On 11/14/2015 12:43 PM, Shaun Crampton wrote:
You may be able to get non-IPIP working within each segment and set up a 
VPN-type solution to tunnel between your IDCs but it's
not something that we support out of the box.

That is another way to state my earlier question's goal.

I am thinking of 3 to 7 VM's running etcd2, with two or three in each 
datacenter for surviving a datacenter outage.
There will also be maybe 6 worker VMs, (2 per datacenter), to start.  To use 
the new Kubernetes/Calico plugin sounds attractive.

My etcd2 VMs would not be worker nodes and so could handle some network traffic 
for control by kubernetes and
probably VPN tunnels to the other networks also.  Once the tunnels are up, each 
private network zone assigned to my
VMs in each datacenter will be connected to the others.  I will have control 
over IPs assigned in each zone so I can
make the IPs not overlap.  They all do IPv6 even.  Beyond that, I'm still 
studying.

Is OpenVPN able to connect 3 private LANs to act as one?
Does OpenVPN require setups in both directions, one as client, one as server?

Reading the quick start for OpenVPN I come across statements such as "a separate
certificate  and private key for the server and each client, and a master 
Certificate
Authority (CA) certificate and key which is used to sign each of the server and 
client certificates".
That sounds like the etcd2 VMs might be the servers and the workers clients 
from the OpenVPN viewpoint.

Suggestions for adding tunnels, (routed VPN), to calico networking?


_______________________________________________
calico-tech mailing list
calico-tech@lists.projectcalico.org
http://lists.projectcalico.org/mailman/listinfo/calico-tech_lists.projectcalico.org

Reply via email to