Quick Start

This walkthrough takes an installed, activated node and gets a workload onto a managed network with DHCP, DNS, and a firewall policy — end to end.

If you have not installed the agent yet, start with Installation.

1. Define a network

A network is a managed private network: an IP CIDR whose usable host addresses are each materialized into an endpoint profile (an IP paired with a generated MAC). Create one with the CLI:

sudo cenvero-str-ctl network create \
  --name app-net \
  --cidr 10.20.0.0/24 \
  --gateway 10.20.0.1

Stratum allocates the segment on cnv-user-br0, starts a DHCP server for the pool, and serves authoritative DNS for the network's zone.

List what you have:

cenvero-str-ctl network list

ID        NAME      CIDR            GATEWAY      ENDPOINTS  BOUND
net-01    app-net   10.20.0.0/24    10.20.0.1    253        0

2. Attach a workload to an endpoint

Claim a free endpoint for your workload. Stratum returns the endpoint's IP and a generated MAC, wires it into the bridge, and programs the data plane (including the IP↔MAC anti-spoof binding) for it:

sudo cenvero-str-ctl network attach net-01 --ip 10.20.0.50

Configure your workload's interface with the returned MAC and it picks up the endpoint's IP from DHCP, a working default gateway, and DNS — no guest agent required.

cenvero-str-ctl network endpoints net-01

ENDPOINT-ID   IP            MAC                  STATE
ep-50         10.20.0.50    52:54:00:ab:cd:01    bound

3. Add a firewall policy

The firewall is default-deny. Allow inbound HTTP/HTTPS to the endpoint and let it reach out:

sudo cenvero-str-ctl firewall allow \
  --network app-net \
  --to 10.20.0.50 \
  --port 80,443 \
  --proto tcp

sudo cenvero-str-ctl firewall allow \
  --network app-net \
  --from 10.20.0.50 \
  --egress

See Firewall for the full policy model.

4. Define a load-balanced VIP

Declare an L4 virtual IP and a backend set so you can scale horizontally later:

sudo cenvero-str-ctl lb create \
  --vip 10.20.0.10:80 \
  --backends 10.20.0.50:80 \
  --algorithm least-conn

Add and remove backends live with lb add-backend / lb remove-backend. See Load Balancer.

5. Confirm

cenvero-str-ctl status --verbose

You now have a workload on a managed network with DHCP, DNS, a firewall policy, and a load-balancer VIP defined — all from one agent.

Where to go next

• Configuration — capture this setup as a signed config file.
• Clustering Overview — stretch the network across hosts.
• CLI Reference — every command in one place.