Tweet
Hi All,
We've been testing out cloud connexa for user access and we were quite liking it, but we've hit a bit of a killer limitation in cloud connexa's networking stack.
We have a number of sites we want to run the connector on, behind which are about 40k routes in private ranges. The way we used to deal with this at the user vpn was just pushing aggregate routes to the vpn routers. For eg:
site 1) 10.0.0.0/8, 10.0.0.0/9
site 2) 10.0.0.0/8, 10.128.0.0/9
site 3) 10.1.0.0/16 10.99.24.0/24
site 4) 10.5.5.0/24 ... etc..
Im sure you get the drift (i.e. site 1 and site 2 house alot of the routes inside the 10/8 range and we just push more specific routes from other sites... i.e. basic networking)
We cant find any way of doing this with connexa that doesn't involve publishing 40k routes to connexa (and even assuming we could do that via an API, it wouldnt allow us to do redundancy - i know you can have multiple connectors, but that doesn't really solve the issue either). The connexa portal just keeps telling us its overlapping subnets which is somewhat painful - none of them actually overlap by the way. But, as an example, if site 2's internet was down, we can get to site 2 via site 1 so if you're trying to get to a subnet at site 2 in the 10.128.0.0/9 range, coming in via site 1 is possible.
As it stands, the only way I can see I can make it work is to have only a single connector at site 1 with 10.0.0.0/8 and rely on the internal connections from site 1 to get to the other sites which isnt really much of a workable solution
Is there any way around it or is it just impossible with connexa?
We've been testing out cloud connexa for user access and we were quite liking it, but we've hit a bit of a killer limitation in cloud connexa's networking stack.
We have a number of sites we want to run the connector on, behind which are about 40k routes in private ranges. The way we used to deal with this at the user vpn was just pushing aggregate routes to the vpn routers. For eg:
site 1) 10.0.0.0/8, 10.0.0.0/9
site 2) 10.0.0.0/8, 10.128.0.0/9
site 3) 10.1.0.0/16 10.99.24.0/24
site 4) 10.5.5.0/24 ... etc..
Im sure you get the drift (i.e. site 1 and site 2 house alot of the routes inside the 10/8 range and we just push more specific routes from other sites... i.e. basic networking)
We cant find any way of doing this with connexa that doesn't involve publishing 40k routes to connexa (and even assuming we could do that via an API, it wouldnt allow us to do redundancy - i know you can have multiple connectors, but that doesn't really solve the issue either). The connexa portal just keeps telling us its overlapping subnets which is somewhat painful - none of them actually overlap by the way. But, as an example, if site 2's internet was down, we can get to site 2 via site 1 so if you're trying to get to a subnet at site 2 in the 10.128.0.0/9 range, coming in via site 1 is possible.
As it stands, the only way I can see I can make it work is to have only a single connector at site 1 with 10.0.0.0/8 and rely on the internal connections from site 1 to get to the other sites which isnt really much of a workable solution
Is there any way around it or is it just impossible with connexa?