I have read documentation, about root nodes and new “aleph”. But this infrastructure is to let each node find other nodes.
I have another question.
When I have two nodes that cannot communicate directly (strict firewall) you say that they will communicate indirectly with a third node.
How can I choose that node? I would like to create some VMs on AWS, Azure, and other networks that like “supernodes” will accept traffic from other clients of only my networks that cannot communicate directly.
How can I do it? Is it enough to create a vm, install zerotier client and connect to one network?
I ask a simple question: what happens exactly when two nodes cannot communicate directly?
Do they use a third node? Which one? Can I suggest it a good one?
I cannot find anything in docs.
I might be wrong, but the nodes would communicate through the root servers if they could not form a p2p-connection. You could also create 2 separate networks and have 1 gateway node between the networks.
Thanks for reply infact this is my question: if I own a third node with zerotier client on it and good bandwidth why they need to go to root servers? Is it better to go to my third node?
I hope zerotier developers can answer this very important question.
Well, it would go through the root servers because that would be the only point they had in common if you have a very strict firewall (only allowing traffic to and from the root servers). If you however were to have 2 networks in ZeroTier, you could route all the traffic through a node that is connected to both networks. This would require you to create static routes in the ZeroTier networks, as well as open the firewall to the third node. It’s not that difficult if you are familiar with Linux/Unix (I don’t think this would be possible to do if the third node ran Windows) and networking.
Create 2 networks in ZeroTier, add the node to both of them, then you add a route from one network to the other via the node that is in both networks and then vice versa. In the node self you need to create a firewall rule to forward the packets. See link below for some basic instructions, these would need to be modified to fit your scenario.