Hacker News new | ask | show | jobs
by jonathanoliver 3692 days ago
Is there any way to turn compression off to reduce CPU consumption by the ZeroTier process?

Also, one big concern we have is using the standard/default discovery servers to run our network. Is there any guidance on self-hosting the discovery servers ourselves?

Lastly, can ZT assign IPs for us automatically using some kind of DHCP? Is there any documentation about how it works in case of network partitions?
2 comments
api 3692 days ago
(ZeroTier founder here.)

Turning off compression: noted. We also might permit a no-encryption mode for trusted backplane networks for data center SDN use in the future.

There's no federation for the root servers yet. We have numerous ideas on how to implement this but it's not a current priority. It has to be done with care to avoid sacrificing speed, security, or ability to upgrade.

You can read some of the reasoning behind ZeroTier's design here:

http://adamierymenko.com/decentralization-i-want-to-believe/

TL;DR: we chose a design that delivers instant-on zero-configuration operation, security, and very fast (<5s) connection setup between any two devices on Earth at the expense of adding a small amount of centralization to the system. We also avoided certain technologies like DHTs because we wanted the endpoint software to be small enough to run on small embedded devices with limited bandwidth, CPU, and memory and on mobile phones with bandwidth and power limits. Our root server based architecture achieves all this.

The root servers are two-times redundant. There are two root servers and each of these is geo-distributed across six nodes. These are also spread across four cloud hosting ISPs. Any combination of up to 11 roots total can fail without the system being significantly impacted since each root individually has enough power to carry the whole net. All roots are secured with physical two-factor authentication and only permit ssh access from a set of secret gateway IPs (also secured with 2fa).

Root locations are: San Francisco, New York, Dallas, Toronto, Amsterdam, Paris, Franfurt, Johannesburg (SA), Sao Paolo (BR), Tokyo, Sydney, and Singapore. Almost everyone on Earth gets <100ms ping to at least one.

link
raarts 3692 days ago
As far as I understand it, the binary contains compiled-in ip addresses for public nodes operated by zerotier. By recompiling you can run your own, they are not special in any way as I understand it. And if they go down your network wil not suffer, they are only used for initial setup.

Separate from this you also have to option of running your own network manager. This will allow you to create and manage your own virtual networks, with your own GUI, billing etcetera. The Zerotier binary can be compiled with a special option to extend the build-in REST API for that.

See: https://github.com/zerotier/ZeroTierOne/tree/master/service

link