Hacker News new | ask | show | jobs
by linsomniac 1559 days ago
I've been a fairly big ZeroTier fan for a year or more, playing around with it on my own machines. They do some really slick things with public networks and braodcast traffic and those "public network with an open firewall for port X" (their name escapes me), and I like their web interface (vs managing files like Wireguard or Nebula).

They were on the short list for deploying an overlay network for work, and when I started thinking hard about it, I was concerned about availability if their controllers went down, I didn't want to tie our availability to theirs.

So I asked their sales a question about if we could host a backup controller or something to allow our network to operate if their controllers went offline. It took (IIRC) a couple weeks to get a reply and that reply was along the lines of "It's impossible for all our controllers to go down, but if you want to self hose you lose the web UI." I replied linking to a ZeroTier tweet saying "Hosted controllers are coming back up" and asking "What was the event referred to in this tweet", and got only crickets in response.

So I'm planning on going with Nebula, but also keeping an eye on DefinedNetworking.

https://twitter.com/ZeroTier/status/1389766385480372225?s=20
2 comments
OpenZiggy 1559 days ago
If you're looking for alternatives you might find the free, open source project I'm a dev on interesting too. you can run your own network if you want. Give us a peek? https://openziti.github.io/ If you like the project just give us a star on github so we can spread the word :) Right now we also have "a single controller" but you don't lose any network traffic if you have to restart it and of course - we are right in the midst of going "distributed controller" to eliminate that spof.
link
linsomniac 1558 days ago
Just from a look at the homepage, it does sound interesting. In our case, we have a lot of legacy apps that will get in the way, but Zero Trust is a direction we'd love to move in.
link
OpenZiggy 1558 days ago
The tunnelers are your friends there. We have them for all major desktop/mobile os'es. They are "basically a vpn client" but with all the actual zero trust goodness you'd expect...strong identity, policy based security etc. We realize you can't just embed zero trust into all your apps right from the start. it's a journey! :)

You should check them out. Lots of videos showing interesting features over on youtube too if you like a video... https://www.youtube.com/channel/UCAsrfQasdZmp2Gq07Ej_5cQ/vid...

link
FL410 1558 days ago
DefinedNetworking develops Nebula, they split off from Slack.
link
linsomniac 1558 days ago
But they aren't just Nebula, they offer a hosted key manager for Nebula and tooling that centrally manages your configs. It's still fairly early, doesn't support all Nebula features, but it looks promising.
link