Skip to main content

Edge private network

Edgecell edge private network (EPN) is an overlay networking tool designed to be fast, secure, and scalable. It connects any number of nodes with on-demand, encrypted tunnels that work across any IP networks and without opening firewall ports.

What’s an overlay network?

Put simply, an overlay network is a virtual network that runs on top of another network. A virtual private network (VPN) is an overlay network. An SSH tunnel can help create an overlay network. A Virtual Private Cloud (VPC) is an overlay network offered by cloud infrastructure providers.

Inspired by a number of existing tools and projects, Edgecell EPN was created to make it much easier to design, deploy, and manage overlay networks that were highly performant, portable, and secure.

Core features

  • Peer-to-peer, layer 3, virtual network
  • Supports TCP/UDP/ICMP traffic via TUN adapter with split-tunneling
  • Host firewall with groups-based rules engine for overlay traffic
  • Route discovery and NAT traversal assisted by simple "lookup" hosts

Every node is automatically assigned to the customer's EPN when it is provisioned. The customer controls the firewall and group based rules through the Placement objects pushed to Git.

Identity and Authorization

Edgecell EPN uses a PKI model for establishing trust between hosts and networks.

  • Host certificates are used to securely identify and authorize peers
  • Hosts mutually authenticate by validating certificates and CA's
  • Firewall rules enforced by evaluating certificate "security groups"

Edgecell EPN includes executable to generate keys, certs, CA's, and to sign host certificates. The Deployer organization controls the rules of the nodes.

Compatibility

Edgecell EPN is written in Go and is designed for portability.

  • Packaged for Linux, macOS, Windows, iOS, Android, and FreeBSD
  • Efficiently runs on x86, ARM, MIPS, PPC, and RISC hardware (32 & 64-bit)
  • A single executable runs host firewall and service
  • Host config file defines CA trust, host cert & key, and firewall rules

Technical details

Edgecell EPN is a mutually authenticated peer-to-peer software defined network based on the Noise Protocol Framework. Edgecell uses certificates to assert a node's IP address, name, and membership within user-defined groups. Edgecell's user-defined groups allow for provider-agnostic traffic filtering between nodes.

Discovery nodes allow individual peers to find each other and optionally use UDP hole punching to establish connections from behind most firewalls or NATs. Users can move data between nodes in any number of cloud service providers, datacenters, and endpoints, without needing to maintain a particular addressing scheme.

Edgecell uses elliptic curve Diffie-Hellman key exchange, and AES-256-GCM in its default configuration.

Edgecell EPN was created to provide a mechanism for groups hosts to communicate securely, even across the internet, while enabling expressive firewall definitions similar in style to cloud security groups.