Blog History

October 7, 2019

ZeroTier SDWAN

I played around with ZeroTier open source SDWAN solution last year, but forgot about it until the other day. I was wondering if there was an easier way than having to VPN into my home network when I'm away. Thought I'd give ZT a shot. Turns out, it was a great choice, as it took me all of 30 minutes to install on all my devices and configure.

ZT is a distributed network hypervisor built atop a cryptographically secure global peer to peer network that provides advanced network virtualization and management capabilities on par with an enterprise SDN switch, and similar to VXLAN Ethernet virtualization. It has two conceptually separate but closely coupled layers in the OSI model sense: VL1 and VL2. VL1 is the underlying peer to peer transport layer, the “virtual wire,” while VL2 is an emulated Ethernet layer that provides operating systems and apps with a familiar communication medium. Also, what's really cool is how broadcast is handled. Since IPv4 ARP is built on simple Ethernet broadcast and scales poorly on large or distributed networks, ZT generates a unique multicast group for each IPv4 address detected on its system and then transparently intercepts ARP queries and sends them only to the correct group. This converts ARP into effectively a unicast or narrow multicast protocol (like IPv6 NDP). Awesome! See this manual link if you're interested on further details. Now onto my setup.

I used ZeroTier's 10.10.0.0/16 subnet range, and then for each device I assigned the same last two octets as my LAN subnet range. So for instance, if a device was 10.1.1.100/24 on my LAN, my ZeroTier address would be 10.10.1.100/16, thus making it easy to just remember the second octet's change and all the other octets are identical. The setup is extremely quick. I installed it on my PiHole, NAS, Plex server, and other mobile devices. Each one got an address from ZeroTier. Then when I need to connect to any of these remotely, I just toggle the ZeroTier app on my phone, and boom I can talk to any of those devices. For my NAS/Plex server, I have to to send a magic packet to wake as I have it go to sleep after 15 minutes since I don't use it everyday. I tried sending WOL packet via my phone's LTE but it didn't work even though I have broadcast enabled in the config. Need some further troubleshooting, but the work around is to just to SSH into my PiHole (Odroid XU4 running Ubuntu and the ZeroTier client) and send a "wakeonlan <MAC address of NAS>" and I'm live. Additionally, I have MiXplorer installed on my OnePlus 6T as well as other home mobile devices. With this app I have a FTP server role that I can toggle on, which enables me to quickly share files or pictures from my phone to other devices in my ZT network.

Totally blown away at how quick and easy this was. This would be a great solution for a SMB to get a SDWAN up and running for free, as ZT enables 100 devices for free! Even the paid tiers are very fairly priced considering the cost of the other big name solutions on the market.

I never cease to have fun with networking, and these are the tools that are make the possibilities endless. There's just something so satisfying putting all the Lego pieces together and have that magic moment where everything is connected and doing what you intended.

No comments:

Post a Comment