Atmos Agent: Routing Traffic to the Atmos Cloud

The Atmos Agent captures relevant outgoing traffic by adding a virtual network interface to the user's machine. Requests to applications' IP addresses are directed to the network interface by new rules set in the OS routing table. Once the Client receives the request, it sends the request to Atmos Cloud over an encrypted UDP channel.

The Atmos Agent Network Interface on macOS:

366366

In addition to the network interface, the Atmos Agent creates a local DNS server. This local DNS server is used to intercept requests to applications' URLs and directs them to the Axis Cloud.

The Atmos Agent network connection workflow

  • The user wants to access an application using a URL address through a browser (or other client software).
  • The browser sends a DNS query asking for the URL’s IP address.
  • The Atmos Agent's local DNS resolves the DNS query with a private IP address in a reserved range (100.65.0.0/16) and sends it back to the browser.
  • The browser sends an HTTPS request to the private IP.
  • Since the IP is in the Atmos Agent network interface range, the OS sends the request to the Axis Client.
  • The Atmos Agent sends the request to the Atmos Cloud over a UDP connection, with the original URL attached as metadata.
  • The Atmos Cloud selects a connector in the same private network as the application’s server and sends the request to it.
  • The Connector reads the original URL from the request’s metadata and sends a DNS query to the DNS server in the local network.
  • After receiving the application’s server IPs, the connector establishes a connection between the end-user's browser and the target application.

The technical flow of a web application access using the Atmos Agent:

26302630

DNS configurations on macOS resolve DNS request using the Atmos Agent local DNS server:

300300