Skip to main content

About Application Domain-based Routing

Abstract

Application Domain-based Routing is a technique that CloudConnexa uses to route traffic for configured Applications to the correct connected network without relying on using the IP subnets of the connected networks as routes.

Application Domain-based Routing is a technique that CloudConnexa uses to route traffic for configured Applications to the correct connected network without relying on using the IP subnets of the connected networks as routes.

The unique application domain names are used as routes to decide which connected network is the destination for that traffic.

Note

CloudConnexa DNS Proxy setting must be ON for application domain-based routing to work. Refer Set CloudConnexa DNS Proxy Off

Workings of Application Domain-based Routing

There are two things that application domain-based routing should accomplish:

  1. Steer the traffic destined to the application's domain name to CloudConnexa.

  2. Route the traffic to the correct connected network and IP address once the traffic enters CloudConnexa.

A route to the WPC Domain Routing subnet is pushed to all the endpoints when they connect to CloudConnexa. When the connected device wants to route traffic to an IP address within the WPC Domain Routing range, it will select the tunnel interface to CloudConnexa, ensuring the traffic reaches CloudConnexa.

CloudConnexa acts as a proxy DNS server for all DNS lookups. Using the DNS proxy, CloudConnexa responds to the DNS resolution query for a configured application's domain name with an intermediary IP address from the WPC Domain Routing range instead of the IP address of the destination. This ensures that the connected endpoint routes the traffic to your WPC. CloudConnexa keeps a map of the intermediary IP address, the final destination IP address, and the connected network associated with the application domain. Once the traffic arrives at CloudConnexa, it is forwarded to the connected private network based on the mapping.

Advantages of Application Domain-based Routing

Now that you understand how Application Domain-based Routing works, you can appreciate its many advantages:

  • There is no need to turn Split Tunnel OFF: Public domain names can be configured as Applications, too. Therefore, keeping Split Tunnel ON allows you to steer traffic to the internet domains configured as Applications to CloudConnexa without sending all traffic to CloudConnexa.

  • Cloaking: The user only discovers the application's intermediary IP address. Your networks' IP address routes and your application server's IP address are hidden from the user.

  • Lateral movement prevention: Discovering applications to target or scan connected networks is challenging because their IP subnet routes are hidden, and millions of IP addresses are in the WPC and Domain Routing subnets.

  • Overlapping IP address ranges is OK: Connecting two networks with the same IP address range to a router would cause IP address conflicts and misrouting. But with CloudConnexa, you can connect networks without configuring IP address routes and use application domain-based routing; there are no IP address conflicts.

  • Create FQDN with IP addresses: Embedded IP enables you to append an IP address to an Application's domain name and resolve such domains without adding a DNS record. This is useful for IoT networks. For example, ssh root@192-168-1-1.server.example.com can be used to SSH into the computer with a private IP address of 192.168.1.1 on the Network that has the domain name of server.example.com configured as an Application.

  • Setup Ease: You only need to know the IP addresses of your application servers, not the IP address subnets of your network. Deploy a Connector on your network, configure Applications, and create DNS Records for private applications. Then, you can remotely access your applications using domain names.