search

slackhq / nebula

A scalable overlay networking tool with a focus on performance, simplicity and security
MIT License
14.31k stars 961 forks source link

Feature Request: ospf over nebula #800

Open vxdzero opened 1 year ago

vxdzero commented 1 year ago

What version of nebula are you using?

1.6.1

What operating system are you using?

Linux

Describe the Bug

Hello, first I would like to congratulate everyone for the excellent work on nebula. You guys are defining the future of mesh network. My question is: is it possible to use routing protocols like ospf over nebula? I came across a scenario where in some clients I have 2 internet links configured in failover and i add in firewall rules to forward each instance of a node to a link and I would like the nodes to switch in case of a link failure. I tried ospf on top of nebula1 and nebula2 interfaces in both sites, but no success. Any tips? Or am I really trying something not yet supported? If so, is there any possibility that nebula will support this scenario in some future? To better understand my need, I made a small diagram:

node_A node_B |interface_nebula1|----|wan1 | |wan1 |----|interface_nebula1| |network A|----| ospf | |firewall|---internet_multiwan---|firewall| | ospf |----|network B| |interface_nebula2|----|wan2 | |wan2 |----|interface_nebula2|

Logs from affected hosts

No response

Config files from affected hosts

No response

vxdzero commented 1 year ago

After making some tests, I discovered that it is not possible to change the routes manually or by some dynamic routing system in the nebula interface. So I think the solution for this case would be to have an option in the configuration file to allow changing the routes externally. Perhaps also make this statement explicit in the node's certificate.

benyanke commented 1 year ago

I would wonder if something like wireguard would be a better transport layer for something like OSPF - far less complexity, and a tool better suited for the job.

ghost commented 1 year ago

I know I am late to the game but this might work in ptp or point to point mode in bird. I am going to try it when I have a chance.

blind-oracle commented 1 year ago

Yes, it works in ptmp mode (or ptp). But it would be nice if nebula would work in simple ospf broadcast mode where one does not need to specify neighbors manually...

benyanke commented 1 year ago

I don't believe that's really possible, broadcasting to an entire nebula network seems inadvisable, given it's designed to be very scalable.

blind-oracle commented 1 year ago

@benyanke Well, maybe it's possible to create an opt-in flag for that for people with smaller networks like me. I am using Wireguard now too, but it's more hassle to set up a bit and it's currently being blocked in Russia by govt (i'm having a VPN for my parents there) so I'm discovering other options for mesh-like networks