Open source multipoint VPN with VyOS
Connected Mesh
Graphical Interface?
The chances for a VyOS web interface are low. Brocade does offer a Vyatta web UI for paying customers, and Ubiquiti ships its EdgeOS with a wonderful web-based interface that includes most areas of configuration; however, it binds the web UI to their own hardware by license.
From a technical perspective, a browser front end can communicate through web sockets with the back end (Ubiquiti EdgeRouter). The daemon /usr/sbin/ubnt-util receives the queries and performs the reconfiguration. Unfortunately, this Ubiquiti element is closed source. The software is a MIPS64 binary, which won't run on Intel architecture without an emulator and many dirty tricks.
Conclusions
When the number of remote offices grow faster than the IT team can set them up, it is time for a dynamic VPN mesh. Dynamic multipoint VPN is Cisco's all-purpose solution for scalability in VPN clouds that allows every participating router to establish a direct connection to every other router without additional configuration. This solution truly saves setup effort and reduces delay times.
The free VyOS Linux distribution offers all the required protocols needed to create a new DMVPN landscape or to extend the existing Cisco world. VyOS does a pretty good job at hiding the many complicated Linux tools and routing daemons behind well-know CLI commands. Before deploying, however, pay attention to the limitations that crop up when playing together with Cisco, IPv6, or network address translation. Finally, your DMVPN can reside on hardware or a virtual infrastructure.
Infos
- RFC 2332: NBMA Next Hop Resolution Protocol: https://tools.ietf.org/html/rfc2332
- OpenNHRP: https://sourceforge.net/projects/opennhrp/
- VyOS: https://vyos.io/
- WANem: http://wanem.sourceforge.net/
- apu1d by PC Engines: http://www.pcengines.ch/apu1d.htm
- Forwarding performance lab of a PC Engines APU: http://bsdrp.net/documentation/examples/forwarding_performance_lab_of_a_pc_engines_apu
- RFC 7868: Cisco's Enhanced Interior Gateway Routing Protocol: https://datatracker.ietf.org/doc/rfc7868/
- Encapsulation overhead calculator: http://baturin.org/tools/encapcalc/
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
US / Canada
UK / Australia
Related content
-
Routing with Quagga
Cisco and Juniper have implemented routing protocols to help your router find the optimum path. On Linux, you can use software like Quagga, with its Zebra daemon, to help automate this process.
-
Flexible software routing with open source FRR
The FRR open routing stack can be integrated into many networks because it supports a large number of routing protocols, though its strong dependence on the underlying kernel means it requires some manual configuration. -
IPv6 tunnel technologies
Now that IPv6 is the official Internet protocol, all that remains is the simple task of migrating all the machines on the Internet. Until that happens, tunnel technologies provide an interim solution. -
GENEVE network tunneling protocol
LAN data transmission has evolved from the original IEEE 802.3 standard to virtual extensible LAN (VXLAN) technology and finally to today's Generic Network Virtualization Encapsulation (GENEVE) tunneling protocol, which offers improved flexibility and scalability, although it still faces some issues. We look at the three technologies and their areas of application. -
Border Gateway Protocol
We look at the Border Gateway Protocol, how it routes packets through the Internet, its weaknesses, and some hardening strategies.