Provision and launch Edge Nodes

  • Updated on Dec 9, 2024
  • Published on Dec 6, 2024
  • 6 minute(s) read

This article explains how to provision and launch Edge Nodes (formerly Edge iNodes), which are the physical hardware that connects directly to your IIoT devices. Complete the following procedures to install the hardware device you received from Neeve and connect it to the network. 

If you’re planning to use Virtual LANs (VLANs), see also Enabling VLANs for an organization.

Setting up physical network connections

Note
You can configure Edge Node networks before physically connecting them to the network. 

As a prerequisite for operation, the Edge Node needs to be connected to the network. One Ethernet port is reserved for WAN connectivity, which must be linked to a network with internet access. For detailed requirements, see Prerequisites for Edge Node connectivity.

The remaining port(s) are available for connecting to LAN networks to support the following activities:

  • Protection using the Edge Nodes firewall functionality
  • Remotely accessing devices via the Remote Access Portal
  • Running services and applications
  • Facilitating cloud connectivity through secure tunnels

Depending on your Edge Node model, you'll have between two and four Ethernet ports available. You can see the available ports in the device's port diagram in the Secure Edge Portal. Sign in to the portal, navigate to the Edge Node’s Details page, and then select the Edge Node name next to Vendor.

The hardware diagram will appear.

By default, on Model 2484 Edge Nodes, LAN A and LAN B are the only active ports. The labels shown in the diagram match the labels printed on the physical device. These labels are used throughout the portal to maintain consistency. To enable the other ports, refer to Advanced network interface configuration on Edge Nodes.

Connect the WAN-designated port to a network with internet access. Connect other ports as needed to the appropriate LANs. For converged networks, LAN ports on the Edge Node support VLAN segmentation. For details on VLAN configuration, refer to Using VLANs on Edge Nodes

Provisioning Edge Nodes

Use the Secure Edge Portal to add Edge Nodes as network elements, assign them to local networks, and configure their attributes.

Prerequisite
Ensure you have an SSH public key to use for access authentication of the Edge Node console. For more on SSH key management, see Managing SSH key authentication for a node.

Add an Edge Node

  1. From the Secure Edge Portal left menu, select the plus icon (+) > Add Node.
  2. Enter the Edge Node name.
  3. Optionally, specify custom attributes as labels. (See Using labels for details.)
  4. Select the Edge profile.
  5. From the prepopulated list of hardware serial numbers, select the serial number that matches the label on your device.
  6. Select the SSH public key for console access. (If you don’t have an SSH public key to use, see Managing SSH key authentication for an Edge Node.)
  7. Next, add location details (street address, city, state/province, zip/postal code) to map your Edge Node on the Dashboard landing page.
  8. Adjust the Data Saving Mode in Advanced Settings, if necessary. (For more on data saving mode, see Using data saving mode.)
  9. Select Add Node to complete the setup. Once added, the node will appear on the All Nodes page.

Add local networks for Edge Nodes

Note regarding duplicate network CIDRs
Two networks on the same Edge Node can support the same subnet, but this require careful management to prevent network loops (the Edge Node does not actively check for loops). In these scenarios, use Representational Networking to manage remote networks. It is the responsibility of the installer to ensure that the networks are properly segmented.
  1. Select the name of the newly added Edge Node to open its details page.
  2. Under the Networks tab, select the plus icon (+) to display the Add Network page. Enter the network name in the Name field, and specify any custom labels as needed. (For more on labels, see Using labels.)

Set up static or dynamic network addressing

You can set up either static or dynamic network addressing for the Edge Node. To set up static network addressing, the hosts in the network must be manually configured with static IP addresses. To create a dynamic local network for the Edge Node, a Dynamic Host Configuration Protocol (DHCP) server provides and manages IP addresses. Complete the steps in the applicable subsection below.

Create a static local network

  1. Select Static for Network Addressing.
  2. Specify the network's CIDR in the Network CIDR field.
  3. Specify a range of IP addresses (at least one) that will be reserved for Edge Node internal use. These IP addresses must be part of the same IP subnet as the local network's CIDR.
  4. For Node IP Address, you can set the IP address of the Edge Node interface. This is an optional field. If you don’t set it, the start IP address configured in the previous step will be the IP address for the Edge Node and the default gateway for devices on this network. If you set the Node IP Address, it will be the default gateway.
  5. If you plan to use services on this Edge Node, you need to set up IP addressing for those services. By default, the Edge Node assigns IP addresses for services dynamically from the Internal Reserved IP Address Range you specified. If you’re using the default, make sure you’ve reserved enough IP addresses. You need at least one more than the number of services you plan to run.
  6. If you plan to configure the services manually with static IP addresses, select the Services expansion panel and set Service Addressing to Static.
  7. Select Save and skip to the below section Complete network setup.

Create a dynamic local network

  1. Select Dynamic for Network Addressing.
  2. For Node IP Address, specify the IP address of the Edge Node interface on this network. This will be the default gateway for devices on this network.
  3. If you plan to run services on the Edge Node, when you select dynamic network addressing, by default, a DHCP server assigns IP addresses to services on the network and the Services panel is disabled. You may, however, configure static IP addresses for the the core services, Kea DHCP, PowerDNS, Postgres, and NTP when you add the services to your Edge Node. (Refer to Edge services.)
  4. Select Save and continue to Complete Network Setup.

Complete network setup

Follow these steps steps to complete the local network setup:

  1. You may have the option of configuring VLANs. (For more on VLANs, see Using VLANs on Edge Nodes.)
  2. Set the Default Destination for traffic from the local network with an outside destination (for example, traffic going to the internet or LAN):
    • None: (default) Drops the traffic
    • Specify IP Address: Sends the traffic to the IP address of a gateway in the local network that you specify
    • WAN Network: Sends the traffic through the Edge Node uplink
  3. Select Save.

Create static routes for an Edge Node

Create static routes to enable services on the Edge Node to reach specific network segments or allow local hosts to access LAN or internet destinations.

  1. In the Static Routes expansion panel, select Add to add a new static route. You can add up to 64 static routes per network. Note that if you set Default Destination to a value other than None, it uses up a static route.
  2. Define the destination network's CIDR.
  3. Under Via, specify the traffic path:
    • Specify IP Address: Sends the traffic to the IP address of a gateway in the local network that you specify
    • WAN Network: Sends the traffic through the Edge Node uplink
  4. If you need devices on this segmented network to be accessible via Remote Access or Cloud Connectors, select the Allow Remote Networks checkbox
    • In the expanded section, select the remote network you would like to map the segmented network to.
    • You can also specify a Representational Network value or select Enable Representation Network Automation to assign the NAT for you.
    • You can add 25 remote networks per route.
  5. Select Save.

Launching an Edge Node

  1. Power on the Edge Node hardware. It will automatically discover the uplink network via DHCP and securely connect to Secure Edge Portal.
  2. If you want to configure the uplink interface to use static IP, please refer to the Node CLI.
  3. Verify the Edge Node status in the Secure Edge Portal; it should display as ALIVE on the Details page.
Ensure outbound TCP port 443 is open on any firewalls between the Edge Node and the internet.

Managing unassigned serial numbers

For resellers, partners, or environments with child organization, manage unassigned serial numbers by moving them into the relevant child organizations.

  1. From the Secure Edge Portal left menu under Node, select Serial Numbers.
  2. Select the serial number, and then select Move from the top-right menu.
  3. In the To Organization drop-down field, select the destination child organization you would like to move the Edge Node to.