
ZeroTier - Simple Software Defined Networking - viraptor
https://www.zerotier.com/
======
0x100000
Hey thanks for posting this!

I'm an engineer for one of the projects over at ZeroTier. It's neat to see
this pop up on HN. If anyone has any questions about our technology or
services, let us know. We'll keep an eye on this thread!

~~~
jonathanoliver
Is there any way to turn compression off to reduce CPU consumption by the
ZeroTier process?

Also, one big concern we have is using the standard/default discovery servers
to run our network. Is there any guidance on self-hosting the discovery
servers ourselves?

Lastly, can ZT assign IPs for us automatically using some kind of DHCP? Is
there any documentation about how it works in case of network partitions?

~~~
api
(ZeroTier founder here.)

Turning off compression: noted. We also might permit a no-encryption mode for
trusted backplane networks for data center SDN use in the future.

There's no federation for the root servers _yet_. We have numerous ideas on
how to implement this but it's not a current priority. It has to be done with
care to avoid sacrificing speed, security, or ability to upgrade.

You can read some of the reasoning behind ZeroTier's design here:

[http://adamierymenko.com/decentralization-i-want-to-
believe/](http://adamierymenko.com/decentralization-i-want-to-believe/)

TL;DR: we chose a design that delivers instant-on zero-configuration
operation, security, and very fast (<5s) connection setup between any two
devices on Earth at the expense of adding a small amount of centralization to
the system. We also avoided certain technologies like DHTs because we wanted
the endpoint software to be small enough to run on small embedded devices with
limited bandwidth, CPU, and memory and on mobile phones with bandwidth and
power limits. Our root server based architecture achieves all this.

The root servers are two-times redundant. There are two root servers and each
of these is geo-distributed across six nodes. These are also spread across
four cloud hosting ISPs. Any combination of up to 11 roots total can fail
without the system being significantly impacted since each root individually
has enough power to carry the whole net. All roots are secured with physical
two-factor authentication and only permit ssh access from a set of secret
gateway IPs (also secured with 2fa).

Root locations are: San Francisco, New York, Dallas, Toronto, Amsterdam,
Paris, Franfurt, Johannesburg (SA), Sao Paolo (BR), Tokyo, Sydney, and
Singapore. Almost everyone on Earth gets <100ms ping to at least one.

------
zrail
I use ZeroTier as a virtual backplane between my servers in AWS, my home
server in my basement, and my laptops. Love it.

------
riobard
28.0.0.0/7 is allocated to DoD. Though it's currently unrouted, can you just
reuse it as needed?

~~~
NetStrikeForce
That's why at Wormhole we chose to use 100.64.0.0/10 (and actually most of our
customers only use the default first /24). It's reserved for carrier grade
NAT, thus unlikely to interfere with anything you or your providers use :-)

We offer a similar service to ZeroTier, but based on SoftEther. Needless to
say, we LOVE ZeroTier, they've got a brilliant product. Keep up the good work!

[https://wormhole.network](https://wormhole.network)

------
brightball
Love Zerotier. Using it to connect 3 small offices at the moment and it's
worked like a charm.

------
raarts
I've been using zerotier for a year now. It is simply FANTASTIC. Currently use
it as a management plane for my docker swarm. Really great work. Their blog is
also very much worth reading.

EDIT: I'd like to mention an interesting feature. If you run two hosts that
are also connected in another way, for example on a LAN, or using private
networking from your cloud provider, ZT will automagically find and use the
fastest route for host to host traffic.

------
jbverschoor
Tried it, works very nice. Gonna try this for my friends, family and some of
my servers.

Was looking for such a things for quite some time

~~~
dualogy
> Gonna try this for my friends, family and some of my servers.

What are these use-cases all about? Not really getting the point of this right
now.. curious since all my friends, family and servers are connected to the
Internet already just fine, as I suspect were yours.

~~~
Nullabillity
For example, many older games either have no online multiplayer support, or
have shut it down, while they do have functional LAN support. If this can
replace Hamachi for those use-cases, then that's pretty great already.

------
joelklabo
This is what 21 Inc. uses for their market.

------
andrewmunsell
Been using ZeroTier for a while now. My main use case is to connect my laptop
to my home network so that I can access my NAS and Plex server while I'm away
without having to expose those ports to the internet directly.

------
sandstrom
It's an interesting piece of software. I've used Otto get multi-cast onto an
AWS E2 node. Good name too (refers to the OCI-model).

------
kaffee
How is this (or wormhole) different from cjdns?

~~~
viraptor
cjdns works on ip level (ipv6 specifically). Zerotier gives you a virtual
ethernet layer. Also you can use a private controller rather than always
relying on public DHT.

------
Fastidious
Is there a simple document that guides through building and configuring my own
public node? Thanks!

------
hugozap
I used Hamachi LogMeIn some time ago. This looks like a much better option.

------
dollar
This seems exactly like Pertino. [http://pertino.com](http://pertino.com)

~~~
ramarnat
Except... ZT1 is open source and has far more permissive free and paid plans
(disclosure - I am an investor in ZeroTier)

