With Cloudi-Fi WAN deployment, the service enablement doesn't require any hardware or software to be installed on site, however the local setup depends on the compatibility of the legacy infrastructure. 

When adding a new site to Cloudi-Fi, the existing local network will need to route the traffic to Cloudi-Fi. This routing requires a configuration which needs to match local requirements. Those local requirements are classified as types of location.

Each location has an Internet breakout

Each location can directly route the traffic to Cloudi-Fi.

In this case, the type of location for all sites (Store, HQ, Factory, Branch) can be:

  • GRE or IP based IPSec if you have a static public IP

  • FQDN based IPSec if you have a dynamic public IP address


All locations share a central Internet breakout

All sites are connected to a MPLS private network and the Internet traffic is centralized to a datacenter with a global Internet breakout.

In this case, the type of location for the Datacenter can be :

  • GRE or IP based IPSec if you have a static public IP

  • FQDN based IPSec if you have a dynamic public IP address

However in order to dissociate the locations (Store, Branch, HQ, Factory), they will be configured as:

  • Virtual locations 

Virtual location are attached to a physical site (the Datacenter in that case) and are defined by private IP ranges.
Please note that the Private ranges cannot overlap among them.


Several SSIDs in the same location 

In this case, the physical location HQ will be :

  • GRE or IP based IPSec if you have a static public IP

  • FQDN based IPSec if you have a dynamic public IP address

And the SSIDs Guest and Employee will be:

  • Virtual location defined with their respective private IP ranges and attached to the physical site HQ.

Quick note about GRE tunnel

Nowadays, when we hear the term "VPN", we directly think to IPSec VPN and encrypted traffic, that is normal because security and the privacy are a big concern in our society.

GRE tunnel is also a VPN, but without any encryption. It's only use to route a data from point A to point B. It's very simple to configure and to monitor (thanks to internal tunnels IPs).
So why you would use an unencrypted tunnel to route your traffic from your location to our datacenter?

Because most of Internet traffic is already encrypted thanks to SSL (HTTPS).
Because GRE is very easy to configure (no phase1 or phase2 issue),
It's easy to monitor thanks to internal tunnel IPs.
It's less resource-consuming for VPN endpoints (because there is no encryption).
And above all, the traffic you send to Cloudi-Fi doesn't need to be encrypted, because it's Internet traffic, that means it's a public traffic by nature.

Here is an example of classic Internet traffic. The traffic is passing in clear over Internet 

So there is no reason to would encrypt the traffic from your Internet router to Cloudi-Fi because the traffic will finally pass in clear between Cloudi-Fi and websites :

If you have a doubt regarding the type of location you have to use, please contact the Cloudi-Fi support with the chatbot or by sending us an email : support@cloudi-fi.com

Did this answer your question?