tinyzimmer

joined 1 year ago
sorted by: new top controversial old
Webmesh: Now with the ability to peer independent meshes in c/[email protected]
[–] [email protected] 1 points 11 months ago

Almost certainly. At its core - everything happening could be accomplished with just regular configuration files. It's just a suite around maintaining the state basically.

I was considering adding FRR or BGP to the mix at some point - but it hasn't proven necessary yet.

Webmesh: Now with the ability to peer independent meshes in c/[email protected]
[–] [email protected] 1 points 11 months ago

Maybe? Quite possibly it seems. I'm not famiilar with it too much.

Webmesh: Now with the ability to peer independent meshes in c/[email protected]
[–] [email protected] 11 points 11 months ago* (last edited 11 months ago)

It's extremely similar to Tailscale, and they are a major source of inspiration for a lot of the functionality.

The main difference is I am using a controller-less setup where each node maintains the state of their mesh via raft consensus. If a controller server goes down, another node will pick up the leader responsibilities. When requests come in that need to mutate network state, nodes will automatically forward the request to the leader node for you.

So kinda like a Tailscale - where you can disconnect and branch off at any time. Think...federated networks.

57
Webmesh: Now with the ability to peer independent meshes (github.com)
 

Hey all!

Dropping my Webmesh project (https://github.com/webmeshproj/webmesh) again as I've just reached a major milestone in my development towards making it a viable product. Webmesh is yet another pass at creating a distributed service/application mesh/VPN using WireGuard. More infoz is on the project website: https://webmeshproj.github.io/

With the new "mesh bridge" capabilities, you can run a bridge node between two or more meshes that serves to forward appropriate traffic between them. It also offers DNS forwarding capabilities to lookup internal names across meshes. This is accomplished by running two or more IPv6 only wireguard interfaces connected to each mesh and sharing routes between them. IPv4 support is planned, but honestly may not even be necessary. You can see a reference example/playground here: https://github.com/webmeshproj/webmesh/tree/main/examples/mesh-to-mesh

Excited for your feedback :)

Webmesh: Yet Another WireGuard Mesh Solution in c/[email protected]
[–] [email protected] 3 points 11 months ago* (last edited 11 months ago)

So it will work with clients behind NATs. By default the network is a little different from similar solutions in that not everyone is directly connected peer to peer. The default behavior is to branch off from the server you joined (with traffic to the rest of the network routed through them). Then via the admin API (or configuration/RBAC that needs to be better documented) you can tweak the topology by putting "edges" between devices. If there is no direct connectivity between the devices they will use ICE tunnels to connect. One of the APIs that can be exposed on nodes helps with candidate negotiation, and another one can be a TURN server if you want. Sorta demonstrated here https://github.com/webmeshproj/webmesh/tree/main/examples/direct-peerings but it's a fake test because it happens on docker networks.

To your second question, there has to be someone accessible currently. But I've included an idea of a Peer Discovery API server that devices can optionally expose. In that vein you could have a node that just provides peer discovery and nothing else.

It's kinda pointless though because the server running the API has to be a member of the cluster already - so in that way they become a "central server". I want to add more options, such as SRV lookups. Always happy for help and more ideas too :)

55
Webmesh: Yet Another WireGuard Mesh Solution (github.com)
 

Hey all

I wanted to show off my new project, webmesh. It's yet another solution for creating WireGuard mesh networks/VPNs between multiple hosts, most similar to projects like TailScale/ZeroTier. It differs from others in that there is a controller-less architecture that maintains the network state on every node via Raft consensus. This allows for any node to become the "leader" should one go away.

Github in the link above. More infoz in the README and on the project website: https://webmeshproj.github.io

Excited to hear any feedback :)