Appearance
Addressing
Enclave utilizes IP addresses within the private address space for its overlay network. This means that all agents and gateways in the Enclave network are assigned private IP addresses that are not routable on the public internet.
IPv4 addressing
The EMC defaults your virtual subnet to range to 10.100.0.0/16. This means that all agents and gateways in your Enclave network will be assigned IP addresses within this range. You can customize this subnet to fit your needs, but it must be a private IP address range as defined by RFC 1918. The private IP address ranges are:
10.0.0.0/8192.168.0.0/16172.16.0.0/12
It is important to ensure that the subnet you choose does not overlap with any existing subnets in your network, as this can cause routing issues and connectivity problems.
Gateway virtual subnets are also assigned IP ranged within the RFC 1918 private address space, but live at a separate range from the default enclave subnet. For example, if your default enclave subnet is 10.100.0.0/16, you might have a gateway virtual subnet of 10.200.0.0/24 in which your gateway nodes are assigned IP addresses. This allows for proper routes to be created to route traffic to the gateway and not overlap with the default enclave subnet.
IPv6 addressing
Enclave uses a singular private IPv6 address range fde0:c1a4:e::0/48 for all agents and gateways. Agents are then assigned an IPv6 address within this range based on their enclave IPv4 address. For example if an agent has the assigned enclave IPv4 address of 10.100.0.10, it would be assigned the IPv6 address of fde0:c1a4:e::10:100:0:1. This allows for a consistent mapping between IPv4 and IPv6 addresses within the Enclave network, making it to translate between address types easier. The IPv6 address range is also private and not routable on the public internet, ensuring that all traffic within the Enclave network remains secure and isolated from external networks.
Gateways virtual subnets also live within the fde0:c1a4:e::0/48 range but are assigned a unique fourth octet to ensure they do not overlap with the agent addresses. For example, if a gateway has a unique octet of 1, and a gateway node is accessible under it at 10.200.0.20, it would be assigned the IPv6 address of fde0:c1a4:e:1:10:200:0:20. This allows proper routes to be created to route traffic to the gateway and not overlap with the default enclave subnet.