Overlay Network, SDWAN, and Open Source Mesh VPN Solutions Explained

preview_player
Показать описание
My review of Zerotier

Review and Tutorial of Nebula

Connecting With Us
---------------------------------------------------

Lawrence Systems Shirts and Swag
---------------------------------------------------

AFFILIATES & REFERRAL LINKS
---------------------------------------------------
Amazon Affiliate Store

UniFi Affiliate Link

All Of Our Affiliates that help us out and can get you discounts!

Gear we use on Kit

Use OfferCode LTSERVICES to get 5% off your order at

Digital Ocean Offer Code

HostiFi UniFi Cloud Hosting Service

Protect you privacy with a VPN from Private Internet Access

Patreon

⏱️ Timestamps ⏱️
0:00 Open Source Mesh VPN
1:46 Nebula Mesh VPN
3:32 Zerotier
4:43 Privacy VPN's
5:28 Site to Site VPN solutions
6:34 How Nebula & Zerotier Work
10:10 How UDP hole punching works
14:08 Summary of the solutions

Self hosted Zeroitier tool (I have not tested)

My review of Zerotier
  1. Lawrence Systems
  2. lawrencesystems
  3. open source mesh
  4. open source
  5. open source mesh vpn
  6. linux
Рекомендации по теме
Overlay Network, SDWAN, 0:18:36

Overlay Network, SDWAN, and Open Source Mesh VPN Solutions Explained

Underlay vs Overlay 0:05:48

Underlay vs Overlay Routing SD-WAN solution

SD-Access: Underlay vs. 0:00:25

SD-Access: Underlay vs. Overlay Network

Huawei CloudEngine Series 0:02:25

Huawei CloudEngine Series Switches-What is Underlay and Overlay

The Homelab Show 0:30:57

The Homelab Show Episode 51:Zerotier Global Area SDWAN Overlay Networking

Routing in Overlay 0:08:53

Routing in Overlay WAN (SDN WAN Tutorials)

Communication Channels between 0:07:32

Communication Channels between SD WAN and SD Access Components

Module 4 - 0:57:54

Module 4 - SD-WAN Overlay Routing / Lesson 4 - Configuring and Verifying Overlay Routing

Module 4 - 0:29:58

Module 4 - SD-WAN Overlay Routing / Lesson 1 - Overlay Routing Overviewv

1 3 Examining 0:17:55

1 3 Examining the Cisco SD WAN Architecture – OMP

PacketFabric SD 0:37:21

PacketFabric SD WAN, SASE and NaaS: Understanding Underlay vs Overlay Networking

What is SD-WAN? 0:01:33

What is SD-WAN?

Overlay SDN Introduction: 0:06:41

Overlay SDN Introduction: VM visibility with Nuage Networks VSP (GNS3 course)

What is a 0:09:07

What is a VTEP in Overlay SDN Solutions / Virtual Networks?

Module 4 - 0:41:58

Module 4 - SD-WAN Overlay Routing / Lesson 2 - OMP Route Advertisements

WAN Segmentation for 0:32:36

WAN Segmentation for Guest Wireless & Network Security (SD-WAN Tutorials)

SD-Access Underlay and 0:12:50

SD-Access Underlay and Overlay

Module 4 - 0:47:48

Module 4 - SD-WAN Overlay Routing / Lesson 3 - OMP Route Redistribution and Network Segmentation

Creating a Holistic 0:03:48

Creating a Holistic Overlay/Underlay Interworking

Underlay Network vs 0:05:56

Underlay Network vs Overlay Network || difference between Underlay and Overlay Network

Modular Overlay Networking 0:40:26

Modular Overlay Networking Solutions with the Container Network Interface

Nebula, the open 0:28:47

Nebula, the open source global overlay network VPN solution.

'Unveiling the Power 0:07:19

'Unveiling the Power of Underlay Networks: Building the Foundation of Modern Connectivity'

How to Create 0:48:37

How to Create Test networks for SD-WAN Proof of Concepts

Комментарии
Автор

Nebula Links


Self hosted Zeroitier tool (I have not tested)

My review of Zerotier

Review and Tutorial of Nebula

LAWRENCESYSTEMS
Автор

Thanks Tom - Awesome info. I would definitely like to see Nebula in action. I found out about Zerotier from one of your videos and it has been useful to maintain connectivity to my home and work labs. Keep them coming!!

kooldad
Автор

I just want to thank you for all of the videos you upload and all of the work you do for us. You help to keep me up to date and informed and you really help to provide stability in sometimes a very all over the place profession of IT. Keep up the great work! I will continue watching and trying to grow and prepare myself in IT thanks to your help! :)

FSULAUBACH
Автор

Ooooo you did check out Nebula, cool! Was happy to get the notification for this video.

fonte
Автор

Was looking at Zerotier to solve an issue, appreciate the overview and comparison.

doncoker
Автор

While experimenting with zerotier and tailscale I did some tests.
First I tried the maximum speed I could archive

I used two LXC Containers on a ryzen 9 3950x
Both "external interfaces" are connected to the same subnet
-> ZeroTier Nodes can talk to each other directly


iperf3 standard test is used

Both LXC Container 8C 8-CPUlimit
27.0 Gbits/sec direct connection
1.59 Gbits/sec over ZeroTier 43, 75% CPU usage by Zerotier on sender and reciver

Both LXC Container 8C 1-CPUlimit
26.9 Gbits/sec direct connection (no suprise since iperf is single threaded)
1.16 Gbits/sec over ZeroTier 12, 3 % CPU = One Thread

Both LXC Container 8C 0.1-CPUlimit
2.70 Gbits/sec direct connection (now we are seeing a reduction to 10% since one core can only max out at 10%)
108 Mbits/sec over Zerotier again ~10% the performance

Both LXC Container 1C 1-CPUlimit
26.9 Gbits/sec direct connection
2.02 Mbits/sec over Zerotier this should have no diffrence to 8C 1-CPUlimit

I find especially the last two tests interesting, both should get the same amount of cpu power but the first can split across multiple threads, the 2. one cant.
This test was done in May 2020. I am not sure if those speeds would change if I run them now.


The 2. test I did was between two Hetzner Cloud VMs with iperf and one CPU core
1.29 Gbits/sec - Directly
10.1 Mbits/sec - ZeroTier (but I think something is broken here)
243 Mbits/sec - Tailscale

Tailscale goes up to 80% CPU on single core while doing 240-260Mbits
ZeroTier going 100% CPU while doing 10-20 Mbits

Now with 8 vCores on each system
1.12 Gbits/sec via ZeroTier CPU @ ~25% usage
419 Mbits/sec via Tailscale CPU @ 30% usage

So Tailscale was able to get decent speeds on a weak system, but Zerotier got way faster if you give the server the horsepower for it.

Now for my personal use of those two.
I had a zerotier controller and two moons set up, for those who do not know what a moon is, it is supposed to "proxy" the traffic between two nodes if they cant establish a direct connection.
As of May 2020, those two moons never worked as I thought they would, if two devices didnt manage to create a direct connection the proxied one was not even stable enough for SSH to work properly, and yes, they were set up in all clients aswell, and showed up.
Tailscale didnt and still doesnt seem to have this issue, connections to any of my machines work flawlessly and are so fast I do not notice the "VPN" stuff behind it at all.
One can use the "tailscale status" command to get information about the connections between the devices
[ID] linux TailscaleIPof Server1 fra *PublicIP:41741*, InternalIP:41681
[ID] windows TailscaleIPof Server2 fra *PublicIP:41631*, InternalIP:41741
the two ** indicate what connection is used beween two devices.
the first couple of pings after a reboot or reconnect are in the 100ms range, thats when the connection is still proxied over tailscales server,
in the background they test the IPs and Ports of the remote machine that they got from the controller and after maybe 5s. the direct connection is there and youll see close to line pings.

Currently I use tailscale, but with a grain of salt since currently you are bound to their service AND a google or microsoft account.
If zerotiers moons would work as I think they should I would instantly switch back again.

Because with Zerotier you can create multiple Networks, define your own IP ranges, assign IPs to the clients yourself, and route 0.0.0.0/0 through a definded node !
Tailscale is a great "it just works" MeshVPN to connect your different devices without having to care about anything behind it.

greedplus
Автор

14:20 You can install zerotier on your routers, this way it basically acts like a bridge between the routers and you don't have to do anything else besides adding some static routes on the zerotier UI. Edgerouters work very nicely for that. And then it's just business as usual configuring your firewalls

dimitris
Автор

Definitely more interested in how to fix that firewall/ACL workaround.

YehudaKatz
Автор

I am using the key-networks self hosted controller. It does work as advertised, and I have had no major issues - but it is a little rough. A few issues here and there with values being cached, or taking several attempts to update properly.

stefanbehrendsen
Автор

cool so if I use zerotier, can I access to the printer without install on it the other day the app, I mean if I install only on a laptop, can I have access to the entier local network

dragon
Автор

Interesting concept for sure. I do agree with Tom that a traditional VPN is more suitable for a use case such as connecting to your home (or office) network remotely.

charlescc
Автор

Let’s say I have a deployment where my lighthouse is in the cloud and I have 4 other hosts. 1 and 2 are in the same cloud as the lighthouse and 3 and 4 are in a different cloud. When I connect from host 1 to host 2 does it use the public IP and goes over the Internet? Wouldn’t that be really inefficient? Can it go over a private Cloud Network?

maxmustermann
Автор

• The ability to push DNS configuration to members, a long requested feature that will be valuable in enterprise environments with internal DNS servers or Windows domain controllers. The network controller side of this can be edited in ZeroTier Central by adding ?dns=1 to the end of the /network/<network ID> URL when viewing or editing a network. This will reveal a DNS configuration box in the network settings area beneath multicast configuration. On the client you must allow DNS setting management for a network in the ZeroTier UI or via the command-line interface with zerotier-cli set <network ID> allowDNS <true|false>.

fbifido
Автор

After speaking with one of the developers of Nebula their update for IPV6 support will be coming soon, allowing more situations where Nebula will work, especially when involving CGNATs.

I'm running the development branch of their outside_ipv6 and it works flawlessly. Punching through EEs CGNAT.

I moved away from Tailscale as I don't appreciate that they can add any devices to my network0. If/when they open source the server, Ill reconsider.

ollyb
Автор

How is UDP punch through different from WebRTC? You have a STUN server that coordinates two clients and sort of spoofs for that initial connection to allow direct client-client UDP traffic (potentially falling back to a relay just like zerotier) and usually firewalls don't matter unless they are blocking the STUN servers. Great video thanks!

brianford
Автор

A couple of months ago I did looked into Nebula and thought it's a cool project to link two sites together and room to grow when more sites get added. Would love to see the video about it on here.

Darkk
Автор

I made the experience that virtual network adapters added by third party software will often be removed by windows updates. Is that an issue with this product?

Ahnor
Автор

Tom tweets about Nebula, makes video over following day. 🤣

Zaf
Автор

I was ready to use Zerotier Edge appliances everywhere (cabin, parents house etc.), but now it's EOL so looking for another solution where the client does not have to be on / routing to other non PC devices.

stratcast
Автор

Love zeroteir. Use it for both my vpn access (split tunnel) to internal resources and cross site transport (eoip for layer 2 bridge + routed subnets)

troybaird