Configuring one-arm mode for Edge Nodes

  • Updated on Dec 9, 2024
  • Published on Dec 6, 2024
  • 3 minute(s) read
Prev Next

One-arm mode simplifies network configuration by allowing a single port to act as both uplink and downlink on an Edge Node (formerly Edge iNode). This reduces the need for multiple physical connections and enables network redundancy. 

One-arm mode is enabled for your company's account based on your Subscription Agreement. To use one-arm mode, you must also have VLANs enabled for your account. For details on enabling these features, contact your Account Manager.

One-arm mode overview

In standard Edge Node deployments, the network is physically separated with the eth0 port used for WAN/cloud (northbound) uplink and eth1 for local (southbound) downlink, as depicted in the following image.

One-arm mode combines these functions into a single port, allowing you to:

  • Utilize fewer network connections.
  • Enable redundancy by configuring the unused port for link backup.

Use cases for one-arm mode

One-arm mode is useful in the following scenarios:

  • Switch port availability is limited: With one-arm mode, you can use VLANs to create virtual separation of networks using the same physical connection. By default, the WAN uses an untagged VLAN (although it can be tagged) and the other local networks are tagged VLANs, as the shown in following example.

     
  • High availability and redundancy are required: The second port (eth1) can be configured for link redundancy, ensuring seamless operation if the primary port (eth0) goes down. (For devices with more than two ports, other ports are disabled.) The eth1 port can be connected to a duplicate of the switch connected to eth0. Both eth0 and eth1 can also be connected to the same switch. See the following figure as an example.


Network configuration for one-arm mode

When using one-arm mode, it’s important to ensure VLANs are properly configured on both the Edge Node and the network switch. Consider the following as you prepare to make network changes:

  • Before you configure one-arm mode for an Edge Node, contact Neeve Support at [email protected] for assistance in planning the necessary network changes.
  • In the case of a flat network for local network and WAN, we do not recommended applying a custom security policy that controls traffic within the network.
  • If you’re planning to use a tagged WAN in your network, you will need physical access to the Edge Node when configuring one-arm mode.

In this section, we describe three scenarios using one-arm mode.

Scenario 1: Untagged WAN traffic

The simplest scenario where the switch has one port available to connect with the Edge Node. The WAN traffic is untagged, but the local network traffic is all tagged VLANs.

  • Connect a single Ethernet cable from the Edge Node to the switch for WAN traffic.
  • Enable one-arm mode from the Secure Edge Portal. The Edge Node will reboot.
  • Traffic continues to route to the Secure Edge Portal, and you can configure local networks with tagged VLANs.

Scenario 2: Tagged WAN traffic

A more complex scenario where the switch has one port available, but the WAN traffic is tagged. (By default, WANs are untagged.)

  • When you plug the Edge Node to eth0, it won’t be able to route traffic to Secure Edge Portal. Use SSH to connect to the node console.
  • Use the Node CLI to configure the WAN interface with the appropriate VLAN tag. The node can connect to the Secure Edge Portal.
  • Once connected, use the portal to enable one-arm mode and configure local networks with tagged VLANs.

For detailed instructions, see Using the Node command-line interface (CLI) and web UI, especially the section Configuring an Edge Node with tagged WAN traffic for one-arm mode.

Scenario 3: Redundant network configuration

To add redundancy, configure one-arm mode (tagged or untagged WAN) and connect the Edge Node’s second eth1 to the eth0 port of a second (backup) switch. This ensures network continuity if the primary link fails.

Refer to the following articles for additional instructions:

Configure one-arm mode on an Edge Node

When you configure an Edge node for one-arm mode, or change it back to the default mode, the node reboots.

Configuring an Edge Node for one-arm mode includes switching from default mode to one-arm mode and then creating the relevant networks. Note that when you switch to one-arm mode, if both the WAN and local networks are untagged, the networks will be merged into one VLAN. 

Use the following steps to configure one-arm mode for an Edge Node:

  1. From the Secure Edge Portal left menu, select Nodes > All Nodes, and then select the Edge Node to open its details page.
  2. From the Manage Node menu, select Edit.
    edit-node
  3. Expand Advanced Settings and toggle One-Arm Mode to On. A dialog opens, asking you to confirm that you want to enable one-arm mode and reboot the node.
  4. Select Yes - Switch Mode to continue the one-arm mode configuration.
  5. Select Update. The node reboots. When its status returns to ALIVE, both ports are capable of acting as uplink and downlink interfaces.
  6. Configure your networks. See Connecting networks for detailed instructions and contact [email protected] if you need assistance.