eryph
by

Advanced Topics

Project Networks

Project networks provide isolated virtual networking within eryph projects, enabling complete separation between teams and environments.

Overview

Virtual networks built on network providers with:

  • Independent IP ranges per project (overlapping allowed)
  • Isolated DHCP, DNS, and routing
  • No cross-project communication by default
  • Multiple environments (dev, test, staging, production)

Configuration

Default network (created automatically):

networks:
- name: default
  environment: default
  provider:
    name: default
    subnet: default
    ip_pool: default
  address: 10.0.0.0/20
  subnets:
  - name: default
    address: 10.0.0.0/20
    dns_servers: [9.9.9.9, 8.8.8.8]
    mtu: 1400

Multiple networks (frontend/backend separation):

networks:
- name: frontend
  environment: production
  provider: 
    name: production
    ip_pool: frontend
  address: 10.1.0.0/24

- name: backend
  environment: production  
  provider:
    name: production
    ip_pool: backend
  address: 10.2.0.0/24

Environment separation (dev/staging/prod):

networks:
- name: default
  environment: dev
  provider:
    name: overlay
    ip_pool: dev
  address: 172.16.0.0/24
  
- name: default
  environment: staging
  provider:
    name: overlay
    ip_pool: staging
  address: 172.17.0.0/24

- name: default
  environment: production
  provider:
    name: overlay
    ip_pool: prod
  address: 172.18.0.0/24

Management Commands

# View virtual network instances
Get-VNetwork

# Get network configuration YAML for a project
Get-VNetwork -Config -ProjectName "myproject"

# Update virtual network from YAML string
Set-VNetwork -Config $yamlContent -ProjectName "myproject"

# Get catlet IPs (external by default)
Get-CatletIP

# Get internal IPs for specific network
Get-CatletIP -InternalIp -Network "default"

# See all available parameters for a command
Get-Command Get-VNetwork -Syntax

Note: Network provider configuration is managed through eryph-zero networks import command. See Advanced Networking for details.

Common Patterns

DMZ with internal segments:

networks:
- name: dmz
  provider:
    name: dmz-provider
    subnet: public
  address: 172.16.1.0/24
  
- name: internal
  provider:
    name: internal-provider
    subnet: private
  address: 10.0.1.0/24
  
- name: database
  address: 10.0.2.0/24  # No provider - internal only

Isolated test environment:

networks:
- name: test-isolated
  environment: test
  address: 192.168.0.0/24  # No external access

Troubleshooting

IssueSolution
Catlets cannot communicateVerify same network, check firewall rules
IP conflictsCheck floating ports, verify pool ranges
DNS failuresVerify DNS IPs, test with direct IPs
Network not reachableRun eryph-zero networks sync to repair state

Best Practices

  • Use RFC1918 addresses (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16)
  • Plan IP ranges for growth
  • Segment by function and environment

See Also

Previous
Networking
Next
Shared Access & Security