ZeroTier SDN/VPN Networking Service
Michael Butash
michael at butash.net
Tue May 17 20:56:54 MST 2016
Just thought I would share something really cool I've been playing with
the past few days...
https://www.zerotier.com/
So this is both sort of an IAAS solution for Software-Defined Networking
(SDN), but is so brain-dead simple, and pretty capable for something of
an overlay VPN-ish service for interconnecting devices. This emulates
much bigger "software-defined networking" features in enterprise, but at
a more micro-to-mega offering.
Read: Instant VPN for any device/os, mostly/somewhat secure on first look.
For instance: I created a account bound to my gmail sso, and created a
new private network. Created IP scopes, install clients, issue a "join"
cli command to a 16 char hex string, trust the device in the server ui,
assign an address, and it's connected. Half hour of my time, mostly
reading docs and --help options on the client. Everything can see
everything between each other as though local on a small subnet (!).
<tldr>
I then did the same for 2x more linux systems, a few tablets, and I'm
steadily eyeing other things I can install the client on - instant, and
very capable interconnected networking with local bridge capability,
full IPv4/6, and even more obscure (for enterprise at least) protocol
support for Ethernet over ATA frames. On devices on the local lan, I
tunneled an iperf test at just a bit less than normal gig rates (~850mbs
with default non-dispatched threading) over the overlay tunnel
networking interface established addressing.
Ether way, very cool and simple for interconnecting, well everything.
Think features like VMware NSX, Amazon Private Cloud, and random
pc/device/gadget networking securely for the little folk, or big (they
hope). In the near future they're adding full default-route tunneling
for creating egress node
<more tldr>
The idea is to sell a service for instant networking for IoT devices
with a lightweight client stack (mostly using native "tun" drivers under
linux/android, whatever else for win/mac/ios). but as a consumer service
with gratuitous usage for personal use up to 10 devices and totally
rocks so far. This can act as a stand-alone controller as well for
enterprise internal use or home - kinda thinking about putting the
controller on my wrt router for lan extension use at home too.
Basic sniff test looks ok around security using a device inclusion model
for joining with said 16char hex string, rotating certs on private to
ensure when removed it times out to remove access on next re-cert.
Supposedly looking at various other methods of integrating dual-factor
auth and such, but still early in the dev.
Opinions welcome here on security/usability. Might be fun to create a
public network and invite plug friends to network, literally. ;)
-mb
More information about the PLUG-discuss
mailing list