Self-Hosted Zerotier

[rkhamis]

➤ Jan De Landtsheer commented:

There are a few ways to handle this :

• run a fully self-hosted zerotier where we run our own Planet servers (rootservers) as base infrastructure.

A fully self-hosted ZeroTier needs that we re-compile Zerotier with our own rootservers, have infra in place that makes sure we have these rootservers up & running all the time (with an eventual DB ) While that will alleviate the slowlessness for handing out IP addresses to zerotier client nodes, running that infra will take some operational resources, but right now it's not sure of how much.

That also means that these rootserver descriptions need also to be in the clients, so we'll need to distribute the zerotier binaries ourselves . In itself that wouldn't be hard for our own 0-OS/flists/robots, but it'll be somewhat harder for mom&pop using it. Also, maintaining binaries for all the platforms that Zerotier maintains will be a pain. (MacOS, IOS, linux, Android, windows...)

• run a controller per network and have our clients connect to moons (moons get precedence compared to planet controllers).

We can also run a controller ourself, where 'a' running zerotier daemon registers a network to the zerotier network, and when clients want to connect to that network, the zerotier rootservers redirect the clients to that controller to obtain an ip address. If that network is specified as 'private', then we also need to allow the client to that network ourselves. That basically means, that we need to know which controller (node) to send the auth request.

Advantage from experience is that (for small? networks) the ip allocation is virtually immediate.

When we would add a moon to the same controller it would be good for bandwidth too (the p2p libraries are only effective in situations where only one nat is involved. Most restricted-cone nats in enterprise don't allow upnp, so hole-punching gets a lot more difficult and mostly ineffective.

• do both.

For each of the solutions, in the event we need to run separate controllers we'll need a network-id to controller-ip mapping from somewhere ... in a db of some kind

[rkhamis]

➤ Christophe de Carvalho commented:

As a first phase we will first start to run our own controller. For this we need:

• [ ] creation/review of the zerotier controller SAL in jumpscle
  • [ ] creation of an zerotier actor in digital me
  • [ ] define actor interface and schemas
  • [ ] implement actors
  • [ ] create zerotier DM package

[rkhamis]

➤ Christophe de Carvalho commented:

Moved to 9.5.1, since we want to deliver this for the storage project too