gatekeeper icon indicating copy to clipboard operation
gatekeeper copied to clipboard
verified publisher icon AltraMayor

Supporting vantage points without a back channel

Open AltraMayor opened this issue 6 years ago • 0 comments

Some relevant vantage points (VPs) may not have a back channel, for example: Vultr. Thus, protecting the GT-GK channel becomes a production requirement when deploying Gatekeeper on cloud providers.

Moreover, in a mixed deployment, in which some VPs may have a back channel (e.g. an Internet exchange) and other not, the packets crossing VPs without back channels may also need to go through a VP with back channel. We need to figure out how to accommodate this setup. The key question here is how can the second Gatekeeper server, which is in a VP with a back channel, accept the packets coming from VPs without back channels and not making the whole deployment vulnerable? Establishing tunnels from VPs without back channels to VPs with back channels? Is it enough?

AltraMayor avatar Feb 22 '19 12:02 AltraMayor