[Support]: One master-network (to reach all "sub-network-clients") ? #616
Comments
|
Note: This is just from the top of my head and not tested, but here's how I would configure it: Then in your master network settings, add managed routes for each pizza network like this: This way, your devices only need to connect to the master network to reach any pizza network through the routing node. |
|
Thanks for the quick answer! 😺 I have something similar in my head too, just not clear yet, how it would work in reality, because what I've tried so far, did not work. (Maybe I did a mistake?) Only this command seems troublesome for me at first site: Also I'm afraid, I'll have to install a firewall and set many strict rules to prevent one network to see the other. Don't I ? Someone suggested I should run 1 of "ZeroTier ONE", where it connects to all networks, and do all the forwarding in there. But I do not know how to prevent port conflict, if it is running on the same VPS / docker stack? Actually I also do not know, if these routings only apply "inside docker", or also outside of it, on the whole VPS... |
|
I've tested this method. Conclusion:Too slow! (30-600ms, instead of 2-5ms. Even TightVNC is lagging.) The reason is:
Any other ideas? |
|
Hello. :) What is my server set-up: *To do this, ` { ` Next I installed ztnet server using docker, plus some other containers like portainer and some backup software but these are irrelevant… What I manage; How I manage the different networks: to have access to ztnet software i have made a “control network” in the ztnet and i have joined the server’s So far i have access to the ztnet and i have full control of all the organizations, networks and users. if i need to offer IT support to every single peer/machine on every organization my control devices need to be part of the respective networks to be able to communicate with that machine through zerotier and some kind of control/rdp software like vnc. i hope that this will give you some ideas on how to use this amazing project! |
So basically you have to connect to all networks the same time. Right?
Or did I misunderstood something, and you have only one giant network (like: 10.100.0.0/16) and you are using micro-segmentation via organization only? |
|
Hello again :) Let's make it clear that I am trying to help and be educated myself. I am not a network expert by any means even if I have some experience with big networks. I find what you are trying to do very interesting. The scale of it makes it more challenging. Yes. You understood correct, the way I do it, my control device needs to be connected/attached to every network if i want to have access to all nodes. And yes you are right, smartphone client cannot do it, they don't allow to be connected to more than one network at the time. My laptop “control device ” I know you suggested a big “control network” that all the clients will be connected to with So… zerotier makes p2p networks. Zetnet is an excellent way to self host, create and manage those networks! “Peers are equally privileged, equipotent participants in the network, forming a peer-to-peer network of nodes.” (Wikipedia) To be able to communicate with a peer/node we should be able to ping it and get a response. In my implementation I can do that, since I “see” all the peers and peers “see” my control device. (But no one outside their network). In your suggested implementation, using a big zerotier p2p network, all peers will be able to see everyone on all networks 🫣.. I understand your concerns about being connected to hundreds of networks but maybe it is not that terrible. Be mindful that big networks in one big or multiple segments are live organisms .. They constantly change everyday. Hundreds of people try all kinds of things on those networks while trying to do their job or just messing around, machines need to be added, removed or replaced that makes it even more challenging to manage and maintain. Sorry for the long post. |
|
Hi, Thanks for the long letter! I appreciate it!
No, I definitely want to avoid that.
I agree. That's why I'm afraid of rule-based micro-segmentation. (One mistake, and PCs from other networks may see each other.) |
|
Hi,
" I agree. That's why I'm afraid of rule-based micro-segmentation. (One
mistake, and PCs from other networks may see each other "
There is no need for micro-segmentation as described in zerotier
documentation in the organization implementation..
Each organization have its own networks that are completely separated from
any other network.
Just make some organizations
On your server and play with them, you can delete them anytime.
I will try to make a small example project in the discussions section
sometime next week. Since I will be very busy this weekend.
I will let you know when it is done.
Message ID: ***@***.***>
… |
📝 Inquiry
What is the recommended way to set up my own planet on a VPS to handle one "master-network" that can reach the other 100+ networks too?
I like the simplicity, and I’d like to manage 100+ separated networks (restaurants).
1-10 PCs in each. (ca 300 PCs+Phones+Laptaps all together.)
I am the only one allowed to manage networks. (Pizzeria owners get only client access to their own network.)
But it would be bad if I'd need to connect to all 100+ networks from my phone + laptops simultaneously.
(Or disconnect / reconnect to an other network each time someone is calling for quick help.)
So my developer PCs and phones should connect to only this one "master-network", from where I could connect to any member of any separated network.
❓ So the question is:
Is it possible somehow to create one Network that would “see everyone” (all members in all networks) ?
If yes, can I block somehow the access to this one group, so sub-members should not be able to start connections “back to my developer PCs / phone”, only I should be able to connect to them? (VNC, RDP, SQL, ...)
Thanks for any advice :-)
🔧 Deployment Type: [X] Docker
💻 Operating System: Debian
The text was updated successfully, but these errors were encountered: