MÓDULO RELAY.Art¶
Bridge OOBI ↔ customer MGMT — telemetry ingress + control egress.
Function¶
The only path between OOBI overlay (trusted) and customer-side mgmt interfaces (untrusted). DUTs and customer-side gear NEVER join OOBI overlay — RELAY bridges via dedicated MGMT NICs.
See primer for the full operator-facing intro.
Identity¶
| Element | Value |
|---|---|
| Plane | MGMT-light (cloud-portable, kind of — needs L2 reach to customer) |
| Internal code | relay-bridge |
| K8s namespace | relay-art |
| OOBI slot | .240 (primary) / .241 (HA standby) |
| Customer-side iface | per-customer dedicated NIC (eth1+) |
Hard rules¶
- MGMT-only — never data plane
- Read-only default — write requires unlock window
- PII strip on ingress (k-anonymity ≥ 10)
- Per-target cred isolation in vault
- DOM-aware (production = read-only enforced)
Component layout¶
| Component | Function |
|---|---|
relay-bridge |
multi-NIC pod (vxlan0 + eth1+) |
relay-vault |
per-target cred namespacing |
ingress-redactor |
PII strip + k-anonymity ≥ 10 |
egress-orchestrator |
SSH/SNMP-poll/REST/NETCONF clients |
discovery-probe |
passive observation → VALIDATOR ML cortex |
Operator controls¶
/admin/relay— per-target connection status + audit log- HA pair config (
.240/.241) - Vault credentials add/rotate
Key telemetry¶
relay_ingress_bytes_total{customer}— telemetry bytes receivedrelay_egress_commands_total{customer, op}— operator commandsrelay_ha_failover_total— failover eventsrelay_pii_redactions_total{pattern}— k-anonymity enforcement count
Related¶
- ADR 0020
- RELAY.Art primer
- Patent claim #5