CloudBridge Relay: Technologies and Prospects
CloudBridge Relay is conceived as a cloud-based, API-oriented platform for secure TCP traffic tunneling in the Zero Trust paradigm. While based on SoftEther VPN principles, its reimagining allows us to go far beyond the classic “virtual private channel” and approach a next-generation flexible access infrastructure.
1. What We Take from SoftEther - and Where We’re Heading
SoftEther Principle | How It Works Today | What’s Planned in CloudBridge Relay |
---|---|---|
Ethernet Frame Encapsulation over TLS/HTTPS | Single TLS tunnel, up to 32 parallel TCP streams, DPI/NAT bypass | Asynchronous TLS sessions, zero-copy buffering, dynamic stream routing - higher performance, lower latency |
ICMP/DNS Fallback | Switching when TCP/UDP is blocked | “Light” auto-fallback in strict filter mode, extended coverage area |
VNet via Virtual Ethernet Bridge + L3 Routing | Requires manual configuration | Integrated IP router: each agent assigned an IP, network and ACL management - via UI/API |
TLS 1.3, PFS Security | ChaCha20-Poly1305, perfect forward secrecy | Optional mTLS and JWT authorization for fine-grained RBAC |
JSON-RPC API | Console-oriented management | Full REST / JSON-RPC / WebSocket stack, tailored for CI/CD and IaC |
Horizontal Scaling | Manual node deployment | Clusters with load balancing and geo-distribution, Go/Rust implementation with multicore-TLS |
2. Intelligent Security of the Future
CloudBridge Relay evolves not just as a transport, but as a traffic guardian:
- ML Engine UEBA Builds profiles based on geolocation, User-Agent, time patterns. Anomalies are flagged and sent for automated response.
- Keycloak IAM + MFA Centralized identification and administrative zone segmentation.
- Real-time Threat Monitoring Clusters, hubs, and key metrics collected in “single pane of glass” mode.
3. MVP Architecture
┌─────────────┐
│ Client / │ TLS over
│Relay Agent ─┼─────────┐
└─────────────┘ │
TCP-multiplex │
▼
┌────────────────┐
│ Relay Server │
│ • TLS Termination
│ • IP Routing (VNet)
│ • JSON-RPC API
│ • ML Engine & ACL
└────────────────┘
│
Internal cluster │ Heartbeat / Syslog
communication ▼
┌────────────────┐
│ Dashboard UI │
│ • Tunnel Mgmt │
│ • VNet View │
│ • Threat Alerts│
└────────────────┘
│
REST / WebSocket API
│
Backend
▼
┌────────────────┐
│ Django + DB │
│ • Users │
│ • Servers │
│ • VNet, ACL │
└────────────────┘
- Agents (Go/Rust) - establish TLS channel, multiplex streams, transmit heartbeat.
- Relay Server - terminates TLS, routes packets within VNet, stores logs and ML features.
- Dashboard - React-SPA, displays real-time statistics.
- Backend (Django) - stores entities, issues JWT, serves REST/WebSocket.
4. API Examples
Create Tunnel
POST /api/v1/tunnels
Content-Type: application/json
{
"server_id": "5f2a-…-c431",
"ports": [22, 3389],
"vnet_id": "a17d-…-1b22"
}
Response:
{
"tunnel_id": "6b3d-…-e9af",
"endpoint": "relay.example.com:443",
"agent_token": "eyJhbGciOiJIUzI1NiIs..."
}
Tunnel Status
GET /api/v1/tunnels/{tunnel_id}/status
{
"status": "active",
"bytes_in": 102400,
"bytes_out": 204800,
"uptime": 3600
}
Agent Heartbeat
{
"type": "heartbeat",
"tunnel_id": "6b3d-…-e9af",
"stats": {
"bytes_in": 102400,
"bytes_out": 204800,
"client_ip": "10.12.0.2",
"timestamp": "2025-06-18T12:00:00Z"
}
}
VNet Management
POST /api/v1/vnets
{ "name": "office-net", "cidr": "10.12.0.0/24" }
POST /api/v1/vnets/{vnet_id}/members
{ "server_id": "5f2a-…-c431", "ip": "10.12.0.4" }
5. MVP Roadmap
Phase | Timeline | Key Milestones |
---|---|---|
MVP Release | Q3 2025 | TLS tunnels, JSON-RPC, basic UI, JWT, heartbeat |
VNet & ACL | Q4 2025 | Virtual subnets, ACL, RDP/SSH tunneling |
Firewall-fallback | Q1 2026 | HTTPS/ICMP/DNS tunnel under blocking conditions |
ML Modules | Q2 2026 | Behavioral feature collection, anomaly classification |
IAM Integration | Q3 2026 | Keycloak, MFA, RBAC UI |
Geo-clusters | Q4 2026 | Distributed clusters, SLA tools |
6. Key Advantages
- Adaptive Tunnel - resilient to NAT, DPI, and strict filters.
- Centralized IP Router with manageable ACLs.
- ML Behavior Analytics in real-time.
- Cloud Zero Trust Infrastructure with “click-to-scale” capability.
Conclusion
CloudBridge Relay is forming as an ecosystem for companies that value:
- simplicity in deploying secure tunnels without VPN clients;
- transparent access management through API and UI;
- built-in threat analysis with instant response.
Ready to share detailed technical schematics, extended API examples, and discuss the MVP architecture - just let us know!