Do you think that it works for connect GCP and AWS, like a "tunel"? I want to connect ArgoCD that is in a cluster in a AWS environment to a GCP cluster
Can you recommended learning resources (books, courses). When I watch your videos I feel like I need to brush up some networking basics. However most of the networking material is academic and theoretical in a bad way...
Спасибо за хорошее преподавание, сенсей! Смотрю с помощью переводчика и обходов блокировок из России :) Возможно я прошу много, но если бы ещё была инфографика, а ещё сопоставление настроек NFTables и RouterOS, то было бы легче усвоить материал. Желаю успехов Вашему каналу!
I forgot to mention that default burst is 5 packets. If you want the limit rule to apply immediately you should set burst to 1 like this ip protocol icmp icmp type echo-request limit rate 1/second burst 1 packets accept Cheers!
I came from the MetalLB video and started watching all your videos because you're doing great. Even areas that I know well are interesting. BTW, what terminal font are you using?
I appreciate that! Welcome on board. In the old videos I was using AnonymicePro Nerd Font. In the newer videos I've switched to JetBrainsMono Nerd Font. Sometimes I also use Terminus. Cheers!
hello, have you done iperf3 tests? I made a zerotier controller on mikrotik 5009, the ends are mikrotik 3011 - symmetrical links 1Gb/s and I have a transfer of 40-50 mbps how does it look for you? regards Daniel
Hi, Are you running ZT on those 3011? If yes then unfortunately 3011 cpu is not that great. For site to site I would look at Wireguard or IPSEC (unless you need a mesh VPN like ZT). On MTs I'm using ZT only for management. I can run a ZT benchmark on my 5009 but from the top of my head it was way behind Wireguard or IPSEC.
@@LinuxCloudHacks Hi, that's right, 3011 is a bit weak and it would be used as a client's end; I'll replace 3011 with 4011 and then with 5009 - I'll compare; then it's time for CCR regards Daniel
@@DanelSwitalski If you have public IPs then I would definitely recommend going Wireguard or IPSEC route as you'll get much better performance than ZeroTier. BTW if you go CCR then it needs to be ARM based CCR (and not TILE - the 1xxx series).
@@LinuxCloudHacks Hi, I have public IP addresses - I work for an ISP; My tests are aimed at implementing zerotier as a service for us as an operator, without the participation of the zerotier portal - they charge for a larger number of connections; Yes, I know that ARM and ARM64 I would like to replace L2 data transmission with zerotier L3 at least 50% efficiency Best regards Daniel
So the client is dont need to install the vpn? Instead the vpn supply is a source of eth1? So that the client running static ip and the gateway are 10.10.0.1?
@@LinuxCloudHacks Thank you it's work i do on 4 virtual machine 2 is my router 1 and router 2 and the other 2 is my client connected to host internal network im happy
ROUTER1 has two interfaces. ETH0 with 192.168.10.1. This interface points towards the Internet. The default Gateway is 192.168.10.200. ROUTER1 has also ETH1 with a static IP 10.10.0.1 towards the private network. All nodes in the private network has default gateway set to the ROUTER that is 10.10.0.1. Cloudflare WARP software is installed only on the ROUTER1. Clients in the 10.10.0.x network don't have CloudFlare installed.
Ah revenge you said. The DC and Marvel will now have a clash. Telescoping each other powerful beings and supermutants world against each other. Let it be
Ever heard of OVN? It's such a nice addition to Ovs and enables it to be a fully fledged SDN. It works really well. The only thing I miss is a BGP integration. It would be so nice to advertise IP addresses of an external network so that you don't have to rely on L2 at all. There's an OVN-BGP-Agent which works well, but it is so damn slow on failovers or reconciliation, that it is completely impractical to use.
Thank-you so much for this very helpful video. You are the first person who showed the actual commands to get ZeroTier to work and connect. Before your video, I was getting all kinds of errors. I am hoping to be able to use this to host a MineCraft server as my ISP does not allow port forwarding. Any tips?
@@LinuxCloudHacks Thanks for response sir! But I am addicted to Windows Powershell, so do you think is there a way to apply plugins or scripts to be able to use Tmux features?
Great video! If all this (moons, controllers, etc.) are inside my home network, I will still depend on ZeroTier services if I want to connect from outside my home network, right? So I am not sure if this counts as self hosting then... Do I understand correctly that there would need to be a moon that is publicly hosted in the internet (a gateway so to say) to establish a connection to my overlay network.
Hi and thanks! The demo shows air-gapped installation - we are self-hosting all the infrastructure - moon and controller. It's not dependent on ZeroTier external servers. If you'd want to access your network from the Internet you need to expose the moon to the Internet. Upon creation of the moon in the "stableEndpoints" you need to add public IP(s) that your moon will be available on (forward ports on firewall etc.). Once you copy the moon definition to the client it will know how to get to that moon (via public Internet) as the public IP of the moon is hardcoded. So it's possible to not depend on ZeroTier servers to access your home network from the Internet. Let me know if that makes sense!
Superb content - thank you! No fluff just simple beginnings you expand on. Going to do a playlist marathon now if my brain can keep up 😂 Can these rate limits be teased to work a little like CODEL to circumvent buffer bloat? If so can you put together a few examples please?
I'm planning to create a video on network traffic management algorithms like CODEL, CAKE, RED, SFQ, etc. and how to use them. Just need to find some time. In the meantime I have a video about network congestion algos that you might find interesting ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-WPTP3IxqyWs.htmlsi=ImSapdAvqNS406C_
Hi, great video very helpful but I have a question which you don't mention in the video, the ip route add command does not persist after reboot, what would be a solution for this? thanks
Thanks! Glad you liked it! To your question - it all depends on the kind of tool/service you use to manage your network configuration. If you are using: - Netplan - you just add below section to your /etc/netplan/.yml configuration file routes: - to: 10.1.0.0/24 via: 192.168.1.1 And then execute "netplan try" - "ifupdown" - you just add below to your /etc/network/interfaces up ip route add 10.1.0.0/24 via 192.168.1.1 systemctl restart networking - "Network Manager" nmcli connection show nmcli connection modify eth0 +ipv4.routes "10.1.0.0/24 192.168.1.1" nmcli connection down eth0 nmcli connection up eth0 - "SystemD-NetworkD" add below to your conf file /etc/systemd/network/eth0.network [Route] Destination=10.1.00.0/24 Gateway=192.168.1.1 systemctl restart systemd-networkd This if from the top of my head so it might not work right away :) Maybe I'll create a video comparing various networking configuration tools for Linux. Would that help?
I'm so glad I found your channel! Please keep it up! It's so much better than most other channels that don't really know much about indepth networking!
Awesome! Can't wait to see it with Cillium. With version v1.16 the BGP integration is greatly improved. Cillium even does consistent hashing with the maglev algorithm which is pretty cool.
When I try to connect my client and login with the Warp app I get a 404 Page not found error and not the page where I should fill in the email address... can you help?
Hi, This happens when you click "login to zero trust" in Preferences -> Account ? Then you do enter the team name (for example abc.cloudflareaccess.com) that you found under your web console->zero trust->settings->custom pages? And then you get 404?
@@LinuxCloudHacks correct…that’s what happened …. But after in my zero trust I changed the team name it worked….maybe my team name was already used or I don’t understand…. I now have a different problem. I have two devices a Mac and an iPhone both connected to the same WiFi network…if I enable the warp client on both devices when they are connected to the WiFi and I try to access a server on the same LAN I get a timeout error and no connection on the Mac but but it works perfectly fine on the phone under the same circumstances…