1 to Edge2 and vice versa.
Create Edge1 tunnel to the HUB as left IP as OIP1 and right IP as ANY as remote gateway as PIP
Create Edge2 tunnel to the HUB as left IP as OIP2 and right IP as ANY as remote gateway as PIP
Ensure that tunnels are established.
Establish SNAT in Edge1 with SNAT IP address as OIP1.
Establish SNAT in Edge2 with SNAT IP address as OIP2.
Establish DNAT rule in Edge2 to redirect the traffic destined to OIP2 and Port 80 to internal HTTPbin IP address & Port.
Now do curl from Sleep POD in Edge1 to OIP2.
Ensure that curl command is successful with httpbin output.