ZeroTier SDN/VPN Networking Service

Michael Butash michael at butash.net
Tue May 17 20:56:54 MST 2016


Just thought I would share something really cool I've been playing with 
the past few days...

https://www.zerotier.com/

So this is both sort of an IAAS solution for Software-Defined Networking 
(SDN), but is so brain-dead simple, and pretty capable for something of 
an overlay VPN-ish service for interconnecting devices.  This emulates 
much bigger "software-defined networking" features in enterprise, but at 
a more micro-to-mega offering.

Read: Instant VPN for any device/os, mostly/somewhat secure on first look.

For instance:  I created a account bound to my gmail sso, and created a 
new private network.  Created IP scopes, install clients, issue a "join" 
cli command to a 16 char hex string, trust the device in the server ui, 
assign an address, and it's connected.  Half hour of my time, mostly 
reading docs and --help options on the client. Everything can see 
everything between each other as though local on a small subnet (!).

<tldr>

I then did the same for 2x more linux systems, a few tablets, and I'm 
steadily eyeing other things I can install the client on - instant, and 
very capable interconnected networking with local bridge capability, 
full IPv4/6, and even more obscure (for enterprise at least) protocol 
support for Ethernet over ATA frames. On devices on the local lan, I 
tunneled an iperf test at just a bit less than normal gig rates (~850mbs 
with default non-dispatched threading) over the overlay tunnel 
networking interface established addressing.

Ether way, very cool and simple for interconnecting, well everything.  
Think features like VMware NSX, Amazon Private Cloud, and random 
pc/device/gadget networking securely for the little folk, or big (they 
hope).  In the near future they're adding full default-route tunneling 
for creating egress node

<more tldr>

The idea is to sell a service for instant networking for IoT devices 
with a lightweight client stack (mostly using native "tun" drivers under 
linux/android, whatever else for win/mac/ios). but as a consumer service 
with gratuitous usage for personal use up to 10 devices and totally 
rocks so far.  This can act as a stand-alone controller as well for 
enterprise internal use or home - kinda thinking about putting the 
controller on my wrt router for lan extension use at home too.

Basic sniff test looks ok around security using a device inclusion model 
for joining with said 16char hex string, rotating certs on private to 
ensure when removed it times out to remove access on next re-cert.  
Supposedly looking at various other methods of integrating dual-factor 
auth and such, but still early in the dev.

Opinions welcome here on security/usability.  Might be fun to create a 
public network and invite plug friends to network, literally.  ;)

-mb


More information about the PLUG-discuss mailing list