MÓDULO SDWAN/CoR-{1..10}.Art¶
10 IPSec tunnels with per-tunnel bandwidth + workload mix.
Function¶
Stands up up to 10 IPSec tunnel remote endpoints, each carrying its own bandwidth shape + inner workload mix. Models a customer SDWAN fan-out (branch offices + cloud-on-ramp).
Inner workload runs CLEAN (no L7 inspection) — the test isolates IPSec encap behavior from L7 stack.
Identity¶
| Element | Value |
|---|---|
| Plane | DATA |
| Internal code | vyos-vpn-remote-{1..10} |
| K8s namespace | web-agents |
| OOBI slot | n/a (data-plane only) |
| Per-tunnel VLAN | 4338 (legacy "VPN-REMOTE"), subnet 200.130.0.4/30 |
Dependencies¶
- VyOS + StrongSwan
- Multus + macvlan
- Cloud Endpoint Service (optional, when
remote-endpoint=cloudmode)
Modes¶
| Mode | Remote endpoint |
|---|---|
local |
Synthetic bench-side VPN endpoint (default, air-gap safe) |
cloud |
TLSStress.Art Cloud Endpoint Service (8 PoPs globally) |
self-hosted |
Operator-deployed self-hosted endpoint (air-gap + cloud realism) |
Operator controls¶
/admin/sdwan-cor— pick tunnel count, per-tunnel bandwidth, inner workload mix (HTTP/iperf3/voice)- Mode selector: local / cloud / self-hosted
- RFC 2544 + RFC 6349 throughput methodology supported
Key telemetry¶
ipsec_tunnel_state{index}— established / rekeying / downipsec_tunnel_bandwidth_bps{index, direction}— per-tunnel BWipsec_pps_per_tunnel{index}iperf3_inner_throughput_mbps{index}— inner workload (CLEAN)
Notes¶
The 10-tunnel fan-out lets you scale from a single-tunnel branch office test to a fully-saturated SDWAN concentrator validation in one go.
Related¶
- Memory:
discuss_vpn_ipsec_simulation - ADR 0023 — Cloud endpoint
- Cloud Endpoint primer