Aranya is a revolutionary micro-segmentation solution built on a zero-trust framework that enables applications to maintain operational capability in contested network environments while ensuring data security and service availability. By reducing complexity in integrating security at the application design level, Aranya provides enterprise best-in-class protection against network threats.
- 🔒 End-to-end encryption for all network communications
- 🔐 Device-level authentication
- 📝 Domain-specific policy language for security controls
- 🛡️ Granular access control at the application layer
- 🔄 Automated security policy enforcement
- 🚀 High availability during network attacks
- ⚡ Quick security policy updates without disruption
-
VLAN CNI Plugin
- Implements standard CNI plugin interface (ADD, DEL, CHECK operations)
- Handles both wired and wireless (WLAN) host interfaces
- Provides VLAN networking capabilities
-
Policy Engine
- Cryptographic policy enforcement
- Zero-trust access control
- Multi-tenant isolation
-
Network Management
- Physical network isolation through VLANs
- Microsegmentation with fine-grained controls
- Cross-team collaboration support
- Kubernetes cluster (1.20+)
- Multus CNI plugin
- kubectl configured
-
Clone the repository:
git clone https://github.com/recluseso/socni.git cd socni -
Install the CNI plugin:
make install
-
Install the SOCNI command line tool:
make install-cli
-
Verify installation:
make deploy kubectl apply -f socni/manifests/plugin-install/socni-example-pod.yaml
The project includes comprehensive testing capabilities:
test-socni.sh: Tests the SOCNI CNI plugin installation and functionalitycleanup-socni.sh: Cleans up test resources
- CNI plugin functionality
- Policy enforcement
- Network isolation
- Multi-tenant scenarios
- Performance metrics
| Feature | Aranya | Service Mesh |
|---|---|---|
| Network Isolation | Physical (VLAN) | Logical (overlay) |
| Performance Impact | Minimal | Moderate |
| Complexity | Low | High |
| Policy Enforcement | Cryptographic | RBAC-based |
| Resource Usage | Light | Heavy |
| Feature | Aranya | Traditional CNI |
|---|---|---|
| Security | Zero-trust | Basic |
| Policy Management | Advanced | Basic |
| Multi-tenant Support | Built-in | Limited |
| Wireless Support | Yes | Limited |
| Audit Capabilities | Comprehensive | Basic |
-
Zero-Trust Architecture
- Every connection is verified
- No implicit trust
- Continuous validation
-
Cryptographic Policy Enforcement
- Mathematically verifiable policies
- Tamper-proof enforcement
- Audit trail
-
Physical Network Isolation
- VLAN-based segmentation
- Hardware-level security
- No cross-tenant traffic
-
Multi-tenant Environments
- Complete tenant isolation
- Secure shared infrastructure
- Policy-based access control
-
Regulated Industries
- Compliance with strict requirements
- Audit-ready security controls
- Data isolation guarantees
-
Edge Computing
- Wireless network support
- Lightweight implementation
- Quick policy updates
We welcome contributions! Please see our Contributing Guide for details.
This project is licensed under the Apache License 2.0 - see the LICENSE file for details.
- Kubernetes community
- CNI project
- All contributors
For more information, please visit our documentation or open an issue.