During the first five steps described in the article we connected three geographically distant nodes with a virtual network. One of which is located in the physical network, the other two - in two separated DCs.
It did not take long, although each of these nodes was added to the network one by one. But what if you need to connect not one, but all nodes in the physical network to the ZeroTier virtual network? Such a task once stood before me when I was puzzled by the issue of organizing access from a virtual network to a network printer and router.
I tried to use the method described above - it turned out not quickly and not everywhere simply. For example, a network printer - you just can’t connect it like that. Mikrotik - ZeroTier does not support. What to do? After googling a lot and analyzing the materiel, I came to the conclusion that it is necessary to organize a network bridge.
network bridge (Also bridge from English. bridge) is a network device of the second level of the OSI model, designed to combine segments (subnets) of a computer network into a single network.
The story of how I did it is what I want to share in this article..
What does it cost us to build a bridge ...
To begin with, as an administrator, I had to decide which node in the network would act as a bridge. Having studied the options, I realized that it could be any computer device that has the ability to organize a bridge between network interfaces. It can become like a router - a device or , and a regular server or computer.
Initially, I certainly considered using a router with OpenWRT on board. But given the fact that the existing Mikrotik suits me completely, although it does not support integration with ZeroTier, and I really don’t want to pervert and “dance with a tambourine”, I decided to use a computer as a network bridge. Namely, a Raspberry Pi 3 Model B permanently connected to a physical network running the latest version of Raspbian, an OS based on Debian Buster.
To be able to organize a bridge, one network interface that is not used by other services must be available on the device. In my case, the main Ethernet was already in use, so I organized a second one. Using for this task a USB-Ethernet adapter based on the RTL8152 chipset from Realtek.
After connecting the adapter to a free USB port, updating and rebooting the system:
sudo apt update && sudo apt upgrade -y
sudo rebootI checked if the system sees the USB Ethernet adapter:
sudo lsusbAfter analyzing the received data
Bus 001 Device 004: ID 0bda:8152 Realtek Semiconductor Corp. RTL8152 Fast Ethernet Adapter
Bus 001 Device 003: ID 0424:ec00 Standard Microsystems Corp. SMSC9512/9514 Fast Ethernet Adapter
Bus 001 Device 002: ID 0424:9514 Standard Microsystems Corp. SMC9514 Hub
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hubI was pleased to note that Device 004 is just my adapter.
Further clarified which network interface is assigned to this adapter:
dmesg | grep 8152[ 2.400424] usb 1-1.3: New USB device found, idVendor=0bda, idProduct=8152, bcdDevice=20.00
[ 6.363837] usbcore: registered new interface driver r8152
[ 6.669986] r8152 1-1.3:1.0 eth1: v1.09.9
[ 8.808282] r8152 1-1.3:1.0 eth1: carrier onIt turned out eth1 🙂 And I can already configure it and the network bridge.
What actually I did following the algorithm below:
- Installed network bridge management packages:
sudo apt-get install bridge-utils - ZeroTier ONE:
curl -s https://install.zerotier.com | sudo bash - it to the existing ZeroTier network:
sudo zerotier-cli join <Network ID> - Executed the command to disable the management of ZeroTier IP addresses and routes:
sudo zerotier-cli set <networkID> allowManaged=0
Next on your network controller:
В Networks clicked on detail, found and followed the link v4AssignMode and disabled auto-assignment of IP addresses by unchecking the checkbox Auto-assign from IP Assignment Pool
After that, I authorized the connected node by setting the name and checking the checkboxes authorized и Active Bridge. I didn't assign an IP address.
Then he returned to configuring the network bridge on the node, for which he opened the network interface configuration file for editing through the terminal:
sudo nano /etc/network/interfacesWhere did I add the following lines
auto eth1
allow-hotplug eth1
iface eth1 inet manual
auto br0
allow-hotplug br0
iface br0 inet static
address 192.168.0.10
netmask 255.255.255.0
gateway 192.168.0.1
network 192.168.0.0
broadcast 192.168.0.255
dns-nameservers 127.0.0.1
bridge_ports eth1 ztXXXXXXXX
bridge_fd 0
bridge_maxage 0
Where eth1 — a connected USB Ethernet adapter that has not been assigned an IP address.
br0- a network bridge to be created with a permanent IP address assigned from the address range of my physical network.
ztXXXXXXXX — the name of the ZeroTier virtual interface, which was recognized by the command:
sudo ifconfigAfter entering the information, I saved the configuration file and reloaded the network services with the command:
sudo /etc/init.d/networking restartTo check the functionality of the bridge, I ran the command:
sudo brctl show According to the data received, the bridge has risen.
bridge name bridge id STP enabled interfaces
br0 8000.00e04c360769 no eth1
ztXXXXXXXXThen I switched to the network controller to set the route.
Why did you follow the link in the list of hosts IP assignment network bridge. Next, in the window that opens, click managed routes. Moved to a new page, where as Target indicated 0.0.0.0 / 0, but as Gateway — The IP address of the network bridge from the address range of the organization's network, which was set earlier. In my case 192.168.0.10
He confirmed the entered data and began to check the network connectivity of the nodes, ping the node in the virtual network from the physical network node and vice versa.
That's actually all!
However, unlike the prototype from which the screenshots were taken, I have the IP addresses of the virtual network nodes from the same range as the IP addresses of the nodes in the physical one. When networks are bridged, this model is possible, the main thing is that they do not intersect with the addresses distributed by the DHCP server.
I won’t talk about setting up a network bridge on the side of a host running MS Windows and other Linux distributions in this article - the Internet is full of materials on this topic. As for the settings on the side of the network controller, it is identical to the one described above.
I just want to note that Raspberry PI is a budget and convenient tool for connecting networks with ZeroTier, and not only as a stationary solution. For example, outsourcers can use a pre-configured network bridge based on Raspberry PI to quickly connect the client's physical network with ZeroTier-based virtual ones.
With that, let me end this part of the story. I look forward to questions, responses and comments - because it is on their basis that I will build the content of the next article. In the meantime, I suggest you try organizing your own virtual network using a private network controller with a GUI based on VDS from the marketplace on RUVDS. Moreover, for all new customers there is a free trial period - 3 days!
->
->
->
Source: habr.com