Hello Team,

We are trying to determining if nebula is right fit for our use case. It fit perfectly of most use case I just need to know about how you guys mange SG group. As SG group are enforced by destination as oppose to traditional SG group. Which make sense in flat architecture, but what happen when we have 100's of node each node? we will have 20-30 type of node and we need to open different port from one type to another.

Example. I have 100's of node and I need to open 3306 from 5 application node to 3 database node etc. There are lot of permutation and combination possible as number of node in cluster increase and keeping up automation will be challenging.

One way is puting small nebula cluster per project etc, but before we look into that, I wanted to know if anyone is managing big cluster? How you are managing/automating SG groups?

Also let me know if I am making wrong assumption etc.

Hi @yogeshkk -

I think most users of Nebula - including Slack - use automated tooling such as Ansible, Chef, or Puppet in order to update Nebula configurations (e.g. rotating certificates and updating firewall rules) on their hosts.

Alternatively, those of us over at Defined Networking have been building a managed version of Nebula that allows you to manage and deploy firewall rules from a centralized UI.

I hope that helps. If you have more specific questions, I can try to advise.