pstadler
commented
5 years ago WireGuard has been rock solid since the beginning and I don't see any reason to switch. How do they compare regarding security, performance and setup?
Closed hijak closed 3 years ago
pstadler
commented
5 years ago WireGuard has been rock solid since the beginning and I don't see any reason to switch. How do they compare regarding security, performance and setup?
hijak
commented
5 years ago Hi
I will cite some things regarding your questions regarding security https://github.com/zerotier/ZeroTierOne/issues/811
zerotier is p2p and has a ui for access control this can also be managed via API (oppertunity for ansible to auth the node while provisioning)
installation is very simple, more info can be found here: https://www.zerotier.com/download.shtml
I usually add the zerotier interface to the trusted zone in firewalld and whitelist the zerotier private range
as far as performance goes im using it as a backplane network for cephfs. I am media streaming off the cephfs store via kubernetes in a different geographic location
everything runs smooth i have not noticed performance issues with zt but neither have i tested indepth, but for this scope it seems like an ideal fit
ivan4th
commented
4 years ago ZeroTier is indeed easier to set up than WireGuard, also, it makes it easy to access the nodes w/o configuring WireGuard on your machine (e.g. on a Mac). All in all, it's just easier for building your own "intranet" with ZeroTier than with wg, and its peer-to-peer nature is a good thing in some situations. That being said, I did try to do Ceph (via rook) over zt ~1.5 years ago and the performance was rather suboptimal. But that was quite some time ago and there's possibility that these problems are gone, so maybe it's worth trying again.
pstadler
commented
4 years ago Why would you access your cluster via the same private network used between nodes? Just get ZeroTier for this, and only this, if you think it offers a benefit.
WireGuard is performing far too well in every regard to even consider replacing it. It will most likely be integrated into the Linux Kernel any time soon. Configuration is simple and straightforward. I have a hard time understanding why you would prefer ZeroTier over WireGuard. Performance is crucial, I‘ve yet to see some benchmarks of ZeroTier. Feel free to submit iperf results, preferably using Hetzner Cloud‘s smallest VPS, so I‘ve got a direct comparison.
Hi
for your
Secure private networkingsection may i suggest using zerotier. I have used this for many projects where the provider was missing privatenetworking