Update: Part 2 is live!
I wrote this post for people that may be interested in a scalable Multipoint VPN solution for site-to-site communication. I intend for this to be a multi-part series, so let me know if there’s anything specific you’d like to see related to a deployment like this.
I’d love to see a version using Mikrotik RouterOS instead of VyOS. (Nothing against VyOS, but I’m seeing more and more Mikrotik stuff in the field). Maybe adapting Zerotier & Mikrotik design concept - Infrageeks to use BGP instead of the Zerotier routing…
Part 2 is live!:
Thanks @erik, I’ll have to look into their cloud hosted router for that since I don’t have any physical boxes from them.
I’d be happy to lend you one, depending on shipping to wherever you are…
I can’t seem to edit my original post any more.
I uploaded a part 1.5 for the series about persistence for the ZeroTier deployment in VyOS:
Thanks for the offer! I have a few more things I’m working on as far as labs. Let me check out the cloud router and see if it’ll work for lab purposes first.
Added a post about increasing the scale of this design:
Added another post to this design: Microsegmentation
I plan for this to be the final post in this series unless there’s something specific someone wants to see.
A friend of mine asked if he could create videos from my blog posts. Here is the first video:
I’ve released the first part of the Multipoint VPN series using ZeroTier and MikroTik. You can find it here:
Nicely done!
Although this now has me going down the rathole of trying to truly understanding BGP in this context and thinking about the impacts of the Hub failure in this scenario…
In Part 2 I’ll be adding additional regions for scalability, as well as additional hubs for redundancy. In this design, the Hubs are not part of the forwarding path (unless you make it so), which allows you to place them anywhere. You can have some on-prem, and some in the cloud. Hub redundancy can be as
This topic was automatically closed after 30 days. New replies are no longer allowed.