Search Docs...
⌘ K
ANS
Arcfra Network Service (ANS) provides software-defined network and security functions for Arcfra Enterprise Cloud Platform (AECP). It provides network connectivity and security capabilities for application workloads supported by virtualization and Kubernetes.
Everoute operator
Everoute operator is responsible for the operation and management of ANS services, configuration of micro-segmentation security policies, etc.
Arcfra network controller
Arcfra network controller uses etcd to provide master node election and real-time monitoring.
API
Application programming interface.
Micro-segmentation
Network isolation technology under the zero trust model, where each application or virtual machine can be viewed as an independent segment, and each segment treats all devices, users, and network areas outside the segment as untrusted potential threats.
Everoute agent
Everoute agent provides data plane control for the distributed firewall. It is a local agent deployed on every host in the cluster that needs to use the distributed firewall. It is responsible for learning the IP addresses of virtual machines and managing IP address timeouts. It communicates with Arcfra network controllers through the southbound interface to subscribe to security group information and changes corresponding to security policies generated by Arcfra network controllers. It converts security policies into security rules, and then edits the forwarding table of security rules for the virtual distributed switch data forwarding plane on the node through the datapath interface.
Load balancer
Load balancing is a computer technology responsible for distributing network or application traffic load to multiple backend servers, improving application capacity (concurrent users) and reliability. Load balancers are generally divided into two categories: Layer 4 and Layer 7. Among them, the Layer 4 load balancer (also known as network load balancer) operates in the fourth layer of the OSI model, distributing requests according to specific load balancing scheduling algorithms based on IP addresses and ports in the packets.
Load balancer virtual machine
Provides the data plane for the network load balancing feature, the load balancer virtual machines used for actual data forwarding of the load balancer.
VIP (Virtual IP)
The address of the virtual service, configured one per virtual service, is responsible for receiving client requests.
LIP (Local IP)
The address used for communication between the virtual service and backend servers, configured one in the VM network associated with each load balancer virtual machine for communication with the server pool.
VPC
A virtual private cloud is a user-defined logically isolated network space. You can manage your own subnet structure, IP address range and allocation method, gateway service, security service, etc. in the VPC.
TEP (Tunnel Endpoint)
TEP is the start and end point of the overlay tunnel established between two endpoints, called tunnel endpoint. During data transmission, the IP addresses of these endpoints are used to define both ends of the tunnel, serving as the source and destination addresses in the outer IP packet header.
In the associated cluster, each node is a tunnel endpoint, responsible for encapsulating the traffic of virtual machines in the overlay network and routing to the target TEP according to the address in the outer IP packet header of the packet.