Location: /
Updated: November 5, 2025
Status: Complete Reference Set
This folder contains complete architecture documentation for CloudBridge platform.
- START HERE (this document) - Navigation guide
- CLIENT ARCHITECTURE - CloudBridge Relay Client (NEW)
- REQUIREMENTS MATRIX GUIDE - Find what you need (NEW)
- INDEX - Document index by role
- COMPLETE ARCHITECTURE GUIDE - Full architecture overview
- DATA SOURCES - Where all metrics come from
- DNS NETWORK ARCHITECTURE - DNS design, anycast, DNSSEC (NEW)
- PROTOCOL STACK - Protocol stack architecture (NEW)
Then read based on your role (see below).
1. CLIENT ARCHITECTURE (NEW)
Purpose: Complete documentation of CloudBridge Relay Client
Contains:
- Client architecture overview and component hierarchy
- Core components (Client, Config, Auth, P2P, Tunnel, Heartbeat managers)
- Protocol support (QUIC, gRPC, WebSocket, WireGuard, ICE/STUN/TURN)
- Authentication mechanisms (JWT, OIDC with Zitadel, OS keyring)
- Multi-tenancy and isolation via JWT claims
- Configuration reference (YAML schema, environment variables)
- Usage examples (tunnel, P2P mesh, service installation, health checks)
- Error handling and retry strategies
- Metrics and observability (Prometheus, structured logging)
- Troubleshooting guide and diagnostic commands
- Integration with 8-step architecture pipeline
- Deployment scenarios
- Complete roadmap and implementation status
For:
- Client developers and users
- System administrators deploying CloudBridge clients
- Anyone understanding client-relay interaction
- Integration and testing teams
Start here if: You need to understand how clients connect, authenticate, and interact with the relay infrastructure
2. INDEX
Purpose: Navigation hub by role
Contents:
- Quick navigation for Architects, Ops, Security, Developers
- Document descriptions and purposes
- Key metrics and performance summaries
- Document relationship diagram
Start here if: You need to find what to read next
Purpose: Single comprehensive reference
Contains:
- Request processing pipeline (8 steps)
- Component interaction chain
- 5 isolation layers explained
- OSI model (L1-L7)
- Security, performance, deployment
Start here if: You want complete overview
Purpose: Multi-tenancy deep dive
Covers:
- 5 distinct isolation layers (Network, App, Resource, Data, Operational)
- Isolation attributes and inheritance model
- Peer management with tenant context
- IPAM (IP Address Management)
- JWT tokens and Zitadel OIDC
- Kubernetes NetworkPolicies
- Calico VRF configuration
- Database schema with isolation
- Audit logging and metrics
Start here if: You need to understand multi-tenancy or security
Purpose: 8 components with correct ordering
Describes:
- CloudBridge Scalable Relay
- CloudBridge DNS Network
- CloudBridge Control Plane
- CloudBridge DDoS Protection
- CloudBridge Monitoring
- CloudBridge AI Service
- CloudBridge Dashboard
- CloudBridge Edge PoPs (3 global locations)
Plus:
- Data flow and integration
- Deployment topology
- Security architecture
- Performance metrics
- Operational runbooks
Start here if: You need to understand system components
Purpose: Request processing pipeline details
Shows:
- Client request journey (8 steps)
- Component interaction matrix
- Security at each step
- Performance characteristics per step
- Request timeline example (215ms end-to-end)
- Failure scenarios and recovery
- Latency budget breakdown
- Throughput capacity
Start here if: You need to understand request processing or troubleshoot latency
Purpose: OSI model implementation (L1-L7)
Details:
- L1 Physical: VPC infrastructure
- L2 Data Link: Ethernet, VLAN, VXLAN
- L3 Network: BGP, XDP/eBPF, Calico
- L4 Transport: QUIC, BBRv3, TCP/UDP
- L5 Session: MASQUE, WireGuard
- L6 Presentation: TLS 1.3, mTLS, JWT
- L7 Application: gRPC, REST, Zitadel
Plus: 10 Mermaid diagrams, data flows, security architecture
Start here if: You need protocol details or layer-specific information
8. PROTOCOL STACK (NEW)
Purpose: Complete protocol stack architecture and implementation
Details:
- Full protocol stack from physical to application layer
- Detailed implementation specifications for each layer
- Protocol interactions and dependencies
- Configuration and deployment considerations
Plus: Complete protocol specifications, integration points, performance characteristics
Start here if: You need comprehensive protocol stack details or implementation specifications
9. DATA SOURCES
Purpose: Citation and verification of all metrics
Contains:
- Where every metric comes from
- How to verify each specification
- Component LOC verification methods
- Performance testing methodology
- Capacity measurement sources
- Reliability metrics explanation
- Configuration references
Use this when:
- You need to cite a metric
- You want to verify a specification
- You're creating related documentation
- You need test methodology
Every metric in other documents references this file
10. REQUIREMENTS MATRIX (NEW)
Purpose: Component requirements, capabilities, and feature roadmap
Contains - For All 8 Components:
- Current implementation status (%)
- Required inputs (data, parameters)
- Input configuration (all parameters with defaults)
- Output specifications (what component produces)
- Futures/Features being built (timeline, priority)
- Prerequisites for futures (what blocks each feature)
- Use cases / testing scenarios (how to test and verify)
- Dependencies (what other components needed)
For Operations:
- Current capabilities (what works now)
- Use cases to test component health
- Dependencies to check
- Implementation status and timeline
For Developers:
- Required inputs and parameters
- Output formats and specs
- Futures you might implement
- What prerequisites block your work
- Dependencies to integrate with
For Planning:
- Feature roadmap (Q4 2025, Q1 2026)
- Blocking items (what to do first)
- Implementation timeline
- Dependency coordination
Start here if: You need to know what a component needs, what it outputs, what features are coming, or what's blocking work
11. REQUIREMENTS MATRIX GUIDE (NEW)
Purpose: Quick navigation for the Requirements Matrix
Contains:
- By role: quick reading paths (Operations, Developers, Product/Planning)
- By component: quick links to each of 8 components
- By feature: what's being built in Q4/Q1
- Finding blocking dependencies: process for identifying blockers
- Key statistics: component readiness, blocking items
- How sections are organized: explanation of matrix structure
- Examples: common scenarios and how to use the matrix
Use this for:
- Quick navigation
- Finding your specific need
- Identifying blockers for your feature
- Planning dependencies
- Understanding matrix organization
Start here if: You have a quick question or need to find something specific in the matrix
Purpose: Quick navigation for previous location
Contains:
- Core documents list
- Quick navigation by role
- Key technologies
- Cross-references
- Start: REQUIREMENTS MATRIX GUIDE (5 min - overview)
- Read: COMPLETE ARCHITECTURE GUIDE (5 min)
- Study: TENANT ISOLATION ARCHITECTURE (15 min)
- Reference: REQUIREMENTS MATRIX (component needs & futures)
- Deep dive: NETWORK LAYERS OSI MODEL (10 min)
- Protocol stack: PROTOCOL STACK (15 min)
- DNS: DNS NETWORK ARCHITECTURE (anycast, DNSSEC roadmap) (10 min)
- Cite from: DATA SOURCES (when documenting)
- Start: REQUIREMENTS MATRIX GUIDE (find your component)
- Read: ARCHITECTURE FLOW (10 min)
- Reference: REQUIREMENTS MATRIX (component capabilities & use cases)
- Study: PROJECT OVERVIEW (deployment section) (5 min)
- Troubleshoot: ARCHITECTURE FLOW (failure scenarios)
- Security: TENANT ISOLATION ARCHITECTURE (isolation section)
- DNS: DNS NETWORK ARCHITECTURE (zones, records, failover) (10 min)
- Start: REQUIREMENTS MATRIX GUIDE (dependencies & blockers)
- Read: TENANT ISOLATION ARCHITECTURE (20 min)
- Reference: REQUIREMENTS MATRIX (prerequisites & dependencies)
- Study: NETWORK LAYERS OSI MODEL (L6-L7) (10 min)
- Verify: COMPLETE ARCHITECTURE GUIDE (compliance section)
- Cite: DATA SOURCES (all metrics)
- Start: REQUIREMENTS MATRIX GUIDE (find your component)
- Reference: REQUIREMENTS MATRIX (inputs, outputs, blockers, futures)
- Read: COMPLETE ARCHITECTURE GUIDE (10 min)
- Study: ARCHITECTURE FLOW (request flow) (10 min)
- Multi-tenancy: TENANT ISOLATION ARCHITECTURE (15 min)
- Deep dive: NETWORK LAYERS OSI MODEL (10 min)
- Protocol stack: PROTOCOL STACK (implementation details) (15 min)
- DNS specifics: DNS NETWORK ARCHITECTURE (integration with Control Plane)
- P2P latency: < 1ms (source: QUIC benchmarks)
- Via 1 PoP: < 5ms (source: Controlled tests)
- End-to-end: 215ms (source: Latency budget calculation)
- Failover: < 500ms (source: PoP failure testing)
- Per PoP: 100 Gbps (source: ISP SLA)
- DDoS: 800,000 RPS (source: ML model capacity)
- Availability: 99.99% (source: SLO target)
- P2P success: 94% (source: Connection analytics)
- 8 Components
- 7 OSI Layers
- 5 Isolation Layers
- 3 PoP Locations
- Network: Kubernetes + Calico VRF
- Application: Zitadel OIDC + JWT
- Resource: Kubernetes ResourceQuotas
- Data: IPAM + SERIALIZABLE transactions
- Operational: Audit logging + metrics
All metrics are cited in DATA SOURCES
**START HERE**
|
+---> **REQUIREMENTS MATRIX GUIDE** (Quick Navigation - START HERE)
| |
| +---> **REQUIREMENTS MATRIX** (All 8 Components, Detailed)
|
+---> **INDEX** (Navigation by role)
|
+---> **COMPLETE ARCHITECTURE GUIDE** (Central Hub)
| |
| +---> **PROJECT OVERVIEW** (8 Components)
| |
| +---> **TENANT ISOLATION ARCHITECTURE** (Multi-tenancy)
| |
| +---> **ARCHITECTURE FLOW** (Request Pipeline)
| |
| +---> **NETWORK LAYERS OSI MODEL** (L1-L7)
| |
| +---> **PROTOCOL STACK** (Protocol stack architecture)
| |
| +---> **DNS NETWORK ARCHITECTURE** (Anycast, DNSSEC, integration)
| |
| +---> **DATA SOURCES** (All References)
|
+---> **DATA SOURCES** (Citations for all metrics)
New in this version:
- REQUIREMENTS MATRIX - Components and features with complete requirements
- REQUIREMENTS MATRIX GUIDE - Quick navigation for the matrix
- DNS NETWORK ARCHITECTURE - DNS design, anycast, DNSSEC plan
- PROTOCOL STACK - Complete protocol stack architecture and implementation
...what each component needs (inputs/outputs) → REQUIREMENTS MATRIX (Section for your component)
...what features are coming and what blocks them → REQUIREMENTS MATRIX GUIDE (Futures section) → REQUIREMENTS MATRIX (Futures/Prerequisites sections)
...how to test if a component is working → REQUIREMENTS MATRIX (Use Cases section for your component)
...what's blocking my feature development → REQUIREMENTS MATRIX GUIDE (Finding Blocking Dependencies) → REQUIREMENTS MATRIX (Prerequisites for Futures)
...the Q4 2025 and Q1 2026 roadmap → REQUIREMENTS MATRIX (Implementation Roadmap section) → REQUIREMENTS MATRIX GUIDE (Key Statistics - Blocking Items)
...the request processing flow → ARCHITECTURE FLOW
...how multi-tenancy works → TENANT ISOLATION ARCHITECTURE
...the system components → PROJECT OVERVIEW
...network protocols and OSI layers → NETWORK LAYERS OSI MODEL
...the complete protocol stack → PROTOCOL STACK
...where a metric comes from → DATA SOURCES
...the complete architecture → COMPLETE ARCHITECTURE GUIDE
...what to read based on my role → INDEX
- QUIC (RFC 9000)
- MASQUE (RFC 9297)
- TLS 1.3 (RFC 8446)
- BGP (RFC 4271)
- WireGuard
- Calico CNI
- XDP/eBPF
- Kubernetes 1.28+
- Docker containers
- Linux kernel VRF
- GDPR (data isolation, encryption, audit)
- HIPAA (segmentation, access control)
- PCI-DSS (network isolation, monitoring)
- SOC 2 (security, availability, integrity)
- START HERE - Navigation guide and entry point
- CLIENT ARCHITECTURE - CloudBridge Relay Client documentation (NEW)
- REQUIREMENTS MATRIX GUIDE - Quick navigation for the matrix (NEW)
- INDEX - Navigation by role
- COMPLETE ARCHITECTURE GUIDE - Central reference
- TENANT ISOLATION ARCHITECTURE - Multi-tenancy deep dive
- PROJECT OVERVIEW - 8 components and system overview
- ARCHITECTURE FLOW - Request processing pipeline
- NETWORK LAYERS OSI MODEL - L1-L7 implementation details
- PROTOCOL STACK - Protocol stack architecture and implementation (NEW)
- DATA SOURCES - Metric citations and sources
- REQUIREMENTS MATRIX - Component requirements and roadmap
- DNS NETWORK ARCHITECTURE - DNS design, anycast, DNSSEC, Control Plane integration (NEW)
- README - Legacy navigation
-
Changing a metric?
- Update: DATA SOURCES (the source)
- Update: All docs that reference it
- Add: Verification method
-
Adding a new component?
- Update: PROJECT OVERVIEW (component description)
- Update: ARCHITECTURE FLOW (if in pipeline)
- Update: COMPLETE ARCHITECTURE GUIDE
- Add to: DATA SOURCES (LOC, specs)
- Update: INDEX (metrics section)
-
Changing isolation model?
- Update: TENANT ISOLATION ARCHITECTURE (primary)
- Update: COMPLETE ARCHITECTURE GUIDE (overview)
- Update: NETWORK LAYERS OSI MODEL (if layer-specific)
- Update: DATA SOURCES (if new specs)
Current Version: 3.0 (November 4, 2025)
- v1.0 - Initial documentation
- v2.0 - Added isolation layers and multi-tenancy details
- v3.0 - Complete architecture with data sources
For documentation questions:
- Check DATA SOURCES for metric citations
- Check INDEX for role-based navigation
- Check specific document table of contents
For architecture questions:
- Review COMPLETE ARCHITECTURE GUIDE
- Check ARCHITECTURE FLOW for request flow
- Review TENANT ISOLATION ARCHITECTURE for security
Status: Complete and Current
Last Updated: November 5, 2025
Audience: All technical roles
Next Review: Q4 2025