networking: SDWAN

Software defined wide area network, SDWAN

• Different use case to a normal VPN. Provides an additional network to the nodes. Does not tunnel all traffic through the new network.
• Nodes can connect securely by IP across any intermediate WANs/LANs, including NATs, either by directly brokered P2P connections or else via a public relay (might employ UDP hole punching).

Examples:

• ZeroTier
  • Proprietary protocol stack, freemium model (for 50 connections)
  • They host public connection servers that try to broker P2P connections and fallback to proxying
  • Network defined by a unique ID, arbitrary connections
  • L2 i.e. switches on MAC: supports multicast IP use cases like mDNS
• TailScale
  • Open source, self hostable or freemium model (for 20 connections)
  • Wireguard and NOISE protocol stack
  • Public servers broker/proxy P2P connections
  • Network defined by user auth domain
  • L3 i.e. switches on IP (not MAC): does not support multicast IP
• Nebula
  • Open source, self hosted only
  • NOISE protocol
  • Public lighthouses broker/proxy P2P connections
  • Network defined by a single custom certificate authority, signs custom certificate authenticating and authorizing each node