On 11/14/2015 12:43 PM, Shaun Crampton wrote:
You may be able to get non-IPIP working within each segment and set up a VPN-type solution to tunnel between your IDCs but it's not something that we support out of the box.
That is another way to state my earlier question's goal. I am thinking of 3 to 7 VM's running etcd2, with two or three in each datacenter for surviving a datacenter outage. There will also be maybe 6 worker VMs, (2 per datacenter), to start. To use the new Kubernetes/Calico plugin sounds attractive. My etcd2 VMs would not be worker nodes and so could handle some network traffic for control by kubernetes and probably VPN tunnels to the other networks also. Once the tunnels are up, each private network zone assigned to my VMs in each datacenter will be connected to the others. I will have control over IPs assigned in each zone so I can make the IPs not overlap. They all do IPv6 even. Beyond that, I'm still studying. Is OpenVPN able to connect 3 private LANs to act as one? Does OpenVPN require setups in both directions, one as client, one as server? Reading the quick start for OpenVPN I come across statements such as "a separate certificate and private key for the server and each client, and a master Certificate Authority (CA) certificate and key which is used to sign each of the server and client certificates". That sounds like the etcd2 VMs might be the servers and the workers clients from the OpenVPN viewpoint. Suggestions for adding tunnels, (routed VPN), to calico networking? _______________________________________________ calico-tech mailing list calico-tech@lists.projectcalico.org http://lists.projectcalico.org/mailman/listinfo/calico-tech_lists.projectcalico.org