# Network Diagram

## External Traffic Flow

```
                     ┌──────────────┐
                     │   Internet   │
                     └──────┬───────┘
                            │
                   ┌────────┴────────┐
                   │  Cloudflare DNS │
                   │  coreworlds.io  │
                   │  → public IP    │
                   └────────┬────────┘
                            │
                     ┌──────┴───────┐
                     │     UCG      │
                     │  WAN :443    │
                     └──────┬───────┘
                            │ port-forward
                     ┌──────┴───────┐
                     │   catherby   │
                     │ 192.168.1.50 │
                     │  Traefik     │
                     └──────┬───────┘
                            │
              ┌─────────────┼─────────────┐
              │             │             │
        coreworlds.io  api.coreworlds.io  ...
         (web app)      (api server)
```

## LAN Traffic Flow (Split-Horizon DNS)

```
     ┌──────────────┐
     │  LAN Client  │
     └──────┬───────┘
            │ DNS query: argocd.coreworlds.io
     ┌──────┴───────┐
     │   UCG DNS    │
     │ *.coreworlds │
     │ → 192.168.1  │
     │    .50       │
     └──────┬───────┘
            │ direct (no hairpin NAT)
     ┌──────┴───────┐
     │   catherby   │
     │ 192.168.1.50 │
     │  Traefik     │
     └──────────────┘
```

## Service Routing

```
Traefik (192.168.1.50:443)
  │
  ├── coreworlds.io           → web        (public)
  ├── api.coreworlds.io       → api        (public)
  ├── preview.coreworlds.io   → web        (public, preview ns)
  ├── api-preview.coreworlds.io → api      (public, preview ns)
  ├── argocd.coreworlds.io    → argocd     (LAN only — internal-only middleware)
  ├── grafana.coreworlds.io   → grafana    (LAN only — internal-only middleware)
  └── longhorn.coreworlds.io  → longhorn   (LAN only — internal-only middleware)
```