Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hey everyone. I've been getting Happy Birthday messages from here for years now, and like to stop by on occasion. Last week, I started working for ZeroTier as a Community Support Manager and trying to get the team more feedback on how folks use the software; as well as any problems they're having. Any and all is appreciated.
https://www.reddit.com/r/zerotier/ => I know folks here aren't big Reddit fans, but I did go over a backlog of older threads there, that might highlight some issues you may be interested in.
Hey business_kid. 13 years ago, I wrote up http://tinc-vpn.org/examples/ipv6-network/ ; this is like a managed, smarter version of that software. And yeah, I could be more active: I pretty much divided the bulk of my time between Slashdot and Reddit.
Hey business_kid. 13 years ago, I wrote up http://tinc-vpn.org/examples/ipv6-network/ ; this is like a managed, smarter version of that software. And yeah, I could be more active: I pretty much divided the bulk of my time between Slashdot and Reddit.
P2P virtualized Ethernet, using the TUN/TAP driver. When I've used tinc, it generates SSH-style keys to use for security; with IPv4, IPv6, and raw frame deployment options. What I liked about this before I started working for them, is that it has those options, except you can build out a managed mesh topology, vs having to edit a bunch of key files. Either option is superior to OpenVPN IMO. I could see WireGuard supplanting tinc & OpenVPN for 1-to-1 connections.
IPv6 uses a protocol called NDP in place of ARP. It is similar in role and design but uses narrow multicast in place of broadcast for superior scalability on large networks. This protocol nevertheless still imposes the latency of an additional multicast lookup whenever a new address is contacted. This can add hundreds of milliseconds over a wide area network, or more if latencies associated with pub/sub recipient lookup are significant.
IPv6 addresses are large enough to easily encode ZeroTier addresses. For faster operation and better scaling we’ve implemented several special IPv6 addressing modes that allow the local node to emulate NDP. These are ZeroTier’s rfc4193 and 6plane IPv6 address assignment schemes. If these addressing schemes are enabled on a network, nodes locally intercept outbound NDP queries for matching addresses and then locally generate spoofed NDP replies.
Both modes dramatically reduce initial connection latency between network members. 6plane additionally exploits NDP emulation to transparently assign an entire IPv6 /80 prefix to every node without requiring any node to possess additional routing table entries. This is designed for virtual machine and container hosts that wish to auto-assign IPv6 addresses to guests and is very useful on microservice architecture backplane networks.
Finally there is a security benefit to NDP emulation. ZeroTier addresses are cryptographically authenticated, and since Ethernet MAC addresses on networks are computed from ZeroTier addresses these are also secure. NDP emulated IPv6 addressing modes are therefore not vulnerable to NDP reply spoofing.
Normal non-NDP-emulated IPv6 addresses (including link-local addresses) can coexist with NDP-emulated addressing schemes. Any NDP queries that do not match NDP-emulated addresses are sent via normal multicast.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.