Any concept of routing via nodes?

[bodleytunes]

Hi!
Great project! I'm currently testing this against Zerotier, they seem quite similar but ZeroTier also has the concept of advertising routes down to the nodes via the controller (a similar setup would be from the lighthouse server).

Just wondering if there was any scope for adding the ability to advertise routes via individual nodes so in essence on the lighthouse server you could add a field to say that 10.10.0.0/16 should be known via node10, 10.20.0.0/16 is via node20, so similar to how a route reflector tells nodes how to route to each other directly.

I can achieve the same effect manually running route reflectors/route servers, but its nice in zerotier the way you can do it all from the interface and can do away with BGP.

Cheers :)
Jon.

[rawdigits]

Or, hot off the presses, given issues like https://seclists.org/oss-sec/2019/q4/122 - perhaps we should consider never allowing routing of traffic destined for non-nebula IPs through nebula.

[bodleytunes]

Or give the ability to switch it on and off as some people like to route traffic through VPN overlays.

At the moment I'm just using an ebgp routeserver and FRR but would be good to be able to negate having to use BGP at all and have routing built in.

Cheers!
Jon.

[rawdigits]

Okay, I wanted this too, so I spent the day and have a working patch. Def experimental, but I'll link this issue once I make it a proper PR.

Plan is to leave it behind a config option that you explicitly need to enable. By default you won't be able to route traffic via nebula even if the certificate has a valid set of subnets defined. Will document and make clear that this is not as good as running nebula on all hosts, but I understand why folks might want it.