HgMs
November 19, 2022, 9:39am
#1
I got 3 nodes refered as A B C
delay between A and B is 10ms, between B and C is 40ms, while A and C is 400ms
How can I optimize the path between A and C?
1 Like
At some point something like this was discussed:
opened 06:37PM - 10 Nov 17 UTC
closed 06:16PM - 11 Jun 19 UTC
Type: Feature Request or Suggestion
Status: Backlog
One of the advertised features of the [Edge](https://www.indiegogo.com/projects/… zerotier-edge-open-source-enterprise-vpn-sd-wan/x/17167082) is "local root server" capability. We don't want you to have to do the "set up a moon" dance for this. We want it to just work.
I've got an idea for how to do this that I wanted to write down so I don't forget.
Typically a man-in-the-middle or a sniffer is an adversary, but it doesn't have to be. ZeroTier is end-to-end encrypted and authenticated so a MITM just sees noise and can't modify packets, but the source and destination ZeroTier addresses are visible.
When you don't have a direct path you send your packets upstream, but the destination ZT address is the end destination not the upstream hop. That means that anyone watching knows the ZT address of the destination and the source as well as the physical IPs of both. (ZT is a secure link protocol but is not an anonymity protocol like Tor.)
This means nothing stops an observer from chipping in and saying "hey Alice! I know Bob! He's over there!"
The question is how to make this secure. Anything that lets another device hint about where to connect is a magnet for potential abuse in the area of hostile forensics, DDOS amplification attacks, and other shenanigans.
The intended use case is for local routers and/or things on your local LAN to be able to do this. As such they're going to be able to observe your traffic and they're going to be close.
Maybe there could be a way for them to send such a hint along with some observed data and maybe the receiver could only accept the hint if the observed data matches a packet sent less than, say, 5ms ago. This would make it impossible for a naive third party to send these as they would not have any legit sniffed packet data, and it would also be impossible for someone far away to send hints because Albert Einstein.
It would be great if there would be an option to allow routing from two or the same network interface. Considering there’s already some sort of multipath support, routing trough another node could just show as another possible path, though you’d have to take into account exponential explosion caused if there are too many nodes with routing allowed.
system
Closed
December 20, 2022, 10:14am
#3
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.