Get best of the week

Powered by ZeroTier. A practical guide to building virtual networks. Part 2

During the first five steps described in the Powered by ZeroTier article. A practical guide to building virtual networks. Part 1, we connected a virtual network of three nodes geographically distant from each other. One of which is located in the physical network, the other two - in two spaced DCs.  


This did not take much time, although each of these nodes was added to the network one at a time. But what if the ZeroTier virtual network needs to be connected not only to one, but to all nodes located in the physical network? Such a problem once confronted me when I was puzzled by the issue of organizing access from a virtual network to a network printer and router. 

I tried to use the method described above - it turned out not fast and not always easy. For example, a network printer - just do not connect. Mikrotik - ZeroTier does not support. What to do? Having googled a lot and having analyzed the hardware, I came to the conclusion that it is necessary to organize a network bridge.

Network bridge (also bridgefrom English bridge) - a network device of the second level of the OSI model, designed to combine segments (subnets) of a computer network into a single network.

I want to share the story of how I did this in this article .. 

What does it cost us to build a bridge ...


First, as an administrator, I had to decide which node on the network will act as a bridge. Having studied the options, I realized that it can be any computer device that has the ability to organize a bridge between network interfaces. It can be either a router - a device running OpenWRT or Teltonika RUT series equipment , or a regular server or computer. 

At first, I of course considered using a router with OpenWRT on board. But given the fact that the existing Mikrotik completely suits me, although it does not support integration with ZeroTier, and I really do not want to pervert and โ€œdance with a tambourine,โ€ I decided to use a computer as a network bridge. Namely, the Raspberry Pi 3 Model B is constantly connected to the physical network under the latest version of Raspbian - an operating system based on Debian Buster.

In order to be able to organize a bridge, one network interface not used by other services should be available on the device. In my case, the main Ethernet was already in use, so I organized the second. Using a USB-Ethernet adapter based on the Realtek RTL8152 chipset for this task.

After attaching the adapter to a free USB port, updating and rebooting the system:

sudo apt update && sudo apt upgrade -y
sudo reboot

I checked if the system sees a USB Ethernet adapter:

sudo lsusb

Having analyzed the data

Bus 001 Device 004: ID 0bda:8152 Realtek Semiconductor Corp. RTL8152 Fast Ethernet Adapter
Bus 001 Device 003: ID 0424:ec00 Standard Microsystems Corp. SMSC9512/9514 Fast Ethernet Adapter
Bus 001 Device 002: ID 0424:9514 Standard Microsystems Corp. SMC9514 Hub
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub

I was pleased to note that Device 004 is just my adapter.

He further specified which network interface is assigned to this adapter:

dmesg | grep 8152

[    2.400424] usb 1-1.3: New USB device found, idVendor=0bda, idProduct=8152, bcdDevice=20.00
[    6.363837] usbcore: registered new interface driver r8152
[    6.669986] r8152 1-1.3:1.0 eth1: v1.09.9
[    8.808282] r8152 1-1.3:1.0 eth1: carrier on

It turned out eth1 :) And I can already configure it and the network bridge. 

What actually I did by following the algorithm below:

  • Installed network bridge management packages:

    sudo apt-get install bridge-utils
  • Installed ZeroTier ONE:
     
    curl -s https://install.zerotier.com | sudo bash
  • Connected it to an existing ZeroTier network:

    sudo zerotier-cli join <Network ID>
  • Fulfilled the command to disable the management of IP addresses and routes ZeroTier:

    sudo zerotier-cli set <networkID> allowManaged=0

Further on your network controller:

In Networks, I clicked on detail , found and clicked on the v4AssignMode link and disabled the auto-assignment of IP addresses, unchecking the check box Auto-assign from IP Assignment Pool


After that, he authorized the plug-in node by setting the name and noting the check boxes of Authorized and Active Bridge. I did not assign an IP address.


Then he returned to configuring the network bridge on the node, for which he opened the network interface configuration file for editing through the terminal:

sudo nano /etc/network/interfaces

Where added the following lines

auto eth1
allow-hotplug eth1
iface eth1 inet manual

auto br0
allow-hotplug br0
iface br0 inet static
        address 192.168.0.10
        netmask 255.255.255.0
        network 192.168.0.0
        broadcast 192.168.0.255
        dns-nameservers 127.0.0.1
        bridge_ports eth1 ztXXXXXXXX
        bridge_fd 0
        bridge_maxage 0

Where eth1 is the connected USB Ethernet adapter to which the IP address is not assigned.
br0 - the created network bridge with the assigned permanent IP address from the address range of my physical network.
ztXXXXXXXX is the name of the ZeroTier virtual interface that it recognized by the command:

sudo ifconfig

After entering the information, I saved the configuration file and reloaded the network services with the command:

sudo /etc/init.d/networking restart

To check the operability of the bridge, I executed the command:

sudo brctl show   

According to the data - the bridge rose.

bridge name	bridge id		STP enabled	interfaces
br0		8000.00e04c360769	no		eth1
							ztXXXXXXXX

Then I switched to the network controller to set the route.

Why in the list of network nodes I clicked on the IP assignment link of the network bridge . Next, in the window that opens, clicked Managed routes. I moved to a new page, where I indicated 0.0.0.0/0 as Target , and the IP address of the network bridge from the address range of the organizationโ€™s network as defined earlier as Gateway . In my case, 192.168.0.10


He confirmed the entered data and began to check the network connectivity of the nodes, ping the node in the virtual network from the physical network node and vice versa.

That's all!


I, however, unlike the prototype from which the screenshots were taken, the IP addresses of the nodes of the virtual network from the same range as the IP addresses of the nodes in the physical. When bridging networks, this model is possible, the main thing is that they do not overlap with addresses distributed by the DHCP server.

I will not separately discuss this article about setting up a network bridge on the node side running MS Windows and other Linux distributions in this article - the Internet is full of materials on this topic. As for the settings on the side of the network controller - it is identical to the above.

I just want to note that Raspberry PI is a budgetary and convenient tool for combining networks with ZeroTier, and not only as a stationary solution. For example, outsourcers can use a pre-configured network bridge based on the Raspberry PI to quickly combine the physical network of the served client with the virtual ones based on ZeroTier.

On this let me finish this part of the story. I am waiting for questions, feedback and comments - for it is on their basis that I will build the content of the next article. In the meantime, I suggest you try to organize your own virtual network using a private network controller with a VDS-based GUI from the marketplace on the RUVDS website . Moreover, a free trial period of 3 days is valid for all new customers!

->Introduction Theoretical part. Intelligent Ethernet Switch for Planet Earth
-> Practical Guide for Building Virtual Networks. Part 1
-> Practical Guide for the Construction of Virtual Networks. Part 2

More articles:


All Articles