Galactic VPC, Proof-of-Concept Two

[ecv]

High-Level Summary

Prove the concept of IROH directory service atop an SRv6 network topology. Open a flow from a Datum Connect tunnel to another Datum Connect endpoint, define that flow as spanning our backbone, and pass traffic to a service over it using an IROH name.

Motivation

This gets us working software in the field at the global edge.

Then we stand back ten metres and squint at it.

Goals

• The network services operator can discover resources via IROH key fingerprint
• I can tunnel between resources via SRv6

Non-Goals

• Make my NSO-discovered resources available to a project. (Successor issue.)
• Modify the route taken by our packets via SRv6. (Successor issue.)
• Dualstack Lite ipv4-over-v6 abstraction

Envisioned End State of Entire Project

Galactic VPC is a per-project namespace within which a service or workload can dial any other resource inside the project via an IROH key fingerprint alone, establishing end-to-end secure and trusted flows, without knowing anything about the underlying networks. SRv6 and IROH are the routing and directory pillars for this single private-network namespace.