networking: SDWAN
Software defined wide area network, SDWAN
- Different use case to a normal VPN. Provides an additional network to the nodes. Does not tunnel all traffic through the new network.
- Nodes can connect securely by IP across any intermediate WANs/LANs, including NATs, either by directly brokered P2P connections or else via a public relay (might employ UDP hole punching).
Examples:
- ZeroTier
- Proprietary protocol stack, freemium model (for 50 connections)
- They host public connection servers that try to broker P2P connections and fallback to proxying
- Network defined by a unique ID, arbitrary connections
- L2 i.e. switches on MAC: supports multicast IP use cases like mDNS
- TailScale
- Open source, self hostable or freemium model (for 20 connections)
- Wireguard and NOISE protocol stack
- Public servers broker/proxy P2P connections
- Network defined by user auth domain
- L3 i.e. switches on IP (not MAC): does not support multicast IP
- Nebula
- Open source, self hosted only
- NOISE protocol
- Public lighthouses broker/proxy P2P connections
- Network defined by a single custom certificate authority, signs custom certificate authenticating and authorizing each node
Published on: 09 Apr 2022