Concepts
Understanding how Arctic works
Concepts
This section explains the architecture, design decisions, and underlying concepts of Arctic. Understanding these concepts will help you make better decisions when configuring and troubleshooting your deployment.
Core Concepts
Architecture
System components and how they interact
Clustering
Peer discovery and state synchronization
Routing
Traffic flow and network configuration
Security
Authentication and trust model
Completion Cache
Fast shell completions with local caching
Overview
Arctic is a transparent network routing system that enables secure communication between distributed nodes. It consists of:
- Arctic Agent: The core service that manages network configuration
- Pegasus: A TProxy service that handles TCP traffic
- Tempest: A WireGuard-based IP tunnel for non-TCP traffic
These components work together to route traffic based on CIDR rules while maintaining transparency to applications.
Key Principles
Transparency
Traffic routed through Arctic appears to originate from its original source. Applications do not need modification to work with Arctic.
Automatic Configuration
When you create services and routes through the CLI or API, Arctic automatically:
- Creates network interfaces
- Generates firewall rules
- Configures proxy services
- Establishes encrypted tunnels
Distributed State
Cluster state is synchronized across all peers using a gossip protocol. Changes propagate automatically without a central coordinator.
License-Based Trust
Peers trust each other based on shared license verification. Only peers with the same license can join a cluster.
Reading Order
If you are new to Arctic concepts, we recommend reading in this order:
- Architecture - Understand the components
- Routing - Learn how traffic flows
- Clustering - Understand peer synchronization
- Security - Learn about the trust model